since starting with openssh 7.0 dsa keys will get obsoleted (among other things), I generated a brand new ed25519 key I intend to use all over the place.
I am trying to paste the pubkey in my profile page, but I get a
Line 1: Key length too short!
from your side. please fix that page since the length of the key is just perfect. according to the ssh-keygen manual "ED25519 keys have a fixed length".
thanks,
peter
I get the same. Any key-length check should be dependent on key type (and perhaps the page should warn about deprecated key types?)
Hello,
I was unable to duplicate your reported issue. For a good general starting point this link should work for you:
https://sourceforge.net/p/forge/documentation/SSH%20Keys/
Here is a section that should be able to help you generate a key:
https://sourceforge.net/p/forge/documentation/SSH%20Keys/#key-generation-openssh
Here is an example of a key:
https://sourceforge.net/p/forge/documentation/SSH%20Keys/#example-ssh-key-data
Here are some tips for troubleshooting and please keep in mind there is a delay in syncing up the keys:
https://sourceforge.net/p/forge/documentation/SSH%20Keys/#troubleshooting-mismatched-or-wrong-ssh-key
https://sourceforge.net/p/forge/documentation/SSH%20Keys/#troubleshooting-key-sync-delay
If you are still having issue this link should be able to help:
https://sourceforge.net/p/forge/documentation/SSH%20Keys/#reporting-ssh-key-issues
Here is a link that might help with the suggestion about a warn for deprecated keys.
https://sourceforge.net/p/forge/documentation/SSH%20Keys/#generating-replacement-ssh-keys
Thanks
SourceForge Support
https://sourceforge.net/p/forge/documentation/SSH%20Keys/#key-generation-openssh and
https://sourceforge.net/p/forge/documentation/SSH%20Keys/#example-ssh-key-data
should probably also be fixed – they show dsa keys. As OP wrote, these are obsoleted in the new openssh.
John Barrett: what kind of key did you try creating? The issue is about ed25519 keys.
Kevin Brubeck Unhammer,
You can make a dsa key by following the instructions:
ssh-keygen -t dsa -C username@shell.sf.net
Enter file in which to save the key (/Users/username/.ssh/id_dsa):
Enter passphrase (empty for no passphrase): %some-made-up-phase%
A passphrase adds another layer of encryption when generating a SSH Key. It is not required but it is recommend.
Sample passphrase = %some-made-up-phrase%
Enter same passphrase again: %some-made-up-phase%
Your identification has been saved in /Users/username/.ssh/id_dsa.
Your public key has been saved in /Users/username/.ssh/id_dsa.pub.
The key fingerprint is:
random HEX data username@shell.sf.net
The key's randomart image is:
more random data
This commmand just copies the contents of the idrsa.pub file to the clipboard
pbcopy < ~/.ssh/id_dsa.pub
Go to Shell Services Configuration Page and paste in the key to "SSH Public Keys:" box.
Click Save. You will need to wait for the SSH Key to sync up with your account.
ssh -t username,projectname@shell.sourceforge.net create
The 1st time you use the key you will be promoted for the passphrase (if you made on up). After the 1st time you enter the passphase you won't be prompted again and you won't need to enter your SourceForge.net password.
%some-made-up-phase%
Requesting a new shell for "username" and waiting for it to start.
creating... starting...
This is an interactive shell created for user username,projectname.
Use the "timeleft" command to see how much time remains before shutdown.
Use the "shutdown" command to destroy the shell before the time limit.
For path information and login help, type "sf-help".
[username@shell-24002 ~]$
Hi,
On Wed, Nov 11, 2015 at 10:13:10PM +0000, John Barrett wrote:
according to official OpenSSH documentation, the use of DSA keys is strongly discouraged.
'OpenSSH 7.0 and greater similarly disables the ssh-dss (DSA) public key algorithm. It too is weak and we recommend against its use.'
http://www.openssh.com/legacy.html
I know that all your documentation has examples on how to set up ssh authentication - and the examples point to exactly this type of keys.
Unfortunately you will have to update all that and enable support for ed25519 keys (among others) as per my original comment.
thanks,
peter
according to official OpenSSH documentation, the use of DSA keys is strongly discouraged.
'OpenSSH 7.0 and greater similarly disables the ssh-dss (DSA) public key algorithm. It too is weak and we recommend against its use.'
http://www.openssh.com/legacy.html
I know that all your documentation has examples on how to set up ssh authentication - and the examples point to exactly this type of keys.
Unfortunately you will have to update all that and enable support for ed25519 keys (among others) as per my original comment.
thanks,
peter
Hi Peter,
This is really more of a feature request rather than a support issue at this point. I've move this ticket over to the feature request area.
Thanks
SourceForge Support
Last edit: John Barrett 2015-11-12
The way this is currently set up, OpenSSH v7 users with DSA keys will always be asked for their SourceForge.net password when connecting to "*.sf.net".
This is because OpenSSH v7 ignores DSA keys by default (even if the "-i" flag is provided). The only way to get around this is to add "PubkeyAcceptedKeyTypes=+ssh-dss" to your "~/.ssh/config" file.
I found out about this by issuing the verbose (-v) flag when connecting. I'm sure most other (OpenSSH) SourceForge users wouldn't think to do this. So, they'd be unable to figure out why they're always asked to enter their SF password these days.
The easy way to get around this problem is to use an RSA key instead, as mentioned here. Similarly, I think the OpenSSH section of the Forge Documentation should be changed to recommend RSA keys by default.
ed25519 (and ecdsa) keys are now supported.