Closed
Bug 1291619
Opened 9 years ago
Closed 9 years ago
Restore hg access for Zibi Braniecki
Categories
(Infrastructure & Operations :: MOC: Service Requests, task)
Infrastructure & Operations
MOC: Service Requests
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: zbraniecki, Assigned: vinh)
Details
Attachments
(1 file)
|
605 bytes,
application/vnd.ms-publisher
|
Details |
I would like to be able to push to try. My LDAP is zbraniecki@mozilla.com
|
Assignee | |
Updated•9 years ago
|
Assignee: nobody → vhua
|
|
Assignee | |
Comment 1•9 years ago
|
||
Your hg bit shows enabled. Can you give it a try?
|
Reporter | |
Comment 2•9 years ago
|
||
zbraniecki@cintra:~/projects/mozilla/mozilla-central$ ssh hg.mozilla.org
Permission denied (publickey).
I have two keys - ID_DSA and ED_25519.
Last time I checked the ED25519 was not supported by Mozilla so on login.mozilla.com I have my ID_DSA key uploaded. I authenticated the key and yet ssh to hg.mozilla.org rejects it.
That's the chunk of my ~/.ssh/config:
Host hg.mozilla.org
User zbraniecki@mozilla.com
Compression yes
IdentityFile ~/.ssh/id_dsa
ServerAliveInterval 300
TCPKeepAlive yes
IdentitiesOnly yes
Not sure what else can I do.
|
|
Assignee | |
Comment 3•9 years ago
|
||
I only see your ssh-dss keys attached. Can you reattach your DSA/RSA keys?
|
|
Reporter | |
Comment 4•9 years ago
|
||
I do not have a dss key. In my original bug with account request I attached DSA. Is it worth investigating by security?
Also, is there an option to go for ed25591? Trying to get rid of DSA.
|
|
Assignee | |
Comment 5•9 years ago
|
||
I don't think ed25591 is supported at the moment. Best is to generate RSA key.
|
|
Reporter | |
Comment 6•9 years ago
|
||
|
|
Assignee | |
Comment 7•9 years ago
|
||
The keys in c#6 is what's already in LDAP.
:pir - can I get your feedback on what's missing here?
Flags: needinfo?(pradcliffe+bugzilla)
|
|
||
Comment 8•9 years ago
|
||
DSA keys are no longer supported, they are not secure. Should remove all DSA keys, generate an *RSA* key as was suggested in comment 5 and upload it via login.mozilla.com.
Flags: needinfo?(pradcliffe+bugzilla)
|
|
Assignee | |
Comment 9•9 years ago
|
||
zibi - any luck?
|
|
Assignee | |
Updated•9 years ago
|
Flags: needinfo?(gandalf)
|
|
Assignee | |
Comment 10•9 years ago
|
||
Haven't heard back, please re-open bug for further assistance.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
|
|
Reporter | |
Comment 11•9 years ago
|
||
Hi Vinh, sorry for the delay, I was not able to test the suggested solution over last week.
I managed to do this today and it seems to work, thank you!
One question - based on my very naive reading, it seems that ECDSA is recommended over RSA by most sources I could find. What is the reason Mozilla decided not to support it?
Flags: needinfo?(gandalf) → needinfo?(vhua)
|
|
||
Comment 12•9 years ago
|
||
Not all Mozilla infrastructure is running new enough versions of openssh to allow ECDSA to work everywhere. Until all parts are upgraded the situation of ECDSA keys working in some places and not others would produce a significant support issue.
Flags: needinfo?(vhua)
You need to log in
before you can comment on or make changes to this bug.
Description
•