On Tue, Jan 27, 2026, at 7:37 AM, Ineiev wrote: > On Mon, Jan 26, 2026 at 02:25:22PM -0500, Zack Weinberg wrote: >> 1. I changed my SSH keys, but the new keys don't work. The old one >> still works, but I'm trying to stop using RSA altogether. > > Did you check https://savannah.gnu.org/maintenance/SshAccess/? > What are the diagnostics?
Yes, sorry, I should have clarified. Using either of the new keys, I get $ ssh -v -i ~/.ssh/id_yk2 [email protected] ... debug1: Authenticating to git.savannah.gnu.org:22 as 'zackw' ... debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: get_agent_identities: bound agent to hostkey debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities debug1: Will attempt key: /home/zack/.ssh/id_yk2 ECDSA-SK SHA256:rbThKGvLLyYGsFyEOaAGIjo1aNcgeM9wBHV/VMr/+YM explicit authenticator debug1: Offering public key: /home/zack/.ssh/id_yk2 ECDSA-SK SHA256:rbThKGvLLyYGsFyEOaAGIjo1aNcgeM9wBHV/VMr/+YM explicit authenticator debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. [email protected]: Permission denied (publickey). --- Using the old RSA key, I get instead $ ssh -v -i ~/.ssh/id_old [email protected] ... debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities debug1: Will attempt key: /home/zack/.ssh/id_old RSA SHA256:zsUyimStJS4TYGO8NrSwC0MFiq1CtRWx5smgVLw9/TY explicit debug1: Offering public key: /home/zack/.ssh/id_old RSA SHA256:zsUyimStJS4TYGO8NrSwC0MFiq1CtRWx5smgVLw9/TY explicit debug1: Server accepts key: /home/zack/.ssh/id_old RSA SHA256:zsUyimStJS4TYGO8NrSwC0MFiq1CtRWx5smgVLw9/TY explicit debug1: read_passphrase: requested to askpass Authenticated to git.savannah.gnu.org ([2001:470:142::168]:22) using "publickey". debug1: channel 0: new session [client-session] (inactive timeout: 0) debug1: Requesting [email protected] debug1: Entering interactive session. debug1: pledge: filesystem debug1: client_input_global_request: rtype [email protected] want_reply 0 debug1: client_input_hostkeys: searching /home/zack/.ssh/known_hosts for git.savannah.gnu.org / (none) debug1: client_input_hostkeys: searching /home/zack/.ssh/known_hosts2 for git.savannah.gnu.org / (none) debug1: client_input_hostkeys: hostkeys file /home/zack/.ssh/known_hosts2 does not exist debug1: client_input_hostkeys: host key found matching a different name/address, skipping UserKnownHostsFile update debug1: Sending environment. debug1: channel 0: setting env COLORTERM = "truecolor" debug1: channel 0: setting env LANG = "en_US.utf8" debug1: channel 0: setting env LC_COLLATE = "C.utf8" debug1: pledge: fork Hello zackw! You've successfully authenticated, but interactive shell access is not allowed. debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0 debug1: channel 0: free: client-session, nchannels 1 Connection to git.savannah.gnu.org closed. --- So I think it must be that the server isn't actually using the new keys I added, even though they show as registered keys on https://savannah.gnu.org/my/admin/editsshkeys.php . >> 2. I would have filed a ticket about this, but I can't log into >> savannah.nongnu.org at all. When I try, it accepts the login and then >> bounces me to savannah.gnu.org, and when I go back to nongnu, I'm >> still not logged in. > > I'll look into this; for the record, people can submit support > requests at savannah.nongnu.org/support/?group=administration > without logging in. Good to know. That page did show me a form but it also has text on it that made it sound like I needed to log in first. >> It may be relevant that I have Firefox's Strict Tracking Protection >> enabled, and use aggressive cookie purging via a browser extension, >> but both savannah.gnu.org and savannah.nongnu.org are exempted from >> both these policies. > > Have you tried to clear the cookies? Just tried that now, and it does seem to have worked, but there's a very confusing bit in the middle: After clearing cookies, the login link on https://savannah.nongnu.org/support/?group=administration takes me to https://savannah.gnu.org/account/login.php?uri=%2Fsupport%2F%3Fgroup%3Dadministration&cookie_test=1 Logging in on that page, with both the "Remember me" and "Login also in savannah.nongnu.org" boxes checked, takes me to https://savannah.nongnu.org/account/login.php?uri=%2Fsupport%2Findex.php%3Fgroup%253Dadministration and if you don't notice the URL has changed, that looks like the login page has just reloaded and blanked itself. And it seems to be necessary to enter one's credentials again on the second page to actually *be* logged in on savannah.nongnu.org. I think people will, reasonably, expect that the "login also..." checkbox means "_automatically_ log me into nongnu.org using the same credentials", not "_next take me to_ the nongnu.org login page so I can log in again there". (To be clear, yesterday, before clearing cookies, that bounce to the second login page didn't happen.) zw
