On Sunday, September 20, 2020 8:52:21 PM CEST Kevin Fenzi wrote:
> On Sun, Sep 20, 2020 at 07:11:29PM +0200, Pavel Raiskup wrote:
> > After upgrade of one of my servers to F33, I noticed that I can not ssh to
> > one of my other servers running Debian 9 system (relatively freshly EOLed,
> > I need to do something about it).  On F33 I always need to:
> >
> >      $ ssh -oPubkeyAcceptedKeyTypes=+ssh-rsa user@debian-9-host
> >
> > The changes in Fedora packages led me to:
> >
> >     https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/commit/b298a9e1
> >
> > Which led me to:
> >
> >     https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
> >
> > I'm curious about the effects of the change.  It claims that RSA 2048 >= should
> > stay accepted by DEFAULT, and from what I can tell the host server key seems to
> > be RSA 2048 (at least that's what is generated by default on Debian 9):
> >
> >     $ ssh-keygen -l -f ssh_host_rsa_key.pub
> >     2048 SHA256:<...> root@debian-9-host (RSA)
> >
> > Can anyone translate to me if this is really expected or a bug?  Effect is that
> > Fedora 33 clients can not ssh to Debian 9 hosts by default (I'm not sure about
> > the supported Debian 10, and the key quality there).
>
> I thought this was actually due to openssh dropping support for
> 'ssh-rsa':
>
> https://www.openssh.com/txt/release-8.3
>
> (ie, the sha-1 ssh-rsa)

Well, I did:

    $ cd /etc/ssh
    $ rm ssh_host*
    $ ssh-keygen -N "" -t rsa-sha2-512 -b 4096 -f /etc/ssh/ssh_host_rsa_key
    $ dpkg-reconfigure openssh-server
    ... generates the remaining ECDSA and ED25519 ...

New host signature detected, but I still get on F33 when trying to ssh:

    $ ssh -vv ...
    debug1: Offering public key: /home/praiskup/.ssh/id_rsa RSA SHA256:...
    debug1: send_pubkey_test: no mutual signature algorithm
    ...

And still -oPubkeyAcceptedKeyTypes=+ssh-rsa helps...  Does that meant that the
ssh-keygen on Debian 9 is broken?  How am I able to tell this is server or
client problem?

Pavel