ed25519 SSH key »is not valid«

[mark-kubacki]

Adding my SSH key…

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPPyhhXkhiYl/K4wnw54Tk/Jm1xSiWnZSk0slIG9XjgC mark@nas

I get:

SSH key content is not valid.

[unknwon]

This page has a check for min length of SSH key to be 100. Can SSH key be this short?

[mark-kubacki]

This is a perfectly valid and safe SSH key.

It is not RSA, hence length-checks which are hard-coded for RSA will fail.

[unknwon]

I see, sorry for the trouble.

[mark-kubacki]

No worries. I still believe you rock, creating gogs as-is. ;-)

ssh-keygen -t ed25519

[mark-kubacki]

If it is okay with you I'd like to generalize this bugreport. It seems gogs doesn't accept EC keys at all.

The solution is this: Use ssh-keygen -l -f <keyfile> and its first and last field. Reject iff:

first, last
<2048, RSA
<256, [ED25519, ECDSA]
<1087, NTRU
<1702, McE

For example, valid keys:

ssh-keygen -l -f ~/.ssh/id_rsa.pub
4096 ff:ff:ff:…ff  some@mail.local (RSA)

ssh-keygen -l -f ~/.ssh/id_ed25519.pub
256 ff:ff:ff:…ff  commentcomment (ED25519)

ssh-keygen -l -f ~/.ssh/id_ecdsa.pub
256 ff:ff:ff:…ff  my key (ECDSA)

# needs a customized SSH daemon
ssh-keygen -l -f ~/.ssh/id_ntru.pub
1087 ff:ff:ff:…ff  my key (NTRU)

ssh-keygen -l -f ~/.ssh/id_mce.pub
2807 ff:ff:ff:…ff  intern (McE)

---

For my notes:
https://github.com/gogits/gogs/blob/ee9b7f322ff4c4c14952c2f83fb03e90fa583cad/routers/user/setting.go#L192-L196

[mark-kubacki]

closed by #293

Thanks!

[unknwon]

Thank you!