On 9/28/22 18:36, Carlos Martinez wrote:
After updating to Fedora 37 beta, I was not able to login to a device that uses rsa to authenticate anymore.
The message shown is: "Bad server host key: Invalid key length"
My wild guess would be this commit [0] fom the crypto-policies package requiring at least 2048-bit RSA key:
# grep RSAMinSize /etc/crypto-policies/back-ends/* /etc/crypto-policies/back-ends/openssh.config:RSAMinSize 2048 /etc/crypto-policies/back-ends/opensshserver.config:RSAMinSize 2048
# rpm -q crypto-policies crypto-policies-20220815-1.gite4ed860.fc37.noarch
Given that the remote side appears to use dropbear (so it might be some smaller embedded system), I suspect the key might be smaller than 2048-bits.
Check if you can connect to the remote side with the LEGACY policy:
# update-crypto-policies --set LEGACY # ssh ...
[0] https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/commit/e4ed8604ba6...