[OpenAFS-devel] Gerrit: PubkeyAcceptedAlgorithms

Michael Laß lass@mail.upb.de
Sat, 02 Apr 2022 13:41:17 +0200 

Hi Jeffrey,

you're right! I figured out the necessity for HostKeyAlgorithms due to
SSH's error message but afterwards all I got was "Permission denied".
Running ssh with -vvv reveals the issue:

  send_pubkey_test: no mutual signature algorithm

Indeed I still use an RSA key. Connecting to current SSH servers works
flawlessly because SSH will use rsa-sha2-256 or rsa-sha2-512 for
authentication. However, Gerrit does not support these modes:
https://bugs.chromium.org/p/gerrit/issues/detail?id=13930

I will propose a change to
https://wiki.openafs.org/devel/GitDevelopers/ to reflect this issue.
Currently that page explicitly suggest to generate an RSA key.

Best regards,
Michael

Am Mittwoch, dem 30.03.2022 um 22:05 -0400 schrieb Jeffrey E Altman:
> On 3/30/2022 6:24 PM, Michael Laß (lass@mail.upb.de) wrote:
> > for some reason I cannot push changes to Gerrit anymore and posting git
> > patches to the mailing list does not work either. I've spent too much
> > time on this already.
> 
> The problem might be that a newer version of ssh on your workstation no
> longer enables (by default) the ssh-rsa key you have registered with Gerrit.
> 
> You can try registering a ssh-ed25519 key with Gerrit or modify your
> ~/.ssh/config file to include
> 
>   Host gerrit.openafs.org
>         HostKeyAlgorithms=+ssh-rsa
>         PubkeyAcceptedAlgorithms=+ssh-rsa
> 
> Good luck.
> 
> Jeffrey Altman
>