I recently hit ssh-dss key deprecation (<https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html>), and PubkeyAcceptedKeyTypes=+ssh-dss on the client side allows me to keep access to Gentoo infrastructure I need.
I generated a new RSA key using instructions from <https://wiki.gentoo.org/wiki/Project:Infrastructure/SSH_Key_Guide>, and added it to LDAP following <https://wiki.gentoo.org/wiki/Project:Infrastructure/LDAP_Guide>. I can now login to dev.gentoo.org with just the new RSA key. However, git.gentoo.org gives me access denied errors unless I use the DSA key. Is this expected? I'm just wondering if it's some error on my side or something else. Looking at <https://wiki.gentoo.org/wiki/Project:Infrastructure/SSH_Configuration>, I see things like: - "DSA keys are preferred over RSA keys" - "where possible users should be required to use DSA keys to authenticate" Should I actually rather look at generating a ed25519 key? Paweł
signature.asc
Description: OpenPGP digital signature
