I need you to add new dsa pubkey so I can access my devbox, my notebook is on repair, I'm working just with the Windows box at work. add this pubkey ===>8=== ssh-dss AAAAB3NzaC1kc3MAAAEBAK58HMvi5YavWo/das6MfadoehdnqT4em5WRI+nMP8p5ZCFxhhwnu5lGZ2iNiwaF4UMhzNI85UNpvfBFYOUQxdyF7qPyOVkBHO6Q0bWAy3Ifhn/hrXdhSgdfTakxeiNBmWKtfOWmIUeb8o1AbZYVJPU+3Wrgy3VYYDuXUtlJELok0SzsyKeOShlFYv/5btiHBhwMt9UoSYRyPNWLZDPXVxVtW/gpzCIGUbNF3palQOln8CIyUFN92tVFdtNSlioxeq8BHs3XxNvPaYkezaEEGXn0Br9hgi1shHmDwR+DUe2UrBiitgYkhKLBHO/GzyNFF6h4KdCYOH9EjEoui6FOOmsAAAAVAMbxZy6LvIn51pEy7q7HFf4uCW+TAAABAC9QCTWVXsi6xm1a5X38ePuHnhX0849qGzU+IlAfEjgL1AcHJ0906n8qMxJTut+oXtpO0n1THBipYkSeuMFbpoaq9sfAhvMXPoJncdjjTBBvnpeFJt+kAq9mnc/eW2xKDsv8HWtjaaprq2umlCZC+dGj0tuxFSKTc18gJGvhOC9AnL+A8cMIasZWgA4lczbFNyLfkXl6iwsTeV2tGT8ATVZSQrBIK+XVmKffLO8ISxlmeelkLciqAU1GguEpW7zWMQkt51q6xSlhnDuGHYUg+eOm/wVlFgzblmWdtYpv1ivs8fgPYdogBEZg6EUDaBkPm+ba+jS5ItDLSUCAu9N9gbIAAAEAHOD0P6rGLSJffaOKslUd6NgbaBwzKfJ/O8aH7i/DkOhr2A/H9+iQPAqceGFgg0ndiyu0IcmQCl6hBV/JaoGeKI/f3tm6eM/geOnWYyzxOtp9st+lQQsVLHzqsrATQkUx7qRwbA0tFRGxwSZmPI9LyzqEk9yVwwqnG8zc2f5M4D3ipMQ2l/07rZvuup9LKjTXz5No4bE1iPVR0JD4zp7C9uqh/vxI+wY9q6tDfUtGoPA3TgEzJ7DAg0ojxBjTXi9LCKiOsf0fioEYQQHBYTbldqM+aCYLVmd/UBm40mXN6+2qqF+dIE9PQIaYoSJZ673W3bB0RJNde07AVI5lVcfUKw== enderson@windows ===*<=== Reproducible: Always Steps to Reproduce:
re-submit the key signed by your gpg key (0x8B36AE49) please
:( Impossible! My GPG key is on my notebook, is there another way ?
No. We need to authenticate you and we can't do that without a signed message or confirmation that you are who you say you are from devrel and/or your mentor.
I sent this to -core twice.. First on 8/19 and then on 9/12. Now I will post it here because you obviously missed it the first two times: ---------- Forwarded Message ---------- Subject: [gentoo-core] SSH and GPG Key reminders.. Date: Friday 19 August 2005 01:20 pm From: Corey Shields <cshields@gentoo.org> To: gentoo-core@lists.gentoo.org Couple of reminders about your ssh and gpg keys: - Passwordless ssh keys for getting into Gentoo infrastructure is a bad practice. It becomes a security liability if the box you have your key on ever becomes compromised. Please keep a passphrase on your key. - It may be a good idea to keep a copy of your private ssh key in a secure location, if you have a secure location you can keep it in. - If you happen to lose your private key, e-mail infrastructure@gentoo.org with a note -that is signed with your gpg key- to start a recovery procedure. This should ring a bell that if you do not have a backup of your gpg keyring somewhere and you lose both at once, you could become screwed. - As for gpg keys, everyone should have a paper copy of their revocation key on file in a secure location somewhere. If your private gpg key is ever lost or compromised, you can then use the revocation certificate to mark that key as invalid on the keyservers. Otherwise, "no expiration" keys will remain marked as valid forever in the ether. Cheers! -C -- Corey Shields Gentoo Linux Infrastructure Team Gentoo Foundation Board of Trustees http://www.gentoo.org/~cshields
Corey: Do you remember if we have this documented on our site somewhere for our developers? New folks wouldn't have gotten this email (since we dont' have archives). Anyways, if we dont' have it documented, we need to get with devrel and *make sure* we have it documented on our project page or on theirs. I'm guessing this is more of an issue where we need this on our page. :-)
So let's wait for my notebook get back.
Ok. will close the bug