From: | "Michał Górny" <mgorny@g.o> | ||
---|---|---|---|
To: | Aaron Bauman <bman@g.o> | ||
Cc: | gentoo-dev@l.g.o | ||
Subject: | Re: [gentoo-dev] ssh keys setup for git.gentoo.org after ssh-dss deprecation | ||
Date: | Sat, 26 Mar 2016 10:41:58 | ||
Message-Id: | 20160326114139.4ae5ed07.mgorny@gentoo.org | ||
In Reply to: | Re: [gentoo-dev] ssh keys setup for git.gentoo.org after ssh-dss deprecation by Aaron Bauman |
1 | On Sat, 26 Mar 2016 18:40:17 +0900 |
2 | Aaron Bauman <bman@g.o> wrote: |
3 | |
4 | > On Saturday, March 26, 2016 10:05:58 AM JST Paweł Hajdan, Jr. wrote: |
5 | > > I recently hit ssh-dss key deprecation |
6 | > > (<https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.htm |
7 | > > l>), and PubkeyAcceptedKeyTypes=+ssh-dss on the client side allows me to |
8 | > > keep access to Gentoo infrastructure I need. |
9 | > > |
10 | > > I generated a new RSA key using instructions from |
11 | > > <https://wiki.gentoo.org/wiki/Project:Infrastructure/SSH_Key_Guide>, and |
12 | > > added it to LDAP following |
13 | > > <https://wiki.gentoo.org/wiki/Project:Infrastructure/LDAP_Guide>. |
14 | > > |
15 | > > I can now login to dev.gentoo.org with just the new RSA key. |
16 | > > |
17 | > > However, git.gentoo.org gives me access denied errors unless I use the |
18 | > > DSA key. |
19 | > > |
20 | > > Is this expected? |
21 | > > |
22 | > > I'm just wondering if it's some error on my side or something else. |
23 | > > |
24 | > > Looking at |
25 | > > <https://wiki.gentoo.org/wiki/Project:Infrastructure/SSH_Configuration>, |
26 | > > I see things like: |
27 | > > - "DSA keys are preferred over RSA keys" |
28 | > > - "where possible users should be required to use DSA keys to authenticate" |
29 | > > |
30 | > > Should I actually rather look at generating a ed25519 key? |
31 | > > |
32 | > > Paweł |
33 | > |
34 | > Git SSH key changes are done manually by the infra team. I just went through |
35 | > the same issue when I updated my keys. Hope this helps. |
36 | |
37 | Updated. |
38 | |
39 | -- |
40 | Best regards, |
41 | Michał Górny |
42 | <http://dev.gentoo.org/~mgorny/> |
Subject | Author |
---|---|
Re: [gentoo-dev] ssh keys setup for git.gentoo.org after ssh-dss deprecation | "Paweł Hajdan |