Hi,
I saw that some people are using CVS again, so I tried as well, but I got:
athimm@devel(1012):/home/.../smart/devel$ cvs up Permission denied (publickey). cvs [update aborted]: end of file from server (consult above messages if any)
I have a new FAS password, all certs updated, I even checked the cvs procedures for newbies on fpo, but I had no luck. What am I doing wrong?
Thanks!
2008/8/23 Axel Thimm Axel.Thimm@atrpms.net:
I saw that some people are using CVS again, so I tried as well, but I got:
athimm@devel(1012):/home/.../smart/devel$ cvs up Permission denied (publickey). cvs [update aborted]: end of file from server (consult above messages if any)
I have a new FAS password, all certs updated, I even checked the cvs procedures for newbies on fpo, but I had no luck. What am I doing wrong?
Did you upload a new SSH public key?
On Sat, Aug 23, 2008 at 04:06:07PM -0500, Jeffrey Ollie wrote:
2008/8/23 Axel Thimm Axel.Thimm@atrpms.net:
I saw that some people are using CVS again, so I tried as well, but I got:
athimm@devel(1012):/home/.../smart/devel$ cvs up Permission denied (publickey). cvs [update aborted]: end of file from server (consult above messages if any)
I have a new FAS password, all certs updated, I even checked the cvs procedures for newbies on fpo, but I had no luck. What am I doing wrong?
Did you upload a new SSH public key?
It won't let me:
Error!
The following error(s) have occured with your request:
* ssh_key: Error - Not a valid RSA SSH key: ssh-dss ...
Have DSA keys now been banned? Why?
2008/8/23 Axel Thimm Axel.Thimm@atrpms.net:
On Sat, Aug 23, 2008 at 04:06:07PM -0500, Jeffrey Ollie wrote:
2008/8/23 Axel Thimm Axel.Thimm@atrpms.net:
I saw that some people are using CVS again, so I tried as well, but I got:
athimm@devel(1012):/home/.../smart/devel$ cvs up Permission denied (publickey). cvs [update aborted]: end of file from server (consult above messages if any)
I have a new FAS password, all certs updated, I even checked the cvs procedures for newbies on fpo, but I had no luck. What am I doing wrong?
Did you upload a new SSH public key?
It won't let me:
Error!
The following error(s) have occured with your request:
- ssh_key: Error - Not a valid RSA SSH key: ssh-dss ...
Have DSA keys now been banned?
Yes.
Why?
The primary reason is that it's nearly impossible to tell if the key was generated on a Debian system with the compromised OpenSSL versions. I've heard rumblings that DSA keys are weaker for other reasons, but I've not seen any good explanations.
In any case, it's probably a good idea to regenerate your SSH keys every now and then, I know I had been using mine FAR too long.
On Sat, Aug 23, 2008 at 3:37 PM, Jeffrey Ollie jeff@ocjtech.us wrote:
2008/8/23 Axel Thimm Axel.Thimm@atrpms.net:
On Sat, Aug 23, 2008 at 04:06:07PM -0500, Jeffrey Ollie wrote:
2008/8/23 Axel Thimm Axel.Thimm@atrpms.net:
I saw that some people are using CVS again, so I tried as well, but I got:
athimm@devel(1012):/home/.../smart/devel$ cvs up Permission denied (publickey). cvs [update aborted]: end of file from server (consult above messages if any)
I have a new FAS password, all certs updated, I even checked the cvs procedures for newbies on fpo, but I had no luck. What am I doing wrong?
Did you upload a new SSH public key?
It won't let me:
Error!
The following error(s) have occured with your request:
- ssh_key: Error - Not a valid RSA SSH key: ssh-dss ...
Have DSA keys now been banned?
Yes.
Why?
The primary reason is that it's nearly impossible to tell if the key was generated on a Debian system with the compromised OpenSSL versions. I've heard rumblings that DSA keys are weaker for other reasons, but I've not seen any good explanations.
