Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by David Fifield@dcf

Gitian: Debian host needs non-dss ssh key

I'm trying to build Tor Browser on a Debian stretch host. It prompts for an SSH password at on-target in make-vms.sh here:

    stop-target $bits $dist
    start-target $bits $dist-$arch &
    for i in 1 2 3
    do      
      sleep 2
      on-target /bin/true && break
    done

Debugging on-target using a verbose SSH connection, I see that the problem is the format of the key:

debug1: Skipping ssh-dss key ./var/id_dsa - not in PubkeyAcceptedKeyTypes
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Next authentication method: password
debian@localhost's password:

I'm guessing it's because of the disabling of ssh-dss keys: http://www.openssh.com/legacy.html.

I worked around it by changing the key type to ecdsa in make-base-vm:

-  ssh-keygen -t dsa -f var/id_dsa -N ""
+  ssh-keygen -t ecdsa -f var/id_dsa -N ""
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information