[python-committers] PSA: replace your DSA keys for SSH

Thu Oct 8 19:38:06 CEST 2015

On 10/8/2015 1:20 PM, Brett Cannon wrote:
> I personally know Terry's key has not been installed yet. You will
> always get a reply email from whomever installs your new key that it was
> done and that you should test it.

Ignore the one I sent 12 hours ago: it was still DSA though with more 
bits.  I just sent new RSA 4096 bits, and rechecked that *is* RSA.

> This manual key management is yet another reason why we are going to get
> a new development process /somehow/ in 2016.

After thinking about it, I realized that auto accepting any key sent by 
just anyone is not a good idea either.  To you, my email address is my id.

Fortunately, next release is at least 2 weeks off.

> On Thu, 8 Oct 2015 at 10:19 Tim Peters <tim.peters at gmail.com
> <mailto:tim.peters at gmail.com>> wrote:
>
>     [Terry Reedy <tjreedy at udel.edu <mailto:tjreedy at udel.edu>>, on SSH keys]
>      > I sent a new one about 11 hours ago.  I am still getting
>      > Putty Fatal Error
>      > Disconnected: No supported authentication methods available
>      > (server sent: publickey)
>      >
>      > Is anyone tending the mail box, or do I have to do something else?
>
>     My new one got installed about 11 hours ago, so someone is watching
>     sometimes ;-)
>
>     Alas, SSH-related error messages are atrocious.  Two things to check
>     on your end:
>
>     1. Make sure Pageant has loaded your new key.

It had, and said DSA...

>     2. Make sure your `ssh` alias (probably set in your Mecurial.ini) also
>         specifies your new key file.

>     For #2, here's what's in my Merurial.ini now:
>
>     ssh = "C:\Program Files\TortoiseHg\lib\TortoisePlink.exe" -ssh -2 -C
>     -i C:\Code\.ssh\newkey.ppk

Since I overwrote the old key file, the hg setting should be the same.

-
Terry