[tbb-bugs] #18786 [Tor Browser]: Gitian: Debian host needs non-dss ssh key

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 11 01:35:14 UTC 2016

#18786: Gitian: Debian host needs non-dss ssh key
     Reporter:  dcf          |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  Medium       |  Milestone:
    Component:  Tor Browser  |    Version:
     Severity:  Normal       |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |   Reviewer:
      Sponsor:               |
 I'm trying to build Tor Browser on a Debian stretch host. It prompts for
 an SSH password at on-target in make-vms.sh here:
     stop-target $bits $dist
     start-target $bits $dist-$arch &
     for i in 1 2 3
       sleep 2
       on-target /bin/true && break
 Debugging on-target using a verbose SSH connection, I see that the problem
 is the format of the key:
 debug1: Skipping ssh-dss key ./var/id_dsa - not in PubkeyAcceptedKeyTypes
 debug1: SSH2_MSG_SERVICE_ACCEPT received
 debug1: Authentications that can continue: publickey,password
 debug1: Next authentication method: publickey
 debug1: Next authentication method: password
 debian at localhost's password:

 I'm guessing it's because of the disabling of ssh-dss keys:

 I worked around it by changing the key type to ecdsa in make-base-vm:
 -  ssh-keygen -t dsa -f var/id_dsa -N ""
 +  ssh-keygen -t ecdsa -f var/id_dsa -N ""

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18786>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list