There are several mathematical weaknesses in DSA keys that were outlined during the OpenSSL problems. I believe the main one is that the DSA signature can give away the private key.
On Sat, Aug 23, 2008 at 6:09 PM, Stephen John Smoogen smooge@gmail.com wrote:
There are several mathematical weaknesses in DSA keys that were outlined during the OpenSSL problems. I believe the main one is that the DSA signature can give away the private key.
I've heard that too, but I haven't found papers or anything that discusses the matter in more detail. Anyone have any pointers?
On Sat, Aug 23, 2008 at 04:37:13PM -0500, Jeffrey Ollie wrote:
2008/8/23 Axel Thimm Axel.Thimm@atrpms.net:
On Sat, Aug 23, 2008 at 04:06:07PM -0500, Jeffrey Ollie wrote:
2008/8/23 Axel Thimm Axel.Thimm@atrpms.net:
I saw that some people are using CVS again, so I tried as well, but I got:
athimm@devel(1012):/home/.../smart/devel$ cvs up Permission denied (publickey). cvs [update aborted]: end of file from server (consult above messages if any)
I have a new FAS password, all certs updated, I even checked the cvs procedures for newbies on fpo, but I had no luck. What am I doing wrong?
Did you upload a new SSH public key?
It won't let me:
Error!
The following error(s) have occured with your request:
- ssh_key: Error - Not a valid RSA SSH key: ssh-dss ...
Have DSA keys now been banned?
Yes.
Why?
The primary reason is that it's nearly impossible to tell if the key was generated on a Debian system with the compromised OpenSSL versions.
That's overreacting. What happens if Gentoo makes a similar mistake with RSA keys, will we ban them, too? DSA is a decent technology.
I've heard rumblings that DSA keys are weaker for other reasons, but I've not seen any good explanations.
Hearsay, your honour! On the contrary, I've heard that DSA gathers at 1024 bits at least as much entropy as RSA with 2048, and DSA was the recommended "new" algorithm half a decade ago. Currently RSA and DSA are equal up.
Please restore the possibility to use DSA. People doing so are knowledgable enough (DSA is not the default with ssh-keygen) to have dealt with any keys they may have created on Debian systems during the time window their rnd gen was bad. If they haven't you won't save them anyway.
In any case, it's probably a good idea to regenerate your SSH keys every now and then, I know I had been using mine FAR too long.
There are different opinions on this as well. If you access several dozens of systems scattered world-wide in differently administered environments you will be glad not to have to change the keys that often and to use only a few keys, and not one for every host.
On Sat, Aug 23, 2008 at 04:37:13PM -0500, Jeffrey Ollie wrote:
The primary reason is that it's nearly impossible to tell if the key was generated on a Debian system with the compromised OpenSSL versions.
OK, I checked and it is far from impossible. After all the bug was that there are only 32k possible keys per arch/size/type - Debian has even issued blacklists for all keys of typical und some untypical sizes like 1024/2048/1023/2047/4096/8192 and for some sizes they even packaged it up, see
http://packages.debian.org/unstable/main/openssh-blacklist http://packages.debian.org/unstable/main/openssh-blacklist-extra
If there is paranoia floating around, then why not use that blacklist in Fedora/RHEL as well instead of nuking all DSA keys and still allowing the bad RSA keys?
And if your are really paranoic then one can package up these blacklists for general use by Fedora/RHEL's openssh. I don't know if openssh has a blacklist-reject ability already coded in, though.
2008/8/24 Axel Thimm Axel.Thimm@atrpms.net:
On Sat, Aug 23, 2008 at 04:37:13PM -0500, Jeffrey Ollie wrote:
The primary reason is that it's nearly impossible to tell if the key was generated on a Debian system with the compromised OpenSSL versions.
OK, I checked and it is far from impossible. After all the bug was that there are only 32k possible keys per arch/size/type - Debian has even issued blacklists for all keys of typical und some untypical sizes like 1024/2048/1023/2047/4096/8192 and for some sizes they even packaged it up, see
http://packages.debian.org/unstable/main/openssh-blacklist http://packages.debian.org/unstable/main/openssh-blacklist-extra
If there is paranoia floating around, then why not use that blacklist in Fedora/RHEL as well instead of nuking all DSA keys and still allowing the bad RSA keys?
All RSA keys were nuked too.
And if your are really paranoic then one can package up these blacklists for general use by Fedora/RHEL's openssh. I don't know if openssh has a blacklist-reject ability already coded in, though.
No it does not.
On Sun, Aug 24, 2008 at 09:39:15AM -0600, Stephen John Smoogen wrote:
2008/8/24 Axel Thimm Axel.Thimm@atrpms.net:
On Sat, Aug 23, 2008 at 04:37:13PM -0500, Jeffrey Ollie wrote:
The primary reason is that it's nearly impossible to tell if the key was generated on a Debian system with the compromised OpenSSL versions.
OK, I checked and it is far from impossible. After all the bug was that there are only 32k possible keys per arch/size/type - Debian has even issued blacklists for all keys of typical und some untypical sizes like 1024/2048/1023/2047/4096/8192 and for some sizes they even packaged it up, see
http://packages.debian.org/unstable/main/openssh-blacklist http://packages.debian.org/unstable/main/openssh-blacklist-extra
If there is paranoia floating around, then why not use that blacklist in Fedora/RHEL as well instead of nuking all DSA keys and still allowing the bad RSA keys?
All RSA keys were nuked too.
Please read up the complete thread (and maybe the subject line as well :) - with nuking of ssh keys I'm not referring to the internally used ssh keys, which were all replaced, but the nuking of all user DSA keys for using in FAS/cvs.
s/nuked/banned/g for a better phrasing - sorry, me no naitif ingisch spieka.
2008/8/24 Axel Thimm Axel.Thimm@atrpms.net:
On Sat, Aug 23, 2008 at 04:37:13PM -0500, Jeffrey Ollie wrote:
2008/8/23 Axel Thimm Axel.Thimm@atrpms.net:
On Sat, Aug 23, 2008 at 04:06:07PM -0500, Jeffrey Ollie wrote:
2008/8/23 Axel Thimm Axel.Thimm@atrpms.net:
I saw that some people are using CVS again, so I tried as well, but I got:
athimm@devel(1012):/home/.../smart/devel$ cvs up Permission denied (publickey). cvs [update aborted]: end of file from server (consult above messages if any)
I have a new FAS password, all certs updated, I even checked the cvs procedures for newbies on fpo, but I had no luck. What am I doing wrong?
Did you upload a new SSH public key?
It won't let me:
Error!
The following error(s) have occured with your request:
- ssh_key: Error - Not a valid RSA SSH key: ssh-dss ...
Have DSA keys now been banned?
Yes.
Why?
The primary reason is that it's nearly impossible to tell if the key was generated on a Debian system with the compromised OpenSSL versions.
That's overreacting. What happens if Gentoo makes a similar mistake with RSA keys, will we ban them, too? DSA is a decent technology.
No because RSA doesn't leak information into your public key nor does it rely on the 'random' secret key to the same extent. Th
I've heard rumblings that DSA keys are weaker for other reasons, but I've not seen any good explanations.
Hearsay, your honour! On the contrary, I've heard that DSA gathers at 1024 bits at least as much entropy as RSA with 2048, and DSA was the recommended "new" algorithm half a decade ago. Currently RSA and DSA are equal up.
I take your hearsay, and counter with my hearsay that DSA will be replaced next year with DSA2 which can use 4 bits of entropy and be as secure as 4096 RSA.
On Sun, Aug 24, 2008 at 09:34:36AM -0600, Stephen John Smoogen wrote:
- ssh_key: Error - Not a valid RSA SSH key: ssh-dss ...
Have DSA keys now been banned?
Yes.
Why?
