Fedora and sftp key upgrades?
Posted: Tue Mar 16, 2021 12:13 am
Fedora 33 has released a stricter policy on strong key encryption. I guess this will soon be followed by other distros. It results in the following host error message when trying to use andftp to upload to a fedora 33 system:
Thanks
Bob
Unable to negotiate with <omitted for privacy>: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]
- Is there any way to get andftp to use more secure keys so that it can play with an unmodified Fedora 33?
- If not, is there a plan to upgrade the available encryption (since I can easily modify the phone, there's no problem for me if this isn't the default setting)?
- Keep only TLS 1.2 (and TLS 1.3 when available) as enabled protocols and move the TLS 1.x, x<=1 to legacy level.
- Require finite field parameters (RSA, Diffie-Hellman) of 2048 and more in the default settings
- Disable SHA1 support for use in signatures (X.509 certificates, TLS, IPSEC handshakes)
Thanks
Bob