workflow
workflow copied to clipboard
teamhephy
Can't push with ssh-ed25519 keys
From @amingilani on November 5, 2016 21:55
Currently I can keys:add my primary ssh-ed25519 ssh key but I can't push, and have to rely on my alt RSA key.
Github let's me push using my primary ssh-ed25519, I can log in as core@coreOS using my ssh-ed25519 just fine.
Steps to reproduce:
- Create a new key using
ssh-keygen -o -a 100 -t ed25519 - Add the key to Deis
- Create and push using the key
Copied from original issue: deis/workflow#598
From @kmala on November 8, 2016 20:1
whatever key git client passes during git push deis master is the one used by the deis to authenticate. So, if you should be able to use ssh-ed25519 key if you can make git client to use it for ssh.
From @amingilani on November 8, 2016 20:56
@kmala here:
Checking to make sure my key exists on deis
$ deis keys:list
=== amin_shah Keys
[email protected] ssh-ed25519 AAAA...bull.local
gilani@redbull ssh-rsa AAAAB3Nz...ni@redbull
Testing git push
# Using RSA key on Github
$ GIT_SSH_COMMAND="ssh -i ~/.ssh/id_rsa -F /dev/null" git push github master
Everything up-to-date
# Using ED25519 key on Github
$ GIT_SSH_COMMAND="ssh -i ~/.ssh/id_ed25519 -F /dev/null" git push github master
Everything up-to-date
# Using RSA key on Deis
$ GIT_SSH_COMMAND="ssh -i ~/.ssh/id_rsa -F /dev/null" git push deis master
Everything up-to-date
# Using ED25519 key on Deis
$ GIT_SSH_COMMAND="ssh -i ~/.ssh/id_ed25519 -F /dev/null" git push deis master
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
From @amingilani on November 8, 2016 20:58
@kmala could you independently run the following? The command to generate a ed25519 key is ssh-keygen -o -a 100 -t ed25519
From @kmala on November 8, 2016 21:35
yes...i get the same behavior but the weird thing is the server is getting the rsa key and not the ed25519 key even when using the GIT_SSH_COMMAND.
From @kmala on November 8, 2016 23:10
On further investigation i found that this is happening only for ed25519 keys.... i am able to use different keys using the GIT_SSH_COMMAND
From @bacongobbler on November 8, 2016 23:24
Not sure if this is relevant (fly-by comment) but we only generate rsa, dsa and ecdsa host keys for the builder: https://github.com/deis/charts/blob/master/workflow-dev/tpl/deis-builder-secret-ssh-private-keys.yaml#L10-L13
Perhaps that is relevant?
From @kmala on November 9, 2016 17:1
Upon further investigation found that golang ssh implementations doesn't support ed25519 keys https://github.com/golang/go/issues/8581 .The issue is fixed but isn't released.
From @bacongobbler on March 27, 2017 22:48
this has been fixed upstream so we should be able to accept ed25519 keys if someone feels like hacking up a PR for the controller and the builder. :)
From @kmala on March 28, 2017 6:31
It was fixed long back but isn't released in any release.