Project

General

Profile

Bug #2440

SSH public key auth broken with Fedora 33

Added by bigfoot65 25 days ago. Updated 24 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
10/31/2020
Due date:
% Done:

0%


Description

New crypto settings in Fedora 33 breaks current public key authentication:

https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2

The proposed fix for now is:

sudo update-crypto-policies --set LEGACY

History

#1 Updated by cpg 24 days ago

  • Status changed from New to Feedback

I re-entered my public key and all worked well as it did before after an upgrade. Also, before re-entering my public key it also worked.

That said, my HDA is an F33 system that comes from a string of OS upgrades, so it's not a clean install.

We'd have to test with a clean install. I do suspect that it may not affect us much.

For one thing, it's mostly about connecting to "legacy (TLS1.0, TLS1.1) servers" which we do not directly support. Users can add a cert, etc., but it may just mean that newer stacks are requires and most browsers have them, so it may not impact a lot.

The other thing is ssh access. In general, we have been using newer or more advanced "curves" for sshd in the Amahi servers that provide online services for Amahi users and it has not been a real problem.

That said, we have to check on a clean install, especially if we want to support Let's Encrypt certs, which, now that they support wildcard certs, is much easier than a little while ago.

Also available in: Atom