The primary reason is that it's nearly impossible to tell if the key was generated on a Debian system with the compromised OpenSSL versions.
That's overreacting. What happens if Gentoo makes a similar mistake with RSA keys, will we ban them, too? DSA is a decent technology.
No because RSA doesn't leak information into your public key nor does it rely on the 'random' secret key to the same extent. Th
Your mixing different issues: What you are referring to is using a good DSA key from a bad host. The context above was about the DSA/RSA keys generated in the bad two year window. Both DSA and RSA from that time frame are equally predictable.
I've heard rumblings that DSA keys are weaker for other reasons, but I've not seen any good explanations.
Hearsay, your honour! On the contrary, I've heard that DSA gathers at 1024 bits at least as much entropy as RSA with 2048, and DSA was the recommended "new" algorithm half a decade ago. Currently RSA and DSA are equal up.
I take your hearsay, and counter with my hearsay that DSA will be replaced next year with DSA2 which can use 4 bits of entropy and be as secure as 4096 RSA.
Cool, then let the hearsays determine our processes.
2008/8/24 Axel Thimm Axel.Thimm@atrpms.net:
On Sun, Aug 24, 2008 at 09:34:36AM -0600, Stephen John Smoogen wrote:
- ssh_key: Error - Not a valid RSA SSH key: ssh-dss ...
Have DSA keys now been banned?
Yes.
Why?
The primary reason is that it's nearly impossible to tell if the key was generated on a Debian system with the compromised OpenSSL versions.
That's overreacting. What happens if Gentoo makes a similar mistake with RSA keys, will we ban them, too? DSA is a decent technology.
No because RSA doesn't leak information into your public key nor does it rely on the 'random' secret key to the same extent. Th
Your mixing different issues: What you are referring to is using a good DSA key from a bad host. The context above was about the DSA/RSA keys generated in the bad two year window. Both DSA and RSA from that time frame are equally predictable.
You wanted to know about other weaknesses in the DSA string. I wrote it in the wrong spot. In the end, it is easier to audit bad RSA over DSA and having one set to look for in case of another bad OpenSSL is easier on the volunteer admins to deal with.
I've heard rumblings that DSA keys are weaker for other reasons, but I've not seen any good explanations.
Hearsay, your honour! On the contrary, I've heard that DSA gathers at 1024 bits at least as much entropy as RSA with 2048, and DSA was the recommended "new" algorithm half a decade ago. Currently RSA and DSA are equal up.
I take your hearsay, and counter with my hearsay that DSA will be replaced next year with DSA2 which can use 4 bits of entropy and be as secure as 4096 RSA.
Cool, then let the hearsays determine our processes.
Ok lets turn off the sarcasm.. I am sorry I started it.
On Sat August 23 2008, Jeffrey Ollie wrote:
2008/8/23 Axel Thimm Axel.Thimm@atrpms.net:
Have DSA keys now been banned?
Yes.
Why?
The primary reason is that it's nearly impossible to tell if the key was generated on a Debian system with the compromised OpenSSL
This is also true for RSA keys.
versions. I've heard rumblings that DSA keys are weaker for other reasons, but I've not seen any good explanations.
| In addition, any DSA key must be considered compromised if it has been used | on a machine with a 'bad' OpenSSL. Simply using a 'strong' DSA key (i.e., | generated with a 'good' OpenSSL) to make a connection from such a machine | may have compromised it. This is due to an 'attack' on DSA that allows the | secret key to be found if the nonce used in the signature is known or | reused. http://wiki.debian.org/SSLkeys#head-d841ac769390d013577ce3fd2be24b8cf5a74cfb
If you look at the descriptions of the dsa signing algorithm, e.g. in the handbook of applied cryptography[1], you notice, that there is a random parameter that is meant to kept secret.
Regards, Till
infrastructure@lists.fedoraproject.org
-
Axel Thimm -
Jeffrey Ollie -
Stephen John Smoogen -
Till Maas