You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 4, 2023. It is now read-only.
Using a key specifically generated with ssh-keygen -t rsa-sha2-512 on a Ubuntu 18.04 server running OpenSSH 7.6 (possibly others) erroneously reports
You're using an RSA key with SHA-1.
This key will continue to work if it's already set up, but you should strongly
consider generating a new key with the following command and using it instead:
ssh-keygen -t ed25519
If the key hasn't been set up by the deadline, you'll either need to generate a
new one as listed above, or upgrade to OpenSSH 7.2 or newer.
The debug statement for this version of OpenSSH for the sign_and_send_pubkey looks like debug3: sign_and_send_pubkey: RSA SHA256:<KEY_IDENTIFIER>. It is missing the 'signing' portion that the script is expecting. However, adding this key to a repository and cloning still works since the key is valid.
The text was updated successfully, but these errors were encountered:
Thanks for the report. We'll try to take a look at getting things fixed.
I'll mention that there is no rsa-sha2-512 keytype; there's only ssh-rsa as far as key types. The choice of which RSA signature type to use is dependent on client and server and can't be controlled at key generation time.
-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
Specifies the type of key to create. The possible values
are “dsa”, “ecdsa”, “ecdsa-sk”, “ed25519”, “ed25519-sk”, or
“rsa”.
This flag may also be used to specify the desired signature
type when signing certificates using an RSA CA key. The
available RSA signature variants are “ssh-rsa” (SHA1
signatures, not recommended), “rsa-sha2-256”, and
“rsa-sha2-512” (the default).
So the -t flag I mentioned might be superfluous, I just wanted to be explicit on an older version of OpenSSH.
Using a key specifically generated with
ssh-keygen -t rsa-sha2-512
on a Ubuntu 18.04 server running OpenSSH 7.6 (possibly others) erroneously reportsThe debug statement for this version of OpenSSH for the sign_and_send_pubkey looks like
debug3: sign_and_send_pubkey: RSA SHA256:<KEY_IDENTIFIER>
. It is missing the 'signing' portion that the script is expecting. However, adding this key to a repository and cloning still works since the key is valid.The text was updated successfully, but these errors were encountered: