FS#45963 - [openssh] 7.0 seems to break connectivity with AUR4
Attached to Project:
Arch Linux
Opened by Frederic Bezies (fredbezies) - Wednesday, 12 August 2015, 08:56 GMT
Last edited by Gaetan Bisson (vesath) - Friday, 14 August 2015, 05:11 GMT
Opened by Frederic Bezies (fredbezies) - Wednesday, 12 August 2015, 08:56 GMT
Last edited by Gaetan Bisson (vesath) - Friday, 14 August 2015, 05:11 GMT
|
Details
Description: I faced a bug using OpenSS 7.0 this morning.
When I tried to clone an AUR port that I'm maintaining, I
got an error telling me that git repository was read
only.
I had to downgrade to OpenSSH using Archlinux Rollback Machine to version 6.9p1-2. And I had to generate another key to sign my AUR packages. Steps to reproduce: Just upgrade to OpenSSH 7.0 and try to grab an AUR package using git clone. You'll get an error message telling you that the repository is read only and you do not have right to clone a package :( |
This task depends upon
Closed by Gaetan Bisson (vesath)
Friday, 14 August 2015, 05:11 GMT
Reason for closing: Upstream
Additional comments about closing: News announcement posted.
Friday, 14 August 2015, 05:11 GMT
Reason for closing: Upstream
Additional comments about closing: News announcement posted.
However openssh-7.0 deprecated a few moduli deemed vulnerable. The issue is certainly that your key uses one of them. Please generate a new SSH key, upload it to the AUR, and everything should be back to normal. I suggest using `ssh-keygen -t ed25519` to generate a modern, high-security key.
vesath, since this update has the possibility of people losing access to their machines, would a news announcement before moving to Core be appropriate? Losing access to the AUR is one thing, but if you rely on ssh to access a remote machine...
* Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled
by default at run-time. These may be re-enabled using the
instructions at http://www.openssh.com/legacy.html