Gitian: Debian host needs non-dss ssh key
I'm trying to build Tor Browser on a Debian stretch host. It prompts for an SSH password at on-target in make-vms.sh here:
stop-target $bits $dist
start-target $bits $dist-$arch &
for i in 1 2 3
do
sleep 2
on-target /bin/true && break
done
Debugging on-target using a verbose SSH connection, I see that the problem is the format of the key:
debug1: Skipping ssh-dss key ./var/id_dsa - not in PubkeyAcceptedKeyTypes
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Next authentication method: password
debian@localhost's password:
I'm guessing it's because of the disabling of ssh-dss keys: http://www.openssh.com/legacy.html.
I worked around it by changing the key type to ecdsa in make-base-vm:
- ssh-keygen -t dsa -f var/id_dsa -N ""
+ ssh-keygen -t ecdsa -f var/id_dsa -N ""