Fedora 33 breaks ssh with gitlab
PubkeyAcceptedKeyTypes +ssh-rsa to your gitlab entry on
Fedora introduced new crypto policies with their latest version. These new policies will add better security to your environment. Hoever, this changes can break your ssh access to certain servers, which happened to me with gitlab.
$ git pull email@example.com: Permission denied (publickey,keyboard-interactive). fatal: Could not read from remote repository.
You can update the remote server to the latest version, which hopefully support newer algorithms. The list of algorithms supported in Fedora 33 is shorter than the previous versions. You can verify that here:
/etc/crypto-policies/back-ends/openssh.config. But usually, that's something you can't do with third party services like github or gitlab.
The easy solution
If you don't have control over the server, then you can simply lower the security a little so you can continue working normally.
gitlab.com PubkeyAcceptedKeyTypes +ssh-rsa
In 50 years when all the new policies are adopted globally, you can regenerate your keys and remove that line.
The better solution
Create new keys. Make sure you use the
ed25519 algorithm (or one supported in
/etc/crypto-policies/back-ends/openssh.config). This way you will have a secure and future proof system... until the next policy upgrade, at least. Here is how:
ssh-keygen -t ed25519 -a 64
Then add your public key to the
authorized_keys file in the server as you would normally do.
- Dev.to article
- The twitt that made me aware of the issue.