On 9/20/20 10:11 AM, Pavel Raiskup wrote:
I'm curious about the effects of the change. It claims that RSA 2048 >= should stay accepted by DEFAULT, and from what I can tell the host server key seems to be RSA 2048 (at least that's what is generated by default on Debian 9):$ ssh-keygen -l -f ssh_host_rsa_key.pub 2048 SHA256:<...> root@debian-9-host (RSA)
Sure, but the PubkeyAcceptedKeyTypes doesn't influence acceptable server host keys (and if it did, the client should simply use another one of the server's keys). PubkeyAcceptedKeyTypes influences what key types the client will try to use for authentication.
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
