nelgin wrote to All <=-
Just a heads up that if you have users that are trying to use recent version of Fedora, at least 38 and also confirmed on 40, they will not
be able to connect using ssh and the default settings.
There's an /etc/ssh/ssh_config.d/50-redhat.conf file which includes
some policy file that changes a number of defaults.
This results in "Invalid key length" when someone tries to ssh to your board.
I filed a bug report and assigned it to Deuce since he did all the ssh stuff but he unassigned it so I guess we're fucked.
One work around is to use
ssh -oRequiredRSASize=1024 user@host
But...since they cannot connect, you can't tell you user that.
The fix would be for synchronet to generate 2048 byte host keys but the looks of things. Good luck.
nelgin wrote to All <=-
I filed a bug report and assigned it to Deuce since he did all the ssh stuff but he unassigned it so I guess we're fucked.
Seems like a Fedora issue to me. Maybe they can fix/change their
"policy file".
But...since they cannot connect, you can't tell you user that.
They can connect via telnet, or web.
The fix would be for synchronet to generate 2048 byte host keys but the looks of things. Good luck.
Not sure, but would that break the SSH function for everything else?
Ltning wrote to Gamgee <=-
RE: Fedora issues
BY: Gamgee to nelgin on Sun Oct 20 2024 07:54:00
nelgin wrote to All <=-
I filed a bug report and assigned it to Deuce since he did all the ssh stuff but he unassigned it so I guess we're fucked.
Seems like a Fedora issue to me. Maybe they can fix/change their
"policy file".
Not really. A 1024 bit host key is a bit on the weak side; it's not unreasonable for them to choose a stricter default. This is about which key lengths the client expects to see the server present, which
translates to how likely it is that the server i
But...since they cannot connect, you can't tell you user that.
They can connect via telnet, or web.
But you can't tell them that either :)
The fix would be for synchronet to generate 2048 byte host keys but the looks of things. Good luck.
Not sure, but would that break the SSH function for everything else?
No it won't, unless you're using SSH for DOS which doesn't support any
of the other crypto in any OpenSSH server since 2004 anyway. It would
be sane and recommended to up the default key length for host keys to
2048 bits, and perhaps create an ed25519
Sysop: | Fercho |
---|---|
Lugar: | La Plata, Buenos Aires |
Usuarios: | 33 |
Nodos: | 10 (0 / 10) |
Uptime: | 33:24:37 |
Llamadas: | 118 |
Archivoss: | 15,607 |
Mensajes: | 33,523 |