[TriLUG] trilug.org ANCIENT ssh keys

Jos Purvis via TriLUG trilug at trilug.org
Sat Aug 30 16:50:16 EDT 2025 

On Sat, Aug 30, 2025, at 09:00, Alan Porter via TriLUG wrote:
**SNIP**
> But we do not have an enterprise grade staff or budget or even
> focus to keep things running.  Raise your hand if you are
> proficient in LDAP.  Anyone?  Bueller?

*cough*

*raises hand*

I'd be happy to at least take a look at this and see what would be involved in getting it modernized: I've been doing that type of systems administration for several local non-profits and small companies and it's actually quite enjoyable. And as a funny coincidence, I've just spent a couple months looking at every open-source LDAP solution I could lay my hands on as part of a work project, so I'm still fresh on what options might work. There's some much better options these days for implementing this without needing to dive into the more painful corners of LDAP. As a plus, it would probably make a good future talk, if we haven't had a similar one recently.

If others are interested as well, I'd be happy to do a working weekend on it as a team to take it apart and put it back together with a modern Linux release and better tooling. :)

> I would go a step further and claim that _IT_IS_OK_ for a
> Linux-focused LUG to use tools that are off-the-shelf and
> perhaps even proprietary in their mission holding regular
> meetings and providing interesting services.  Not every tool
> in our quiver needs to be the exemplar of the FOSS model.
> This dogma has also interfered in keeping things simple enough
> for a group of volunteers to maintain.

Much agreed. It's fine to prioritize the use of open-source tooling (and more likely to find no-cost tooling in the open-source world), but especially as a registered 501(c)(3)[0] we shouldn't be shy about using commercial tooling where it's the better or easier option to suit the available volunteer resources. Having said that, the bigger priority is focusing on automation and documentation regardless of what tools are used: taking some time to make keeping things up to date and introducing new volunteers easier will pay huge dividends.

</soapbox>

Anyway...need a hand? :)

Cheers,

Jos

[0] We are still a 501(c)(3)...right? Or did we let that one lapse? I lost track of it when it came up a while back.

>
> So yeah... we should get on the SSH key issue.  Thanks for
> taking that first step of identifying the problem.
>
> Alan
>
>
>
>
> On 2025-08-30 00:00, William Sutton via TriLUG wrote:
>> Would someone with admin access, please, for the love of mercy and
>> the user community, update the sshd key types to something newer than
>> ssh-rsa and ssh-dss?
>>
>> I've been limping my older laptop config using ssh-dss, but my newer
>> laptop is on Fedora 41, and per ssh =Q key, the only algorithm it has
>> in common with trilug.org is ssh-rsa.  But when I try to use that, I
>> get back an error that the only supported keys are ...
>> ssh-rsa,ssh-dss.  Which I would think would mean rsa should work...
>> but clearly noth.
>>
>> William Sutton
>
>
>
> -- 
> This message was sent to: purvis at melete.org <purvis at melete.org>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from 
> that address.
> TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web	: 
> https://www.trilug.org/mailman/options/trilug/purvis%40melete.org
> Welcome to TriLUG: https://trilug.org/welcome

More information about the TriLUG mailing list