subject:"Re\: \[gentoo\-dev\] ssh keys setup for git.gentoo.org after ssh\-dss deprecation"

Re: [gentoo-dev] ssh keys setup for git.gentoo.org after ssh-dss deprecation

2016-03-26 Thread Paweł Hajdan , Jr .

On 3/26/16 11:41 AM, Michał Górny wrote:
> On Sat, 26 Mar 2016 18:40:17 +0900
> Aaron Bauman  wrote:
>> Git SSH key changes are done manually by the infra team.  I just went 
>> through 
>> the same issue when I updated my keys.  Hope this helps.
> 
> Updated.

Thanks! Everything works now.

Should the docs also be updated to make this more obvious?

Some candidates:

(mentions DSA keys but looks like they're being deprecated in ssh now).

Paweł

signature.asc
Description: OpenPGP digital signature

Re: [gentoo-dev] ssh keys setup for git.gentoo.org after ssh-dss deprecation

2016-03-26 Thread Michał Górny

On Sat, 26 Mar 2016 18:40:17 +0900
Aaron Bauman  wrote:

> On Saturday, March 26, 2016 10:05:58 AM JST Paweł Hajdan, Jr. wrote:
> > I recently hit ssh-dss key deprecation
> > ( >   
> > l>), and PubkeyAcceptedKeyTypes=+ssh-dss on the client side allows me to  
> > keep access to Gentoo infrastructure I need.
> > 
> > I generated a new RSA key using instructions from
> > , and
> > added it to LDAP following
> > .
> > 
> > I can now login to dev.gentoo.org with just the new RSA key.
> > 
> > However, git.gentoo.org gives me access denied errors unless I use the
> > DSA key.
> > 
> > Is this expected?
> > 
> > I'm just wondering if it's some error on my side or something else.
> > 
> > Looking at
> > ,
> > I see things like:
> > - "DSA keys are preferred over RSA keys"
> > - "where possible users should be required to use DSA keys to authenticate"
> > 
> > Should I actually rather look at generating a ed25519 key?
> > 
> > Paweł  
> 
> Git SSH key changes are done manually by the infra team.  I just went through 
> the same issue when I updated my keys.  Hope this helps.

Updated.

-- 
Best regards,
Michał Górny



pgpcUNzTyWaM5.pgp
Description: OpenPGP digital signature

Re: [gentoo-dev] ssh keys setup for git.gentoo.org after ssh-dss deprecation

2016-03-26 Thread Aaron Bauman

On Saturday, March 26, 2016 10:05:58 AM JST Paweł Hajdan, Jr. wrote:
> I recently hit ssh-dss key deprecation
> ( l>), and PubkeyAcceptedKeyTypes=+ssh-dss on the client side allows me to
> keep access to Gentoo infrastructure I need.
> 
> I generated a new RSA key using instructions from
> , and
> added it to LDAP following
> .
> 
> I can now login to dev.gentoo.org with just the new RSA key.
> 
> However, git.gentoo.org gives me access denied errors unless I use the
> DSA key.
> 
> Is this expected?
> 
> I'm just wondering if it's some error on my side or something else.
> 
> Looking at
> ,
> I see things like:
> - "DSA keys are preferred over RSA keys"
> - "where possible users should be required to use DSA keys to authenticate"
> 
> Should I actually rather look at generating a ed25519 key?
> 
> Paweł

Git SSH key changes are done manually by the infra team.  I just went through 
the same issue when I updated my keys.  Hope this helps.

-- 
Cheers,
Aaron Bauman
Gentoo Linux Developer
GnuPG FP: 1536 F4B3 72EB 9C54 11F5  5C43 246D 23A2 10FB 0F3E

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-dev] ssh keys setup for git.gentoo.org after ssh-dss deprecation

Re: [gentoo-dev] ssh keys setup for git.gentoo.org after ssh-dss deprecation

Re: [gentoo-dev] ssh keys setup for git.gentoo.org after ssh-dss deprecation

3 matches

Site Navigation

Mail list logo

Footer information