On Tue, Sep 22, 2020 at 8:40 AM Pavel Raiskup <praiskup(a)redhat.com> wrote:
> I hit that two week ago for bitbucket and other servers. In my
case I got it
> connecting to lyx git server. At the time I wrote about it in the fedora-test
> mailing list.
>
> My workaround solution was to add to ~/.ssh/config
>
> Host *
> PubkeyAcceptedKeyTypes +rsa-sha2-256,rsa-sha2-512
Tomáš, is this an expected feature or a bug in F33? What are servers like
BitBucket expected to do to comply with F33 clients?
Yes it is a feature of Fedora 33. It requires services to use better
algorithms than SHA-1 which is considered broken today. This is
described in the changes that Tomas is driving at:
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
In this particular case I believe you have identified a bug in
bitbucket's ssh setup. They are using old SSH infrastructure that can
only do SHA-1. You may want to contact them about this.
regards,
Nikos