On Fri, Jul 14, 2023 at 11:23 AM Walter H. via users < users@lists.fedoraproject.org> wrote:
> Hello, > > I've got a Win10 box und a Fedora VM > > both are latest updates / release [Win10 22H2 19045.3086 and Fedora 38] > > I was used to connect to the Fedora VM from the Win10 box > > - with the OpenSSH commands, that are nativly available in Windows > - with WinSCP > - or the ssh commands inside the WSL [Debian Distribution] > > some time ago I noticed that the used keys from the WSL don't work any > more; > > I added this inside the Fedora in the sshd_config > > HostKeyAlgorithms +ssh-rsa > > PubkeyAcceptedKeyTypes ssh-rsa > > then the login using the keys from WSL were working again; > > but why didn't this help to login using the keys via the Win 10 OpenSSH > commands; > > there I had to create new keys > > ssh-keygen -t ed25519 > > and then to modify the above addings like this: > > HostKeyAlgorithms +ssh-rsa,ssh-ed25519 > > PubkeyAcceptedKeyTypes ssh-rsa,ssh-ed25519 > > the same with WinSCP, there I had to gernerate a new key, too; > > the used ssh-rsa keys are refused, even from WSL they work; > > a bit confusing/strange; > See: < https://venafi.com/blog/best-practices-ssh-key-management-what-are-your-ssh-security-risks/ > More recent ssh versions will use defaults chosen for the current risk environment, so key types and other defaults change over time. It would be unusual for WSL to be accessible from arbitrary internet sites, but that is in scope for Fedora, so you would expect Fedora defaults that increase security even if that is nor compatible with some other distributions running in WSL.
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
