From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 0950F3858CDB for ; Sun, 4 Feb 2024 20:31:29 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 0950F3858CDB Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 0950F3858CDB Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=45.83.234.184 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707078692; cv=none; b=J45uxvcgj5deTAdKgrYG9dw6S/MeQwsAW+P9f/p44hkdlU4p3IZp9OUflmNVHgp77wzPD0t4FvJQGYOWhGp3fue42In+KN6b9Z7QxEJd+b+0vjzyP3sdB8oU8HyBt/xVv8fyaEB4y7R1A8H2WAhtqw7xZiIBjf7d2bnSZ5hTFHs= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707078692; c=relaxed/simple; bh=EIf/dKHeJcRKhlCpc7Wzk3noroaYzS+Mpl8+4JCEpxM=; h=Date:From:To:Subject:Message-ID:MIME-Version; b=AS7hRZ8RHRM/NwseZKw0T0t8kXEuzubGnIYyRR5rBWnVS2w6/nnG5B8VIZ0RRaDKs6Qs2GHvL8mi2iq+nMVXViignsi2knaKtSSK5+y6PRt0miJ6SKMcXbengH2R+KTVgOo3iOUr+yLnjHWl8pB1hakTyREF1XcMawdS7GNJEfE= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by gnu.wildebeest.org (Postfix, from userid 1000) id ABDE33031F89; Sun, 4 Feb 2024 21:31:26 +0100 (CET) Date: Sun, 4 Feb 2024 21:31:26 +0100 From: Mark Wielaard To: "Frank Ch. Eigler via Overseers" Cc: "Frank Ch. Eigler" , Jason Merrill Subject: Re: Bad server host key: Invalid key length Message-ID: <20240204203126.GK1583@gnu.wildebeest.org> References: <0840A107-591F-4BF6-92FB-99C276845D4B@elastic.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <0840A107-591F-4BF6-92FB-99C276845D4B@elastic.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi, On Sun, Feb 04, 2024 at 09:20:33PM +0100, Frank Ch. Eigler via Overseers wrote: > > > I just upgraded my laptop to Fedora 39 CSB, and now ssh to sourceware is > > rejected with the above error message thanks to the Fedora crypto-policies > > openssh.config. I can work around this easily enough by setting > > RequiredRSASize to 1024 in my .ssh/config, but surely I'm not the first to > > run into this? > > You may be the second. Nuke all the sourceware references in your .ssh/known_hosts and try again. Yeah, this is a misleading ssh client warning/error: https://inbox.sourceware.org/20230308105633.GI22818@gnu.wildebeest.org/ = openssh update produces misleading invalid key length warning Connecting to sourceware through ssh with a newer openssh or crypto policy might produce a misleading warning about the key length being too short: Bad server host key: Invalid key length Please don't try to replace your ssh key, there is nothing wrong with it. The issue is that you might have an old server key in your ~/.ssh/known_hosts file. Simply remove it and reconnect to get the new server key: ssh-keygen -R sourceware.org ssh-keygen -R cygwin.com ssh-keygen -R gcc.gnu.org See also https://bugzilla.redhat.com/show_bug.cgi?id=2164016