Parts related to SSH public key authentication that need some improvement

Bug #1380282 reported by Csipak Attila
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu Server Guide
Fix Released
Undecided
Ian Nicholson

Bug Description

I have a couple of remarks related to SSH public key authentication, which seem to be overlapping, so I won't open separate reports on these:

1. SSH keys chapter ( https://help.ubuntu.com/14.04/serverguide/openssh-server.html#openssh-keys ) instructs the reader to generate a key pair using DSA. Googled rsa vs. dsa, result generally recommended RSA for various reasons. While I'm no security expert, neither do I want a flamewar on this, I guess the server guide should also consistently recommend RSA over DSA.

2. Did I just write consistently? :-) That's because the current situation is not exactly consistent, see chapter about Gitolite config ( https://help.ubuntu.com/14.04/serverguide/git.html#git-configuring-gitolite ), which presumes you already generated an RSA key pair for authentication.

3. By the way: what if the reader skipped the SSH keys chapter entirely (not interested), and read forward to the git chapters, which presume that she already configured public key authentication, so there's a ~/.ssh/id_rsa.pub file in existence to be copied? There should be a sentence about prerequisites in the gitolite chapter, preferably with a link reference back to the SSH keys chapter.

4. The SSH keys chapter correctly describes how to configure SSH authentication and it also works if I primarily use the ssh CLI tool to log in to the server, which is great. But as I see, a big chunk of the world uses PuTTY for SSH connections, which, for some reason, won't be able to use the key pair generated by ssh-keygen for public key authentication. This can be fixed of course (google: ubuntu putty unable to use key file openssh ssh2 private key), but why not give a hint or two to the reader?

Related branches

summary: - Parts+ related to SSH public key authentication that need some
+ Parts related to SSH public key authentication that need some
improvement
Ian Nicholson (imnichol)
Changed in serverguide:
status: New → In Progress
assignee: nobody → Ian Nicholson (imnichol)
Revision history for this message
Ian Nicholson (imnichol) wrote :

Good news: I've got a fix.
Bad news: bzr is a royal pain and I don't know how to get it linked to this bug.

Changed in serverguide:
status: In Progress → Fix Committed
Revision history for this message
Awal Garg (awalgarg) wrote :

The dsa thing is still present at https://help.ubuntu.com/14.04/serverguide/openssh-server.html :/ This really needs to be fixed soon.

Changed in serverguide:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.