Comments on: Dear Lazyweb: Why don’t public ssh repository sites like me?

By: Elijah

Elijah — Wed, 24 Sep 2008 20:49:00 +0000

Thanks everyone for the suggestions. My dsa key was generated on rhel4 (yeah, yeah, I don’t like it either–corporate redtape prevents an upgrade to something recent), so not affected by the debian/ubuntu openssh debacle.

Jakub: Yeah, I suspect I just emailed Petr when he was gone on vacation. Probably just bad timing on my part. I should have sent another email, but anyway, Adam G has solved the issue for me.

By: Jakub Narebski

Jakub Narebski — Wed, 24 Sep 2008 17:19:14 +0000

First, I had no problems with repo.or.cz, and author and maintainer (Petr Baudis) is usually responsive. I can push to repo.or.cz without problems; alternatively you can set repository on repo.or.cz to mirror your repository instead, by polling periodically (but I haven’t used this setup personally).

I used ssh-keygen to generate key, copied to ~/.ssh, pasted public key on repo.or.cz (the *.pub file; I don’t know, perhaps now it can be simply uploaded). Then I use ssh-add to add a key (using absolute pathname), enter passphrase, check that key is in the ring using “ssh-add -l”… and “gut push repo” works. BTW. I have keychain installed and in .profile, and it starts ssh-agent for me…

By: Adam G

Adam G — Wed, 24 Sep 2008 15:48:20 +0000

You need to ssh to git@gitorious.org, not @gitorious.org

By: bkor

bkor — Wed, 24 Sep 2008 14:44:17 +0000

Remi and ajax:

debug1: Offering public key: /home/newren/.ssh/gitorious

it already is configured.

By: Andy Wingo

Andy Wingo — Wed, 24 Sep 2008 14:35:43 +0000

You’ve probably checked, but perhaps those keys are DSA keys — many servers silently reject DSA keys these days, as they are less secure than RSA, compounded with the Debian OpenSSH debacle.

By: smcv

smcv — Wed, 24 Sep 2008 14:11:31 +0000

Some sites (notably Debian and freedesktop.org) don’t accept DSA keys, because of the Debian OpenSSL PRNG vulnerability (an RSA key is vulnerable if it was *generated* on a vulnerable system, which can be detected; a DSA key is vulnerable if it was ever *used* on a vulnerable system, which can’t).

By: ajax

ajax — Wed, 24 Sep 2008 13:58:50 +0000

Since your gitorious key pair is apparently not your normal key pair, you need to add the private key to an IdentityFile line in ~/.ssh/config, otherwise ssh won’t know to look at it. See ‘man ssh_config’ for details.

By: Jani Monoses

Jani Monoses — Wed, 24 Sep 2008 13:45:58 +0000

Maybe your homedir permissions on gitorious are not 0755 ?

By: Michael Banck

Michael Banck — Wed, 24 Sep 2008 13:05:57 +0000

Maybe their sshd does not accept DSA keys anymore (since the Debian openssl debacle), while their frontend still happily accepts them.

It is recommended to use RSA keys these days anyways (although a lot of default code/command snippets still use id_dsa etc. as examples)

By: Rémi Cardona

Rémi Cardona — Wed, 24 Sep 2008 13:04:07 +0000

You might want to do “ssh-add ~/.ssh/gitorious” (you’ll need ssh-agent running) before your first pull/push to gitorious.

That should help