Le dimanche 12 février 2012 à 11:30 +0100, Oliver Burger a écrit : > Am 12.02.2012 11:16, schrieb Michael Scherer: > > Are you sure that you used the complete > > It seems that the key that was uploaded was not in the good format. Can > > you make sure that you used the complete ssh key, ie the whole line, not > > just the binary encoded blurb in the middle. Without the beginning, > > ( ie ssh-rsa/ssh-dsa ), there is no way it would work, since openssh > > cannot guess the format and the algo to use. > > > > So try again by using the complete line : > > ssh-rsa XXXx....XXXX f...@example.org > > > > And if this solve the problem, could mentors please ensure that newer > > packagers actually really understand how ssh is supposed to work before > > directing them to sysadmin for diagnosing the same problem over and > > over? > Guilty as charged, but actually Dimitrios was a bit faster then me and I > didn't have that much time yesterday to try and work this out. > > > ( alternative version : code proper error reporting in identity ) > > ( 2nd alternative version : add a foolproof mgarepo command to create > > and upload keys into our ldap ) > If any of those two should be done, including it in identity would be > the better way, I think.
> We have people aside from packagers with svn commit rights, e.g. the > i18n team commiters. Indeed. But we can do both, and I think that adding a command to mgarepo would help to enforce a better security practice ( ie, few people know that using ssh-agent can cause issue if someone is root on the server that you connect too, since this person can reuse your key by hijacking the agent ). > As an idea: instead of that input field or as an alternative provide a > possibility to upload the pubkey file? > This well make sure, no half keys are uploaded. In fact, we already make sure that no half key are uploaded ( hence the lack of key after upload ), we just do not signal it. And having a specific input would be slightly more complex ( but doable ), and less generic ( and I think Buchan wanted to avoid that, but maybe I am wrong ). -- Michael Scherer