DSA ssh keys also deprecated in OSX Sierra

Tags: python, djangocon, apple

I’ve been using an ssh key for a long time. Back in the days when RSA keys were mostly commercial/proprietary and when DSA keys where the recommended method.

When ubuntu 16.04 came out, I suddenly couldn’t use my key anymore as ubuntu (or perhaps rather its updated ssh server) didn’t accept DSA keys anymore. They’re apparently not save enough anymore.

I worked around it by adding a setting on the server, telling it to accept my DSA key.

When the latest Apple OS update (Sierra) came out, I suddenly couldn’t log in anywhere. Also git pull to github (I’m using ssh) stopped working. I found the cause by passing -vvvv to ssh:

debug1: Next authentication method: publickey
debug1: Trying private key: /Users/reinout/.ssh/id_rsa
debug3: no such identity: /Users/reinout/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /Users/reinout/.ssh/id_ecdsa
debug3: no such identity: /Users/reinout/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /Users/reinout/.ssh/id_ed25519
debug3: no such identity: /Users/reinout/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

Oh…. Sierra’s ssh client also doens’t like DSA anymore. Ok… time to create a new key :-)

… which I did about 6 weeks ago. With a nice, long passphrase. And 2 weeks ago I had to create a new one as I couldn’t for the life of me remember the exact passphrase. I’ve rarely felt so stupid :-) A passprase can have many almost-right variants:

I'll take the train to django under the hood
I'll take the train to django under the hood.
I'll take the train to Django under the Hood
I'll take the train to Django under the Hood.
I will take the train to django under the hood
I will take the train to django under the hood.
I will take the train to Django under the Hood
I will take the train to Django under the Hood.
I'm taking the train to Django under the Hood.
I'm taking the train to Django under the Hood
I'm taking the train to Django Under The Hood.
I'll go by train to Django Under The Hood.
etc...
etc...

Well, everything works again :-)

 
vanrees.org logo

Reinout van Rees

My name is Reinout van Rees and I program in Python, I live in the Netherlands, I cycle recumbent bikes and I have a model railway.

Weblog feeds

Most of my website content is in my weblog. You can keep up to date by subscribing to the automatic feeds (for instance with Google reader):