Please restore ssh-dsa (was: cvs: Permission denied (publickey).)
Stephen John Smoogen
smooge at gmail.com
Sun Aug 24 15:34:36 UTC 2008
2008/8/24 Axel Thimm <Axel.Thimm at atrpms.net>:
> On Sat, Aug 23, 2008 at 04:37:13PM -0500, Jeffrey Ollie wrote:
>> 2008/8/23 Axel Thimm <Axel.Thimm at atrpms.net>:
>> > On Sat, Aug 23, 2008 at 04:06:07PM -0500, Jeffrey Ollie wrote:
>> >> 2008/8/23 Axel Thimm <Axel.Thimm at atrpms.net>:
>> >> >
>> >> > I saw that some people are using CVS again, so I tried as well, but I
>> >> > got:
>> >> >
>> >> > athimm at devel(1012):/home/.../smart/devel$ cvs up
>> >> > Permission denied (publickey).
>> >> > cvs [update aborted]: end of file from server (consult above messages if any)
>> >> >
>> >> > I have a new FAS password, all certs updated, I even checked the cvs
>> >> > procedures for newbies on fpo, but I had no luck. What am I doing
>> >> > wrong?
>> >>
>> >> Did you upload a new SSH public key?
>> >
>> > It won't let me:
>> >
>> > Error!
>> >
>> > The following error(s) have occured with your request:
>> >
>> > * ssh_key: Error - Not a valid RSA SSH key: ssh-dss ...
>> >
>> > Have DSA keys now been banned?
>>
>> Yes.
>>
>> > Why?
>>
>> The primary reason is that it's nearly impossible to tell if the key
>> was generated on a Debian system with the compromised OpenSSL
>> versions.
>
> That's overreacting. What happens if Gentoo makes a similar mistake
> with RSA keys, will we ban them, too? DSA is a decent technology.
>
No because RSA doesn't leak information into your public key nor does
it rely on the 'random' secret key to the same extent. Th
>> I've heard rumblings that DSA keys are weaker for other reasons, but
>> I've not seen any good explanations.
>
> Hearsay, your honour! On the contrary, I've heard that DSA gathers at
> 1024 bits at least as much entropy as RSA with 2048, and DSA was the
> recommended "new" algorithm half a decade ago. Currently RSA and DSA
> are equal up.
>
I take your hearsay, and counter with my hearsay that DSA will be
replaced next year with DSA2 which can use 4 bits of entropy and be as
secure as 4096 RSA.
--
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the Fedora-infrastructure-list
mailing list