On 9/28/22 18:36, Carlos Martinez wrote:
After updating to Fedora 37 beta, I was not able to login to a device that uses rsa to authenticate anymore. The message shown is: "Bad server host key: Invalid key length"
My wild guess would be this commit [0] fom the crypto-policies package requiring at least 2048-bit RSA key: # grep RSAMinSize /etc/crypto-policies/back-ends/* /etc/crypto-policies/back-ends/openssh.config:RSAMinSize 2048 /etc/crypto-policies/back-ends/opensshserver.config:RSAMinSize 2048 # rpm -q crypto-policies crypto-policies-20220815-1.gite4ed860.fc37.noarch Given that the remote side appears to use dropbear (so it might be some smaller embedded system), I suspect the key might be smaller than 2048-bits. Check if you can connect to the remote side with the LEGACY policy: # update-crypto-policies --set LEGACY # ssh ... [0] https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/commit/e4ed8604ba69650f002229e29b7ca54768cafef5 -- Frantisek Sumsal GPG key ID: 0xFB738CE27B634E4B _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
