On Wed, 28 Sep 2022 16:36:52 -0000 "Carlos Martinez" <jcmartinez2129@xxxxxxxxx> wrote: > After updating to Fedora 37 beta, I was not able to login to a device > that uses rsa to authenticate anymore. > > The message shown is: "Bad server host key: Invalid key length" [snip] debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-256 debug1: kex: server->client cipher: chacha20-poly1305@xxxxxxxxxxx MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@xxxxxxxxxxx MAC: <implicit> compression: none debug1: kex: curve25519-sha256 need=64 dh_need=64 debug1: kex: curve25519-sha256 need=64 dh_need=64 debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: SSH2_MSG_KEX_ECDH_REPLY received Bad server host key: Invalid key length debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-256 debug1: kex: server->client cipher: chacha20-poly1305@xxxxxxxxxxx MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@xxxxxxxxxxx MAC: <implicit> compression: none debug1: kex: curve25519-sha256 need=64 dh_need=64 debug1: kex: curve25519-sha256 need=64 dh_need=64 debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: SSH2_MSG_KEX_ECDH_REPLY received This is the critical bit. It looks like a difference in enforcement of rsa key lengths. Here is an old link that had the same error, though the size is probably out of date. https://stackoverflow.com/questions/48055006/ssh-add-invalid-key-length I'm guessing that Fedora increased the minimum size of RSA keys in F37. Is it possible to generate a longer key pair? I don't think there is an alternative other than recompiling openssh as the third response to the answer suggests (with a corresponding loss of security). _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
