jjelen reported a new issue against the project: `releng` that you are following:
``
Recently, the RSA host key of "pkgs.fedoraproject.org" was signed using
`ssh-ed25519` key (can't see any announcement about that), which is not recognized by
old RHEL6 machines, which makes the dist-git inaccessible from this system (without a
workaround `-o HostKeyAlgorithms=ssh-rsa`).
Per discussion in OpenSSH upstream, there is no simple solution how to make it working in
old RHEL6 nor how to fix that in upstream/RHEL7. The easiest way would be not to use CA
based on the ED25519 keys yet if we aim for compatibility with RHEL6 (which I believe we
do).
The server can offer different keys so I would suggest to create
* rsa keys signed by rsa certificate authority for legacy deployments
* ed25519 key signed by ed25519 certificate authority for current
This will make it work for old systems and the new ones will be using future-proof
algorithsm (for the price of maintaining two CA keys and host keys).
The related bug report, that I am going to close:
https://bugzilla.redhat.com/show_bug.cgi?id=1450609
``
To reply, visit the link below or just reply to this email
https://pagure.io/releng/issue/6798