Hello Kaz, Kaz Kylheku wrote: > SSH access to update web pages suddenly stopped working.
Oh no! And just when I thought everything was going so well too. Thank you very much for reporting that you are seeing problems. The CVS server for web pages has been upgraded as of yesterday. Just by way of being able to talk about it the system name is vcs1. I have been testing access and this works for me. I also had reports from other users soon after the upgrade and they reported it was working okay for them too. So things are not completely dead. :-) Can you give some more details about what is not working? Run ssh with the -v option. If you get the diagnostic shown here: ssh cvs.savannah.gnu.org ... You tried to execute: Sorry, you are not allowed to execute that command. That means it is working for you. Security restricts what commands can be run and login attempts will be denied. But the attempt is a good way to debug. If the above is seen then things are working. If not then run with the -v option to show more details about the connection. ssh -v cvs.savannah.gnu.org Save that text off and mail it to savannah-hackers-private AT gnu.org where we will be able to diagnose the problem. I suggest the "private" list since there may be both security and perhaps privacy implications. > Has SSH been upgraded on Savannah, and doesn't want to accept DSA2 or RSA > keys any more? Keys have always been required to be RSA keys. DSA keys may have worked at one time but have always been cautioned against using. > I tried registering an ECDSA key just now, Until recently the Savannah systems were too old to support ECDSA but I am very happy to say that with the upgrades that are happening I think they might be okay to use now. *HOWEVER* I haven't had any testing for ECDSA in the test matrix. So I don't know. I'll give that a run through and see if that will be a supportable option now. Definitely if you clear your host key and ssh receives it again the ssh client default now is to store the ECDSA host key instead of the RSA host key. Note that there are now three systems that use ssh keys and they are not all at the same ssh version level. All are under security support however. But due to life and time keeping everything from happening all at once. > but it seems I'm banned from connecting now. If someone fails ssh more than six times in one minute then they are banned for ten minutes. That prevents a lot of log noise and cpu usage from abuse from the Internet. Wait ten minutes and the ban will be reset and you will be able to log in again. Bob
