[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: db.debian.org/password.html : Why ~/.ssh/id_dsa.pub to setup OpenSSH for RSA



Hi,

Considering recent issues,  http://db.debian.org/password.html requires
updated as "s/id_dsa.pub/id_rsa.pub/".

Discussion as below.  Do I need to make rt thingy?  I am not yet
familiar with it.

On Wed, May 14, 2008 at 07:50:29PM +0200, Luk Claes wrote:
> Osamu Aoki wrote:
> > Hi,
> > 
> > Recent openssl issue lead me to http://db.debian.org/password.html and
> > made me wonder why script example uses DSA key while main text only
> > talks about RSA key.
> 
> The text talks about RSA keys as they are preferred over DSA keys.
> 
> > | Alternatively, you can do without a password and use PGP to manipulate your
> > | LDAP information through the mail gateway and use SSH RSA Authentication to
> > | access the servers. To setup OpenSSH for RSA you need to first generate a
> > | private RSA key using ssh-keygen and select a good passphrase for it. Then send
> > | the public portion of the key to the LDAP directory:
> > | 
> > | gpg --clearsign < ~/.ssh/id_dsa.pub | mail change@db.debian.org
> > | 
> > | NB: Only version 2 RSA keys are accepted. Version 1 RSA keys (i.e. identity.pub
> > | files) will not work.
> > 
> > 
> > If main text is s/RSA/RSA\/DSA/g , I understand script example but ...
> > 
> > Is there any reason to use DSA key insted of RSA key(~/.ssh/id_rsa.pub) ?
> 
> On the contrary, it's better to use RSA keys as they can be bigger and
> are faster.

Ok,  ....

With today's announcement on Alioth and SSH by Roland Mas made me to use
RSA anyway.

FYI:

| From: admin@db.debian.org
| Subject: Mail Gateway failed: Message is not PGP signed:
| To: osamu@debian.org
| Date: Thu, 15 May 2008 12:29:33 +0000
| 
| Hello!
| 
| Your request to the mail gateway is malformed, or an internal processing
| error occured. The information below may help you, or the gateway
| administrator to identify the problem.
| 
| Error: Message is not PGP signed:
| ==> Message Error: No PGP signature
| 
| 
| Please email admin@db.debian.org if you have any questions.
 

This is what I got for me sending DSA key.  


After sending RSA key, I got:
| From: change@db.debian.org
| Subject: DB Change Request
| To: Osamu Aoki <osamu@debian.org>
| Date: Thu, 15 May 2008 12:29:49 +0000
| 
| Hello Osamu Aoki <osamu@debian.org>!
| 
| Your request to change your directory information has been processed.
| Note that there is a propagation time for many of the entries so please
| be patient. Here are the results:
| 
| > ssh-rsa
| ...

So this page needs to be updated.


Reply to: