Gentoo Archives: gentoo-dev

From: "Paweł Hajdan
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] ssh keys setup for git.gentoo.org after ssh-dss deprecation
Date: Sat, 26 Mar 2016 09:06:15
Message-Id: 56F650F6.1080607@gentoo.org
1 I recently hit ssh-dss key deprecation
2 (<https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html>),
3 and PubkeyAcceptedKeyTypes=+ssh-dss on the client side allows me to keep
4 access to Gentoo infrastructure I need.
5
6 I generated a new RSA key using instructions from
7 <https://wiki.gentoo.org/wiki/Project:Infrastructure/SSH_Key_Guide>, and
8 added it to LDAP following
9 <https://wiki.gentoo.org/wiki/Project:Infrastructure/LDAP_Guide>.
10
11 I can now login to dev.gentoo.org with just the new RSA key.
12
13 However, git.gentoo.org gives me access denied errors unless I use the
14 DSA key.
15
16 Is this expected?
17
18 I'm just wondering if it's some error on my side or something else.
19
20 Looking at
21 <https://wiki.gentoo.org/wiki/Project:Infrastructure/SSH_Configuration>,
22 I see things like:
23 - "DSA keys are preferred over RSA keys"
24 - "where possible users should be required to use DSA keys to authenticate"
25
26 Should I actually rather look at generating a ed25519 key?
27
28 Paweł

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies