It would be great if devs could use ecdsa keys to access the various machines already available via rsa/dsa keys.
After this upstream bug is resolved by the release of OpenSSH 5.9, then yes: https://bugzilla.mindrot.org/show_bug.cgi?id=1912 https://bugzilla.mindrot.org/show_bug.cgi?id=1858
-LDAP accepts ecdsa, ssh works with ecdsa on LDAP hosts. -Non infra folk have successfully used ecdsa for cvs (just cvs up, cvs ci not tested yet). -Infra folk have successfully used ecdsa for cvs (just cvs up, cvs ci not tested yet). -ecdsa does not work for gitolite on flycatcher or pelican (ssh darkside@ works, ssh git@ fails) 11:12 <@idl0r> darkside_: hm, ok.. the module we use for gitolite-gentoo does *not* support ecdsa atm * All infra machines need to enable the ecdsa host key * Need to figure out the gitolite issue
(In reply to comment #2) > -LDAP accepts ecdsa, ssh works with ecdsa on LDAP hosts. > -Non infra folk have successfully used ecdsa for cvs (just cvs up, cvs ci not > tested yet). > -Infra folk have successfully used ecdsa for cvs (just cvs up, cvs ci not > tested yet). > -ecdsa does not work for gitolite on flycatcher or pelican (ssh darkside@ > works, ssh git@ fails) > > 11:12 <@idl0r> darkside_: hm, ok.. the module we use for gitolite-gentoo does > *not* support ecdsa atm > > * All infra machines need to enable the ecdsa host key > * Need to figure out the gitolite issue Everything works now. Christian fixed gitlite and I enabled ECDSA on infra machines since the issues in Comment #1 don't apply to *us* 1912 is a ssh client issue (ssh-keysign) 1858 is a HostKeyAuth issue (default off, we don't use) I guess this bug can be closed, if no one else disagrees?
(In reply to comment #3) > I guess this bug can be closed, if no one else disagrees? No additional comments