Learn more about these different git repos.
Other Git URLs
Recently, the RSA host key of "pkgs.fedoraproject.org" was signed using ssh-ed25519 key (can't see any announcement about that), which is not recognized by old RHEL6 machines, which makes the dist-git inaccessible from this system (without a workaround -o HostKeyAlgorithms=ssh-rsa).
ssh-ed25519
-o HostKeyAlgorithms=ssh-rsa
Per discussion in OpenSSH upstream, there is no simple solution how to make it working in old RHEL6 nor how to fix that in upstream/RHEL7. The easiest way would be not to use CA based on the ED25519 keys yet if we aim for compatibility with RHEL6 (which I believe we do).
The server can offer different keys so I would suggest to create
This will make it work for old systems and the new ones will be using future-proof algorithsm (for the price of maintaining two CA keys and host keys).
The related bug report, that I am going to close: https://bugzilla.redhat.com/show_bug.cgi?id=1450609
Metadata Update from @ausil: - Issue assigned to puiterwijk
Any update/progress on this after two weeks?
This should now be fixed by the certs being removed. I will recreate the cert with an RSA key later today, but it should now work.
Metadata Update from @puiterwijk: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Verified from my RHEL6 machine and it works fine now. Thank you.
Login to comment on this ticket.