[Pkg-ganeti-devel] Bug#853129: ganeti: Ganeti depends on SSH-DSS public keys to work
Georg Faerber
georg at riseup.net
Mon Jan 30 01:14:55 UTC 2017
Hi Apollon,
On 17-01-30 01:34:38, Martin Weinelt wrote:
> ganeti heavily depends on SSH-DSS keypairs for operations between
> cluster nodes, with OpenSSH 7.0 said keys have been deprecated.
>
> Please add a remark that SSH-DSS needs to be reallowed if ganeti is
> supposed to work.
>
> In /etc/ssh/ssh_config
> Add PubkeyAcceptedKeyTypes +ssh-dss
>
> In /etc/ssh/sshd_config
> Add PubkeyAcceptedKeyTypes +ssh-dss
Do you think it would be possible to cherry-pick the changes, [1] and
the following commits, some of them at least, which were made against
the 2.16 branch, into the Debian package? It would be great to have this
fixed for stretch, but I'm unsure if changing that much is acceptable
given the late point in the freeze.
I didn't checked if these commits apply cleanly against the current
source, but maybe this could serve as a starting point.
Thanks for your work,
Georg
[1] http://git.ganeti.org/?p=ganeti.git;a=commit;h=87416ca571d38e72394ac37d5e8aa82cb7d559c8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ganeti-devel/attachments/20170130/77499212/attachment.sig>
More information about the Pkg-ganeti-devel
mailing list