On August 27, 2015 at 4:37:21 PM, Georg Brandl (g.brandl@gmx.net) wrote:
Hi all,
newer OpenSSH versions (7.0+) default to not allowing ssh-dss keys for public key authentication. If you experience "permission denied" errors, this (currently) comes from the client side only and hg.python.org will accept these keys if you enable them using the PubkeyAcceptedKeyTypes option in your SSH config file.
Of course ssh-dss is being phased out for a reason; we'd like to invite everybody who has only DSA keys submitted for hg.python.org access to send an RSA (min. 1024 bits) or ED25519 key to hgaccounts@python.org.
Can we bump up the minimum on RSA keys? 1024 isn’t really enough anymore, ideally they’d be at least 4096 but 2048 is also OK.
Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA