From: | Aaron Bauman <bman@g.o> | ||
---|---|---|---|
To: | gentoo-dev@l.g.o | ||
Subject: | Re: [gentoo-dev] ssh keys setup for git.gentoo.org after ssh-dss deprecation | ||
Date: | Sat, 26 Mar 2016 09:41:04 | ||
Message-Id: | 2370909.Xig60x6eOE@localhost | ||
In Reply to: | [gentoo-dev] ssh keys setup for git.gentoo.org after ssh-dss deprecation by "Paweł Hajdan |
1 | On Saturday, March 26, 2016 10:05:58 AM JST Paweł Hajdan, Jr. wrote: |
2 | > I recently hit ssh-dss key deprecation |
3 | > (<https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.htm |
4 | > l>), and PubkeyAcceptedKeyTypes=+ssh-dss on the client side allows me to |
5 | > keep access to Gentoo infrastructure I need. |
6 | > |
7 | > I generated a new RSA key using instructions from |
8 | > <https://wiki.gentoo.org/wiki/Project:Infrastructure/SSH_Key_Guide>, and |
9 | > added it to LDAP following |
10 | > <https://wiki.gentoo.org/wiki/Project:Infrastructure/LDAP_Guide>. |
11 | > |
12 | > I can now login to dev.gentoo.org with just the new RSA key. |
13 | > |
14 | > However, git.gentoo.org gives me access denied errors unless I use the |
15 | > DSA key. |
16 | > |
17 | > Is this expected? |
18 | > |
19 | > I'm just wondering if it's some error on my side or something else. |
20 | > |
21 | > Looking at |
22 | > <https://wiki.gentoo.org/wiki/Project:Infrastructure/SSH_Configuration>, |
23 | > I see things like: |
24 | > - "DSA keys are preferred over RSA keys" |
25 | > - "where possible users should be required to use DSA keys to authenticate" |
26 | > |
27 | > Should I actually rather look at generating a ed25519 key? |
28 | > |
29 | > Paweł |
30 | |
31 | Git SSH key changes are done manually by the infra team. I just went through |
32 | the same issue when I updated my keys. Hope this helps. |
33 | |
34 | -- |
35 | Cheers, |
36 | Aaron Bauman |
37 | Gentoo Linux Developer |
38 | GnuPG FP: 1536 F4B3 72EB 9C54 11F5 5C43 246D 23A2 10FB 0F3E |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |
Subject | Author |
---|---|
Re: [gentoo-dev] ssh keys setup for git.gentoo.org after ssh-dss deprecation | "Michał Górny" <mgorny@g.o> |