[savannah-help-public] [sr #110004] Please publicize the fact the ssh-dss keys don't work any more

2019-09-14 Thread Bob Proulx 
Update of sr #110004 (project administration):

  Status:None => Done   
 Assigned to:None => rwp
 Open/Closed:Open => Closed 

___

Follow-up Comment #1:

I am sorry you missed seeing our notifications!  Where should we have sent
those notifications so that you would have seen them?

Are you subscribed to the savannah-users mailing list?  That is a low volume
mailing list for Savannah users to discuss using Savannah.  Please subscribe
if you are not.  I think it is probably the best place to keep up with changes
and other happenings.  The deprecation of DSA keys was posted there at the
time of the change.

  https://lists.gnu.org/archive/html/savannah-users/2019-06/msg00018.html

Do you look at the Savannah web home page?  The top news item on the home page
is still the deprecation warning of DSA keys.

  https://savannah.gnu.org/

Savannah has always recommended against using DSA keys due to the weakenesses
of them.  Here is the documentation on why they were advised against.  But has
previously accepted them anyway.

  https://savannah.gnu.org/maintenance/SshAccess/

The upstream OpenSSH project is deprecating DSA keys.  As we upgrade the
systems we are simply following their lead and not re-enabling them.

  http://www.openssh.com/legacy.html "OpenSSH 7.0 and greater similarly
disable the ssh-dss (DSA) public key algorithm.  It too is weak and we
recommend against its use."

At this moment the cvs system is running a newer version of the OS which
includes OpenSSH 7.4p1 while the git system is still running the older OS
version with OpenSSH 6.6.1p1 but it will also be upgraded at some point in the
near future.


___

Reply to this item at:

  

___
  Message sent via Savannah
  https://savannah.nongnu.org/

[savannah-help-public] [sr #110004] Please publicize the fact the ssh-dss keys don't work any more

2019-09-14 Thread Bruno Haible 
URL:
  

 Summary: Please publicize the fact the ssh-dss keys don't
work any more
 Project: Savannah Administration
Submitted by: haible
Submitted on: Sat 14 Sep 2019 06:08:02 PM CEST
Category: None
Priority: 5 - Normal
Severity: 3 - Normal
  Status: None
 Assigned to: None
Originator Email: br...@clisp.org
Operating System: GNU/Linux
 Open/Closed: Open
 Discussion Lock: Any

___

Details:

A couple of weeks ago my access to the web pages my savannah projects stopped
working: A simple 'cvs log index.html' was asking for the password of
hai...@cvs.savannah.gnu.org, instead of succeeding with the SSH key exchange.
Likewise, a fresh checkout of the web pages failed:

$ cvs -z3 -d:ext:hai...@cvs.savannah.gnu.org:/web/gnulib co gnulib
hai...@cvs.savannah.gnu.org's password: 


At the same time, access to the git source code of the same project continued
to work (ssh://hai...@git.sv.gnu.org/srv/git/gnulib).

I got the problem fixed by going to 'My Account Configuration > Authentication
Setup > SSH Public Keys' and adding a new public key, of type ed25519 or
ecdsa. Previously I had only one key, of type dss.

So, what changed is apparently that cvs.savannah.gnu.org started to ignore
keys of type dss, while git.savannah.gnu.org continues to accept them.

Probably I'm not the only one with this issue. Therefore it would be good if
you could post a news item to appropriate channels, telling people "Attention:
If you have a key of type dss registered in your savannah account, it will now
be ignored by cvs.savannah.gnu.org. Register a new key of type ed25519 or
ecdsa through Savannah's Account Configuration." This would have saved me 2
hours of searching.




___

Reply to this item at:

  

___
  Message sent via Savannah
  https://savannah.nongnu.org/