[python-committers] PSA: replace your DSA keys for SSH
Benjamin Peterson
benjamin at python.org
Fri Aug 28 05:30:19 CEST 2015
On Thu, Aug 27, 2015, at 16:36, Donald Stufft wrote:
> On August 27, 2015 at 4:37:21 PM, Georg Brandl (g.brandl at gmx.net) wrote:
> > Hi all,
> >
> > newer OpenSSH versions (7.0+) default to not allowing ssh-dss keys for
> > public key authentication. If you experience "permission denied" errors,
> > this (currently) comes from the client side only and hg.python.org will
> > accept these keys if you enable them using the PubkeyAcceptedKeyTypes
> > option in your SSH config file.
> >
> > Of course ssh-dss is being phased out for a reason; we'd like to invite
> > everybody who has only DSA keys submitted for hg.python.org access to
> > send an RSA (min. 1024 bits) or ED25519 key to hgaccounts at python.org.
> >
> >
>
> Can we bump up the minimum on RSA keys? 1024 isn’t really enough anymore,
> ideally they’d be at least 4096 but 2048 is also OK.
Even better: send a ed25519 key as documented in the devguide.
More information about the python-committers
mailing list