Re: ssh to gnu fails after F33 update
On 10/21/20 5:51 PM, Per Bothner wrote:
I was able to get things working again by adding this line to the
Host *.gnu.org section of ~/.ssh/config
PubkeyAcceptedKeyTypes +rsa-sha2-256,rsa-sha2-512
"rsa-sha2-256,rsa-sha2-51" are already part of the Fedora 33 crypto
policy. This configuration works (as I understand it) because the '+'
value adds key types to the default set, rather than the local policy.
The effect is that the configuration above downgrades the crypto policy
so that it includes 'ssh-rsa' again, and that's the key type that ends
up used with OpenSSH 7.4 servers.