-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certificate type is set to ssh-rsa-cert-v01@openssh.com which is deprecated in new openssh #133
Comments
Hello @tierpod, |
Actually it makes sense, according to
If Do you want me to investigate this and suggest PR? At first sight, it may take some time, because we have to deal with list of keys instead of one. |
Ok great, yes I'll happily let you submit a PR on this if you have time, and we will iterate on it since it will need many changes I think :) |
And feel free to rework complete functions and remove unnecessary code if needed. |
Hi @tierpod, I just released v0.7.0 of signmykey with your PRs. So now we have support for multiple keys by default and warning message for the end user when they receive a certificate signed with a deprecated algorithm. Thanks again for your contribution :) I keep this one open to keep track of the issue of the generated certificate type by signmykey signer. The specific issue on Go x/crypto/ssh seems to be here: golang/go#36261 |
Hello. It's not a problem with signmykey, but with x/crypto/ssh library. When local signer is used, ssh certificate type is set to
ssh-rsa-cert-v01@openssh.com
which is deprecated in new openssh versions.I found some similar issues. As I understood, this library will be updated to set valid type:
but for now, there are a couple of workarounds:
PubkeyAcceptedKeyTypes +ssh-rsa-cert-v01@openssh.com
to ~/.ssh/configssh-keygen -t ed25519
The text was updated successfully, but these errors were encountered: