[heroes] gitlab and SSH keys
Hello, some days ago, Theo told me that he upgraded mickey (our gitlab VM) to Leap 15. This has the side effect that "old" dsa SSH keys (pubkey starting with "ssh-dss") no longer work. The symptom is that "git pull" will ask for a password. If you still use a dsa key, you'll have to create a new key (type RSA, ECDSA or ED25519) and add it on gitlab (Settings / SSH Keys). This new key can peacefully co-exist with the dsa key if you still need it. Regards, Christian Boltz -- <dvratil_> :-) this is how we fix bugs in Akonadi... we just wait for them to disappear :P [from #kontact] -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Hi, Am 30.06.2018 um 15:44 schrieb Christian Boltz:
Hello,
some days ago, Theo told me that he upgraded mickey (our gitlab VM) to Leap 15.
This has the side effect that "old" dsa SSH keys (pubkey starting with "ssh-dss") no longer work. The symptom is that "git pull" will ask for a password.
maybe it's time to recommend the following stuff to you: https://stribika.github.io/2015/01/04/secure-secure-shell.html [quote] DSA keys must be exactly 1024 bits so let’s disable that. Number 2 here involves NIST suckage and should be disabled as well. Another important disadvantage of DSA and ECDSA is that it uses randomness for each signature. If the random numbers are not the best quality, then it is possible to recover the secret key. Fortunately, RSA using SHA1 is not a problem here because the value being signed is actually a SHA2 hash. The hash function SHA1(SHA2(x)) is just as secure as SHA2 (it has less bits of course but no better attacks). [/quote] Cheers, -- Thorsten Bro <tbro@opensuse.org> - Member of openSUSE Heroes - -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
participants (2)
-
Christian Boltz -
Thorsten Bro | openSUSE Heroes