Re: ssh rsa key - Bad server host key: Invalid key length

František Šumšal Thu, 29 Sep 2022 15:34:04 -0700

On 9/28/22 18:36, Carlos Martinez wrote:

After updating to Fedora 37 beta, I was not able to login to a device that uses 
rsa to authenticate anymore.


The message shown is: "Bad server host key: Invalid key length"


My wild guess would be this commit [0] fom the crypto-policies package 
requiring at least 2048-bit RSA key:

# grep RSAMinSize /etc/crypto-policies/back-ends/*
/etc/crypto-policies/back-ends/openssh.config:RSAMinSize 2048
/etc/crypto-policies/back-ends/opensshserver.config:RSAMinSize 2048

# rpm -q crypto-policies
crypto-policies-20220815-1.gite4ed860.fc37.noarch

Given that the remote side appears to use dropbear (so it might be some smaller 
embedded system), I suspect
the key might be smaller than 2048-bits.

Check if you can connect to the remote side with the LEGACY policy:

# update-crypto-policies --set LEGACY
# ssh ...

[0] 
https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/commit/e4ed8604ba69650f002229e29b7ca54768cafef5

--
Frantisek Sumsal
GPG key ID: 0xFB738CE27B634E4B
_______________________________________________
test mailing list -- test@lists.fedoraproject.org
To unsubscribe send an email to test-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/test@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: ssh rsa key - Bad server host key: Invalid key length

Reply via email to