Intro
Last week I updated my machine with Fedora 32 to the latest Fedora 33 release. After that I tried to fetch one of my project over SSH and saw the following:
</path/to/project> $ git fetch --all
Fetching origin
<project>@vs-ssh.visualstudio.com's password:
I missed SSH Public Key auth after upgrading to Fedora 33. The reason why it happended was updated crypto settings.
Fixing the issue
The very first option is to switch back to LEGACY
policy level (may require root
access):
$ update-crypto-policies --set LEGACY
That looks like a potential security risks though.
Another option that I personally ended up with was adding a line in my .ssh/config
file:
- before edit:
Host vs-ssh.visualstudio.com
Hostname vs-ssh.visualstudio.com
IdentityFile <key/file/path>
StrictHostKeyChecking no
- after edit:
Host vs-ssh.visualstudio.com
Hostname vs-ssh.visualstudio.com
IdentityFile <key/file/path>
StrictHostKeyChecking no
PubkeyAcceptedKeyTypes +ssh-dss-cert-v01@openssh.com
For further analysis of what has been changed in SSH policies in Fedora 33 you may take a look to those files:
/usr/share/crypto-policies/DEFAULT/openssh.txt
- default policies/usr/share/crypto-policies/LEGACY/openssh.txt
- legacy policies