[GNC-dev] Deprecating ssh-dss keys on code

John Ralls jralls at ceridwen.us
Sun Feb 3 23:07:31 EST 2019

> On Feb 3, 2019, at 5:47 PM, Derek Atkins <derek at ihtfp.com> wrote:
> Hi,
> As part of the upgrade to Fedora 29, OpenSSH disabled the ssh-dss key
> type.  After a bunch of searching I was able to re-enable it, however it
> looks like the key-type is going to be removed from OpenSSH in a future
> release.  To that end, I encourage each commiter to refresh your SSH
> public key on code to a more "modern" cryptosystem.
> It is quite possible that you will need the help of Geert, John, or
> myself to update the git config -- and even worse, while there used to
> be an ssh command you could use to login and update your own ssh public
> key, I believe that functionality was lost a few years ago with the LAST
> update to code.
> -derek
> PS: A quick look at the set of developers with ssh-dss keys, and it
> appears that I am the only active member that this applies to.  The set
> of dss keys appear to be owned by: asayed, chris, dvherman, hampton,
> jsled, linas, rolf, tomfray, wilddev, and myself.
> PPS: It also looks like the "new user script" that I was using years ago
> is no longer around...  Hmm..  Not sure what happened to it.


I think it makes more sense to remove the ids than to get new keys for any of those except you and maybe Linas. If any of them should wander back we can recreate the ids and generate new keys pretty quickly.

Even if the script hadn't been lost it's likely not compatible with gitorious.

John Ralls

More information about the gnucash-devel mailing list