On Sat, 26 Mar 2016 18:40:17 +0900 Aaron Bauman <b...@gentoo.org> wrote:
> On Saturday, March 26, 2016 10:05:58 AM JST Paweł Hajdan, Jr. wrote: > > I recently hit ssh-dss key deprecation > > (<https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.htm > > > > l>), and PubkeyAcceptedKeyTypes=+ssh-dss on the client side allows me to > > keep access to Gentoo infrastructure I need. > > > > I generated a new RSA key using instructions from > > <https://wiki.gentoo.org/wiki/Project:Infrastructure/SSH_Key_Guide>, and > > added it to LDAP following > > <https://wiki.gentoo.org/wiki/Project:Infrastructure/LDAP_Guide>. > > > > I can now login to dev.gentoo.org with just the new RSA key. > > > > However, git.gentoo.org gives me access denied errors unless I use the > > DSA key. > > > > Is this expected? > > > > I'm just wondering if it's some error on my side or something else. > > > > Looking at > > <https://wiki.gentoo.org/wiki/Project:Infrastructure/SSH_Configuration>, > > I see things like: > > - "DSA keys are preferred over RSA keys" > > - "where possible users should be required to use DSA keys to authenticate" > > > > Should I actually rather look at generating a ed25519 key? > > > > Paweł > > Git SSH key changes are done manually by the infra team. I just went through > the same issue when I updated my keys. Hope this helps. Updated. -- Best regards, Michał Górny <http://dev.gentoo.org/~mgorny/>
pgpcUNzTyWaM5.pgp
Description: OpenPGP digital signature