[tbb-bugs] #18786 [Tor Browser]: Gitian: Debian host needs non-dss ssh key
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Apr 11 01:35:14 UTC 2016
#18786: Gitian: Debian host needs non-dss ssh key
-----------------------------+----------------------
Reporter: dcf | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-----------------------------+----------------------
I'm trying to build Tor Browser on a Debian stretch host. It prompts for
an SSH password at on-target in make-vms.sh here:
{{{
stop-target $bits $dist
start-target $bits $dist-$arch &
for i in 1 2 3
do
sleep 2
on-target /bin/true && break
done
}}}
Debugging on-target using a verbose SSH connection, I see that the problem
is the format of the key:
{{{
debug1: Skipping ssh-dss key ./var/id_dsa - not in PubkeyAcceptedKeyTypes
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Next authentication method: password
debian at localhost's password:
}}}
I'm guessing it's because of the disabling of ssh-dss keys:
http://www.openssh.com/legacy.html.
I worked around it by changing the key type to ecdsa in make-base-vm:
{{{
- ssh-keygen -t dsa -f var/id_dsa -N ""
+ ssh-keygen -t ecdsa -f var/id_dsa -N ""
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18786>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list