Re: [darcs-users] Couldn't fetch when cloning a repository

2021-10-14 Thread Simon Michael 
Hi Alexis, Gian Piero.  I currently don't check the mail list too often, so 
thanks for cc-ing me. I am starting to add more #darcs chat links to darcs hub 
docs, since that is where I'm most responsive for darcs hub issues.

Today I have rewritten 
https://hub.darcs.net/#what-is-the-special-ssh-config-i-need-for-darcs-hub 
 . 
Any testing of these instructions is welcome, on old and new ssh versions.

Best
-Simon



> On Oct 11, 2021, at 10:00 PM, Alexis Praga  wrote:
> 
> 
> Hi Gian Piero,
> 
> Here's what worked for me in ~/.ssh/config on Archlinux:
>> Host hub.darcs.net
>>   Ciphers +aes256-cbc
>>   PubkeyAcceptedKeyTypes +ssh-rsa
>>   HostKeyAlgorithms=+ssh-rsa
> 
> 
> 
> Gian Piero Carrubba  writes:
> 
>> * [Wed, Oct 06, 2021 at 02:46:15PM +0200] Alexis Praga:
>>> 
>>> More testing: this happens with Archlinux (latest), and not on FreeBSD
>>> 13.0.
>>> I can push/pull fine to my SSH server.
>> 
>> (replying to all in order to reach Simon, too).
>> 
>> Latest releases of openssh (not yet in FreeBSD, but already in Arch I 
>> guess) disable ssh-rsa signatures. IIRC, there should be a way to 
>> re-enable them in the config, but a cursory search found nothing, so 
>> maybe I'm remembering poorly.
>> The best way forward would be updating all the involved keys, but - 
>> again IIRC - darcs hub uses an Haskell implementation of the ssh server, 
>> so it could be not so straightforward.
>> 
>> Ciao,
>> Gian Piero.
>> 
>> PS: anyway, while at it could it be possible to also implement support 
>> for ed25519 keys?.
> 
> -- 
> Alexis Praga

___
darcs-users mailing list
darcs-users@osuosl.org
https://lists.osuosl.org/mailman/listinfo/darcs-users

Re: [darcs-users] Couldn't fetch when cloning a repository

2021-10-14 Thread Simon Michael 

> On Oct 11, 2021, at 8:37 AM, Gian Piero Carrubba  wrote:
> The best way forward would be updating all the involved keys, but - again 
> IIRC - darcs hub uses an Haskell implementation of the ssh server, so it 
> could be not so straightforward.
> 
> Ciao,
> Gian Piero.
> 
> PS: anyway, while at it could it be possible to also implement support for 
> ed25519 keys?.

Right, it's not straightforward. It needs someone(s) to modernise the Haskell 
ssh lib (see related links at 
https://hub.darcs.net/#what-is-the-special-ssh-config-i-need-for-darcs-hub 
). 

Would me switching darcs hub to use the system openssh server, suitably locked 
down, be an alternative ? IIRC, I think not; the haskell ssh server allows the 
necessary tight integration with darcs hub's users and repos. (Aside from the 
resources required to switch.)___
darcs-users mailing list
darcs-users@osuosl.org
https://lists.osuosl.org/mailman/listinfo/darcs-users

Re: [darcs-users] Couldn't fetch when cloning a repository

2021-10-14 Thread Karl O. Pinc 
On Thu, 14 Oct 2021 09:40:26 -1000
Simon Michael  wrote:

> Today I have rewritten
> https://hub.darcs.net/#what-is-the-special-ssh-config-i-need-for-darcs-hub
> 
> . Any testing of these instructions is welcome, on old and new ssh
> versions.

FYI.  The OpenSSH 8.8 release has some changes listed
in the release email for OpenBSD 7.0 that may be relevant.
If not now, then in the future.

 - OpenSSH 8.8

o Potentially incompatible changes
   - A near-future release of OpenSSH will switch scp(1) from
 using the legacy scp/rcp protocol to using SFTP by default.
   - This release disables RSA signatures using the SHA-1 hash
 algorithm by default.
   

I also seem to recall some announcement that said that RSA keys
smaller than 1024 can no longer be used.  But I can't verify this
because I can't find the announcement.

See also: https://www.openssh.com/txt/release-8.8

Regards,

Karl 
Free Software:  "You don't pay back, you pay forward."
 -- Robert A. Heinlein
___
darcs-users mailing list
darcs-users@osuosl.org
https://lists.osuosl.org/mailman/listinfo/darcs-users

Re: [darcs-users] Couldn't fetch when cloning a repository

2021-10-14 Thread Simon Michael 

On 10/14/21 10:09 AM, Karl O. Pinc wrote:
> 

Thanks Karl. I'm hoping the config provided works around this.

___
darcs-users mailing list
darcs-users@osuosl.org
https://lists.osuosl.org/mailman/listinfo/darcs-users

Re: [darcs-users] Couldn't fetch when cloning a repository

2021-10-14 Thread Simon Michael 



> On Oct 14, 2021, at 10:09 AM, Karl O. Pinc  wrote:
> 
> FYI.  The OpenSSH 8.8 release has some changes listed
> in the release email for OpenBSD 7.0 that may be relevant.

Thanks Karl. I'm hoping the published config works around this, no matter what 
openssh release one has.

___
darcs-users mailing list
darcs-users@osuosl.org
https://lists.osuosl.org/mailman/listinfo/darcs-users

Re: [darcs-users] Couldn't fetch when cloning a repository

2021-10-14 Thread Ganesh Sittampalam 

On 14/10/2021 20:54, Simon Michael wrote:
Would me switching darcs hub to use the system openssh server, 
suitably locked down, be an alternative ? IIRC, I think not; the 
haskell ssh server allows the necessary tight integration with darcs 
hub's users and repos. (Aside from the resources required to switch.)


The biggest difficulty with running the system server is that you 
wouldn't want one system account per darcshub account.


The solution used by others, which I hadn't appreciated until recently, 
is to use a single username but then dispatch to the right user based on 
the public key used - e.g. every GitHub user is sshing to g...@github.com.


I think we should definitely do that if we have the resources (but I'm 
not volunteering right now). The current situation is a disaster.


Cheers,

Ganesh

___
darcs-users mailing list
darcs-users@osuosl.org
https://lists.osuosl.org/mailman/listinfo/darcs-users