From: | "Paweł Hajdan |
---|---|
To: | gentoo-dev@l.g.o |
Subject: | [gentoo-dev] ssh keys setup for git.gentoo.org after ssh-dss deprecation |
Date: | Sat, 26 Mar 2016 09:06:15 |
Message-Id: | 56F650F6.1080607@gentoo.org |
1 | I recently hit ssh-dss key deprecation |
2 | (<https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html>), |
3 | and PubkeyAcceptedKeyTypes=+ssh-dss on the client side allows me to keep |
4 | access to Gentoo infrastructure I need. |
5 | |
6 | I generated a new RSA key using instructions from |
7 | <https://wiki.gentoo.org/wiki/Project:Infrastructure/SSH_Key_Guide>, and |
8 | added it to LDAP following |
9 | <https://wiki.gentoo.org/wiki/Project:Infrastructure/LDAP_Guide>. |
10 | |
11 | I can now login to dev.gentoo.org with just the new RSA key. |
12 | |
13 | However, git.gentoo.org gives me access denied errors unless I use the |
14 | DSA key. |
15 | |
16 | Is this expected? |
17 | |
18 | I'm just wondering if it's some error on my side or something else. |
19 | |
20 | Looking at |
21 | <https://wiki.gentoo.org/wiki/Project:Infrastructure/SSH_Configuration>, |
22 | I see things like: |
23 | - "DSA keys are preferred over RSA keys" |
24 | - "where possible users should be required to use DSA keys to authenticate" |
25 | |
26 | Should I actually rather look at generating a ed25519 key? |
27 | |
28 | Paweł |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |
Subject | Author |
---|---|
Re: [gentoo-dev] ssh keys setup for git.gentoo.org after ssh-dss deprecation | Aaron Bauman <bman@g.o> |