On 6/11/2025 8:59 AM, Jeffrey E Altman wrote:
It should also be noted that EL10 and current versions of Fedora, the DEFAULT crypto policies disable the use of ssh-rsa.On 6/11/2025 8:37 AM, Götz Waschk wrote:So the gerrit server must be configured to support the SFTP subsystem or newer SSH clients will fail when using the scp command.The ssh server baked into Gerrit does not support the SFTP server.The -O option can be specified with OpenSSH 8.7 and later to select the legacy SCP protocol for file transfers.Tested with OpenSSH 9.9p2 on macOS Sequoia The commit hook can be obtained using anonymous https:(cd openafs && curl -kLo `git rev-parse --git-dir`/hooks/commit-msg https://gerrit.openafs.org/tools/hooks/commit-msg; chmod +x `git rev-parse --git-dir`/hooks/commit-msg)Later versions of Gerrit suggest using anonymous https to download commit-hooks to avoid compatibility issues.Jeffrey Altman
The ssh client will fail withssh_dispatch_run_fatal: Connection to 18.9.44.50 port 29418: error in libcrypto
To enable ssh-rsa requires enabling LEGACY mode update-crypto-policies --set LEGACY This is in addition to the ssh client config settings HostKeyAlgorithms=+ssh-rsa PubkeyAcceptedAlgorithms=+ssh-rsa
smime.p7s
Description: S/MIME Cryptographic Signature
