[cfarm-users] Does gcc304 sync certificates?

[Daniel Widdis]

Given one needs to actually be on the machine to edit that file, I understood the advice to use the web form (which helpfully shows the authorized_keys file contents on it).

So, given that rsa key is supposed to work, this apparently isn't the correct fix.  Any other reason why my keys aren't syncing from the profile to that machine?  I'm told it syncs to 40 machines, but I see 54 machines on the list, so I'm guessing this is one of the 14 machines that doesn't sync somehow?

On 3/12/22, 1:38 PM, "cfarm-users on behalf of Segher Boessenkool via cfarm-users" <cfarm-users-bounces at lists.tetaneutral.net on behalf of cfarm-users at lists.tetaneutral.net> wrote:

    On Sat, Mar 12, 2022 at 02:28:07PM -0500, Jeffrey Walton via cfarm-users wrote:
    > On Sat, Mar 12, 2022 at 2:24 PM Daniel Widdis via cfarm-users
    > <cfarm-users at lists.tetaneutral.net> wrote:
    > > ...
    > > I’ve never been able to log into the macOS M1 machine, gcc304.  It asks for a password (which implies the certificate isn’t synced):
    > 
    > It is probably the RSA key. OpenSSH made a change recently concerning
    > RSA keys. Also see https://www.openssh.com/releasenotes.html.

    RSA works just fine, please don't spread misinformation.  It is the only
    key type that works on all hosts, too.

    > Add an ecdsa or ed25519 key to your authorized_keys.

    You should never edit authorized_keys on the cfarm; use the web
    interface instead, it keeps things properly in synch.

    Using elliptic curve keys is good for speed of course, on the hosts
    where that works (only the speed to establish the connection, it isn't
    used after that).


    Segher
    _______________________________________________
    cfarm-users mailing list
    cfarm-users at lists.tetaneutral.net
    https://lists.tetaneutral.net/listinfo/cfarm-users