Wednesday, 2022-01-05

« Tuesday, 2022-01-04 Index Thursday, 2022-01-06 »
*** rlandy|ruck is now known as rlandy|out01:07
*** ysandeep is now known as ysandeep|lunch07:26
opendevreviewchzhang8 proposed openstack/openstack-zuul-jobs master: fix trio2o dsvm funcional exception  https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/82348208:03
*** bhagyashris_ is now known as bhagyashris08:26
*** ysandeep|lunch is now known as ysandeep08:53
*** dviroel|out is now known as dviroel|rover11:12
*** rlandy|out is now known as rlandy|ruck11:13
*** dansmith is now known as Guest1035111:26
*** jcapitao is now known as jcapitao_lunch11:59
*** ysandeep is now known as ysandeep|mtg12:22
*** ysandeep|mtg is now known as ysandeep12:50
*** bhagyashris_ is now known as bhagyashris13:19
*** jcapitao_lunch is now known as jcapitao13:20
rpittaucoreycb: hi! I talked to fungi yesterday and he pointed me to you to get some info on the current status of the python3.10 package for ubuntu focal that is needed for https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/821863 :)13:57
coreycbrpittau: ah great to see that review. I'm not seeing doko online in #ubuntu-devel (libera.chat) but I have a daily reminder to check with him about it.13:59
rpittaucoreycb: thanks! I will join that channel too :)14:00
coreycbhe was planning to do it after 3.10.1 was available, and it is available in ubuntu jammy now so I'd expect it to be available soon in focal.14:00
rpittaugreat! that would be helpful to catch some changes in advance in py3.1014:01
coreycbabsolutely, thanks for the help14:01
rpittaumy pleasure :)14:02
fungithanks for the update, coreycb!14:10
*** ysandeep is now known as ysandeep|out15:42
*** dviroel|rover is now known as dviroel|rover|lunch16:03
*** Guest10351 is now known as dansmith16:46
*** dviroel|rover|lunch is now known as dviroel|rover\16:47
*** dviroel|rover\ is now known as dviroel|rover16:49
*** rlandy|ruck is now known as rlandy|ruck|lunch17:09
*** rlandy|ruck|lunch is now known as rlandy|ruck17:35
*** akahat|ruck is now known as akahat|out17:35
*** jcapitao is now known as jcapitao_off17:44
*** dviroel|rover is now known as dviroel|rover|afk19:00
sean-k-mooneyo/19:50
sean-k-mooneyis gerrit broken or under mantaince19:50
sean-k-mooneyif i do ssh sean-k-mooney@review.opendev.org -p 2941819:50
sean-k-mooneyi get "sean-k-mooney@review.opendev.org: Permission denied (publickey)"19:51
sean-k-mooneybut i have not change my key and the public key matches the one in the ui19:51
sean-k-mooneyi can also use that key to ssh into server at home19:51
sean-k-mooneyhave the key requirements changed recently or something?19:52
fungisean-k-mooney: have you maybe upgraded your machine?19:53
fungirecent fedora stopped working for rsa keys when connecting to gerrit19:53
sean-k-mooneyyes...19:54
sean-k-mooneyi installed nixos 19:54
fungiif you switch to elliptic curve keys that's probably the easiest solution, but there are a few other options19:54
sean-k-mooneyhum19:54
sean-k-mooneyya i could change the key i proably shoudl roate them form time to time19:54
fungiopenssh 8.8 also no longer works with rsa keys for connecting to gerrit, so it could be that19:54
sean-k-mooneyperhaps it was breaking git review so i tried sshign and got the same issue19:55
sean-k-mooneyit is an rsa key19:55
sean-k-mooneyso that is likely the issue19:55
fungithe long answer is that the sshd gerrit embeds doesn't do hash negotiation for exchanging host keys, and the default is ssh-rsa which uses sha-1 and is no longer accepted by default in openssh 8.819:56
sean-k-mooneyyep19:56
sean-k-mooneyi rememebr the issue19:56
sean-k-mooneyi help other fix it when fedora made the change19:56
fungigerrit's sshd does support sha-2/256 and sha-2/512 instead, but openssh doesn't bother trying them if there's no host key negotiation support in the sshd19:56
sean-k-mooneyi just didnt upgrade fedora and forgot about it19:56
sean-k-mooneyya i can reinable it in my ssh config if i want19:57
sean-k-mooneythe main issue is have my home server set to only allow ssh with keys so beofre i replace my key i shoudl make sure to add the new one first19:57
fungiyep, that'll work too and is quicker, but it's a regression in security posture so we're not in the business of suggesting it to people ;)19:58
sean-k-mooneywell it depends on the key chper you use19:58
sean-k-mooneybut ya19:58
fungiright, i think you may be able to force it on a host-by-host basis in ~/.ssh/config to use rsa-sha2-51219:59
sean-k-mooneyif you dont use the nist curve eliptic curves are not too bad19:59
sean-k-mooneyoh you ment enabling it in the config20:00
sean-k-mooneyya i think you can do it for just one host20:00
fungirsa-sha2-512 is plenty strong with a 3072 or 4096 bit rsa key, in my professional opinion20:00
fungieven rsa-sha2-256 should be fine20:01
fungisee the HostbasedAcceptedAlgorithms section in the ssh_config manpage if you want to override it like that20:02
fungior actually it may be HostKeyAlgorithms20:03
fungithough i don't even recall if that works when the sshd lacks negotiation for it20:04
fungii know ssh-rsa is a hard-coded fallback in the openssh client anyway20:04
fungiunfortunately20:04
fungikeeping it as the fallback even after deprecation seems wrong to me, but whatever20:04
sean-k-mooneyfungi: actully im not sure if you are on #openstack-qa20:08
sean-k-mooneysetuptools need to be bumped to 60.3.020:09
sean-k-mooneythey broke get-pip20:09
sean-k-mooneyso i would expect the devstack jobs to start exploding soon20:09
fungiyeah, i'm in #openstack-qa but don't usually follow it unless someone mentions me20:09
sean-k-mooneyi was working on a patch to upper constaitns to resolve it20:10
sean-k-mooneyonce i fi my key issue20:11
fungiyep, i caught up in there, thanks20:11
*** timburke__ is now known as timburke20:58
« Tuesday, 2022-01-04 Index Thursday, 2022-01-06 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!