-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RSA public keys cannot authenticate against internal SSH if the client has a recent ssh version (which disables ssh-rsa algorithm) #17798
Comments
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Belive I just hit this issue on gitea.com just now. Ended up switching to ed25519 from RSA and the issue was resolved. With RSA what I saw trying to clone via SSH:
Debugged with:
Everything looked fine. But then I remembered ed25519 was an option looking at the SSH key input placeholder text in the Gitea key input field, switched as I prefer it anyway, and was able to use SSH again. |
A easy and transparent workaround: Set "HostkeyAlgorithms" and "PubkeyAcceptedKeyTypes" in ~/.ssh/config
|
#17786 :D |
- Update SSH server libraries to support extensions negotations. - The extensions negotations are needed to communitcate with algorithms are accepted for "publickey" auth. - This PR adds 2 libraries. The modifed golang.org/x/crypto libraries(this in order to not mismatch with types in ssh.go) and a patched "github.com/gliderlabs/ssh" that has been modified in order to use the modified crypto library. - Resolves go-gitea#17798
Newer versions of openssh client disables ssh-rsa sha1 public key signature algorithm. Unfortunately gitea ssh server requires this signature algorithm instead of using the stronger rsa-sha2-256/rsa-sha2-512 (see go-gitea/gitea#17798) So, as a temporary workaround, force enable on the ssh client the ssh-rsa sha1 signature algorithm.
Newer versions of openssh client disables ssh-rsa sha1 public key signature algorithm. Unfortunately gitea ssh server requires this signature algorithm instead of using the stronger rsa-sha2-256/rsa-sha2-512 (see go-gitea/gitea#17798) So, as a temporary workaround, force enable on the ssh client the ssh-rsa sha1 signature algorithm.
Newer versions of openssh client disables ssh-rsa sha1 public key signature algorithm. Unfortunately gitea ssh server requires this signature algorithm instead of using the stronger rsa-sha2-256/rsa-sha2-512 (see go-gitea/gitea#17798) So, as a temporary workaround, force enable on the ssh client the ssh-rsa sha1 signature algorithm.
Newer versions of openssh client disables ssh-rsa sha1 public key signature algorithm. Unfortunately gitea ssh server requires this signature algorithm instead of using the stronger rsa-sha2-256/rsa-sha2-512 (see go-gitea/gitea#17798) So, as a temporary workaround, force enable on the ssh client the ssh-rsa sha1 signature algorithm.
Newer versions of openssh client disables ssh-rsa sha1 public key signature algorithm. Unfortunately gitea ssh server requires this signature algorithm instead of using the stronger rsa-sha2-256/rsa-sha2-512 (see go-gitea/gitea#17798) So, as a temporary workaround, force enable on the ssh client the ssh-rsa sha1 signature algorithm.
Newer versions of openssh client disables ssh-rsa sha1 public key signature algorithm. Unfortunately gitea ssh server requires this signature algorithm instead of using the stronger rsa-sha2-256/rsa-sha2-512 (see go-gitea/gitea#17798) So, as a temporary workaround, force enable on the ssh client the ssh-rsa sha1 signature algorithm.
And the reverse situation. If the following message is displayed testing operation of the key:
Remove lines 3 and 4 from the Host *
AddKeysToAgent yes
IdentityFile ~/.ssh/id_rsa
HostKeyAlgorithms ssh-rsa
ForwardAgent yes |
God overview and transparent problem handling. This encourages trust in your project. I am a happy user :) |
That should not be considered valid, since the algorithm behind it is known as weak. Please support up-to-date crypto algorithms. Forcing users to use weak algorithms is not acceptable. Reason to not re-install gitea after a just-done server upgrade. |
This comment was marked as duplicate.
This comment was marked as duplicate.
An alternative workaround that might be more secure (I only quickly checked the source code) is to temporarily replace
Additionally you will need to adjust |
- Update the crypto dependency to include golang/crypto@6fad3df - Resolves go-gitea#17798
- Backport go-gitea#21792 - Update the crypto dependency to include golang/crypto@6fad3df - Resolves go-gitea#17798
- Backport go-gitea#21792 - Update the crypto dependency to include golang/crypto@6fad3df - Resolves go-gitea#17798
- Update the crypto dependency to include golang/crypto@6fad3df - Resolves #17798 Executed: `go get golang.org/x/crypto@6fad3dfc18918c2ac9c112e46b32473bd2e5e2f9 && rm go.sum && go mod tidy`
- Backport #21792 - Update the crypto dependency to include golang/crypto@6fad3df - Resolves #17798
- Backport #21792 - Update the crypto dependency to include golang/crypto@6fad3df - Resolves #17798 Co-authored-by: John Olheiser <john.olheiser@gmail.com>
- Update the crypto dependency to include golang/crypto@6fad3df - Resolves go-gitea#17798 Executed: `go get golang.org/x/crypto@6fad3dfc18918c2ac9c112e46b32473bd2e5e2f9 && rm go.sum && go mod tidy`
Gitea Version
1.15.x/1.16.x till the latest
Operating System
How are you running Gitea?
Builtin/Internal SSH (ex: docker-rootless or START_SSH_SERVER=true in app.ini)
Can you reproduce the bug on the Gitea demo site?
Yes
Description
The
ssh-rsa
key signing algorithm is disabled on recent ssh versions. Although #17281 means that Gitea will offerrsa-sha2-256
andrsa-sha2-512
for the host key verification - it does not fix the issue of advertising and handling the public key signing algorithm.This failure then results in ssh authentication failing.
How to reproduce
Use a newer version of SSH where this is disabled and attempt to authenticate using an RSA key.
On older versions of SSH:
Unfortunately OpenSSH have changed the name of this option across versions and in newer versions, including the affected version, this option is called:
PubkeyAcceptedAlgorithms
So if the above fails with an error try:
Workaround
-o PubkeyAcceptedAlgorithms=+ssh-rsa
to the ssh command line (In the unlikely event you have an older version which has deliberately disabled the ssh-rsa algorithm you will need to add-o PubkeyAcceptedKeyTypes=+ssh-rsa
)History of this issue
For speed I'm going to collect things here:
What is actually needed
The fundamental issue is not resolvable within Gitea without forking and otherwise reimplementing the ssh server. We will need to address this problem upstream.
There are two major structural issues:
ssh-rsa
signing algorithm in future and this needs to be addressed.The text was updated successfully, but these errors were encountered: