Bug 1890179

Summary: SSH Fails to connect to Amazon AWS after update to F33
Product: [Fedora] Fedora Reporter: TR Bentley <home>
Component: opensshAssignee: Jakub Jelen <jjelen>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 33CC: crypto-team, dwalsh, jjelen, lkundrak, mattias.ellert, plautrba, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-21 18:13:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description TR Bentley 2020-10-21 15:20:56 UTC 
Description of problem:

debug1: Server host key: ssh-rsa SHA256:tKjRkOL8dmJyTmSbeSdN1S8F/f0iql3RlvqgTOP1UyQ
debug1: Host 'git-codecommit.eu-west-1.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /home/tim/.ssh/known_hosts:68
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/tim/.ssh/id_rsa_aws_trinity RSA SHA256:<key_id> explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/tim/.ssh/id_rsa_aws_trinity RSA SHA256:<key_id> explicit
debug1: send_pubkey_test: no mutual signature algorithm
debug1: No more authentication methods to try.
<user_id>@git-codecommit.eu-west-1.amazonaws.com: Permission denied (publickey).




Version-Release number of selected component (if applicable):


How reproducible:  All the time on a number of GIT repositories.


Steps to Reproduce:
1.  Try to run git pull with a SSH connected repository
2.
3.

Actual results:  Permission denied (publickey)


Expected results: a Git Pull


Additional info:
Comment 1 TR Bentley 2020-10-21 15:24:36 UTC 
Sorry for the multiple edits but Bugzilla crashes on screen saves\!
Comment 2 Tomas Mraz 2020-10-21 16:49:35 UTC 
The server probably does not support SHA2 signatures. You'll have to switch to LEGACY policy.

update-crypto-policies --set LEGACY
Comment 3 TR Bentley 2020-10-21 18:13:26 UTC 
Thanks works a treat.
Comment 4 Jakub Jelen 2020-10-21 20:11:45 UTC 
Related bug, assuming aws is using debian-derivative: https://bugzilla.redhat.com/show_bug.cgi?id=1881301
Comment 5 TR Bentley 2020-10-21 21:10:48 UTC 
It would seem so and this is using AWS supported services so could impact a number of people.
Comment 6 Mattias Ellert 2020-10-29 15:08:04 UTC 
*** Bug 1890176 has been marked as a duplicate of this bug. ***