Hi, Am 30.06.2018 um 15:44 schrieb Christian Boltz:
Hello,
some days ago, Theo told me that he upgraded mickey (our gitlab VM) to Leap 15.
This has the side effect that "old" dsa SSH keys (pubkey starting with "ssh-dss") no longer work. The symptom is that "git pull" will ask for a password.
maybe it's time to recommend the following stuff to you: https://stribika.github.io/2015/01/04/secure-secure-shell.html [quote] DSA keys must be exactly 1024 bits so let’s disable that. Number 2 here involves NIST suckage and should be disabled as well. Another important disadvantage of DSA and ECDSA is that it uses randomness for each signature. If the random numbers are not the best quality, then it is possible to recover the secret key. Fortunately, RSA using SHA1 is not a problem here because the value being signed is actually a SHA2 hash. The hash function SHA1(SHA2(x)) is just as secure as SHA2 (it has less bits of course but no better attacks). [/quote] Cheers, -- Thorsten Bro <tbro@opensuse.org> - Member of openSUSE Heroes - -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org