Hi,
On 17/08/2015 01:14, Stephen Houston wrote:
> Sorry can you provide a quick walk through of the steps to accomplish
> it?
> How to generate the new keys and commit and remove the old ones?
> Thanks. I
> could figure it out, but thought it might be helpful and get it done
> faster
> to give all the devs the steps to take.
Sure, here is it:
$ ssh-keygen -t ed25519 -b <256|384|512>
Then enter a strong passphrase, pwqgen random=64 is a great tool.
The public key will be present in ${HOME}/.ssh/id_ed25519.pub
Clone the git repo containing all the devs keys:
$ git clone git+ssh://g...@git.enlightenment.org/admin/devs.git
$ git rm devs/developers/${USER}/*
$ cp -a ${HOME}/.ssh/id_ed25519.pub
devs/developers/${USER}/id_ed25519.pub
$ git add devs/developers/${USER}/id_ed25519.pub
$ git commit -v -m "Drop all keys and switch to EdDSA"
devs/developers/${USER}
$ git push
And you should be good. You might need to wait a few minutes for this to
be fully synced.
If you are using old DSA of weak RSA keys on other servers, you should
deploy you new key to them as well.
$ find ${HOME}/.ssh -type f -name 'id_*' -exec shred --verbose --force
--zero --remove {} +
Cheers,
> On Aug 16, 2015 6:51 PM, "Bertrand Jacquin" <bertr...@jacquin.bzh>
> wrote:
>
>> Hi,
>>
>> On 16/08/2015 23:44, Massimo Maiurana wrote:
>> > Bertrand Jacquin ha scritto il 16/08/2015 alle 18:30:
>> >>
>> >> Until you update your key and drop your old deprecated keys from
>> >> admin/devs.git, you will receive the following notice when running
>> >> some
>> >> operation on git over SSH:
>> >
>> > I removed the old key and committed a brand new one, but as I keep
>> > getting the warning message I guess that for the change to become
>> > effective I'll have to wait until the AuthorizedKeysFile is synced with
>> > keys in admin/devs.git. Am I right?
>>
>> True, five minutes might be needed for the update to occurs.
>>
>> Cheers
>>
>> --
>> Bertrand
>>
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> enlightenment-devel mailing list
>> enlightenment-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
>>
> ------------------------------------------------------------------------------
> _______________________________________________
> enlightenment-devel mailing list
> enlightenment-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
--
Bertrand
------------------------------------------------------------------------------
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
