less than 1 minute read

Connecting to Unifi equipment (Switch 8/AP AC Pro) from Fedora37 fails out of the box with a very useful error Bad server host key: Invalid key length. This is because the dropbear used on these devices is woefully out of date, and still requires the use of ssh-rsa (with SHA1), which has been deprecated by OpenSSH in 2021,

To allow you to connect from your Fedora 37 install, you can use the update-crypto-policies command. This command is used to configure the policy used by all kinds of cryptographic backends on your system (such as TLS libraries, …)

The policies available on your system can be found at /usr/share/crypto-policies. The default is aptly named DEFAULT, but to be able to connect to a Unifi device, you’ll need to switch back to LEGACY to be able to connect.

Thank you Ubiquity for not updating your base image, even though your customers have been asking for it for a long time - [1] [2] [3] [4] [5] [6] …)

$ sudo update-crypto-policies --set LEGACY

Don’t forget to revert back to DEFAULT after you’re done with your work.

$ sudo update-crypto-policies --set DEFAULT

Comments

You May Also Enjoy

Now using less external services!

less than 1 minute read

So back in 2019 I moved the site from WordPress to Jekyll (using Minimal Mistakes), and from Gandi to AWS Serverless.

Lenovo Thinkpad T14s Gen3 (AMD)

3 minute read

10 years ago I bought a Dell XPS13 L322x ultrabook as a replacement for my white Macbook 2,1. This week I replaced the Dell with something newer: a Lenovo Thinkpad T14s Gen3 (AMD).

Using Hetzner Storageboxes as backup targets for Restic/Rclone

2 minute read

For my offsite backup strategy I’m relying on rclone and restic. Rclone is being used to encrypt/copy backups taken by Proxmox Backup Server (which takes backups of the VM’s/Linux Containers running on Proxmox VE, deduplicates and compresses the data) to remote storage, while restic is used to do deduplication/encryption and copying of data stored on my NAS to remote storage.