Bug 2130155

Summary: Unable to push changes to Qt gerrit instance
Product: [Fedora] Fedora Reporter: Jan Grulich <jgrulich>
Component: opensshAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 37CC: crypto-team, dbelyavs, dwalsh, jjelen, lkundrak, mattias.ellert, ssorce, tm
Target Milestone: ---Keywords: Triaged
Target Release: ---Flags: fedora-admin-xmlrpc: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-09-29 08:57:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Debug log none

Description Jan Grulich 2022-09-27 10:47:43 UTC 
Created attachment 1914572 [details]
Debug log

Description of problem:
Submitting a change to Qt gerrit instance with current openssh (+crypto-policies) will end up rejected with:

>Bad server host key: Invalid key length
>fatal: Could not read from remote repository.

>Please make sure you have the correct access rights
>and the repository exists.

Version-Release number of selected component (if applicable):
openssh-8.8p1-6.fc37
crypto-policies-20220815-1.gite4ed860.fc37


Additional info:
Downgrading to openssh-8.8p1-3.fc37.x86_64 and crypto-policies-20220428-2.gitdfb10ea.fc37.noarch makes it work. It's hard to say what package is responsible as they depend on each other and it's not possible to downgrade only openssh without also downgrading crypto-policies.

Attaching log from the communication.
Comment 1 Simo Sorce 2022-09-27 12:53:01 UTC 
Probably duplicate of #2127765
Comment 2 Dmitry Belyavskiy 2022-09-29 08:57:26 UTC 
If you or server use RSA key shorter than 2048 bits, it is rejected. Such keys can't be considered secure enough nowadays so please replace it with a longer key.

The behavior is intended so closing WONTFIX, some more details are in https://bugzilla.redhat.com/show_bug.cgi?id=2127765