gitblit icon indicating copy to clipboard operation
gitblit copied to clipboard
verified publisher icon gitblit-org

ssh: Support newer host key signatures

Open andrm opened this issue 5 years ago • 2 comments

Right now I only get debug2: host key algorithms: ssh-rsa,ssh-dss from gitblit SSHD. Fedora 33 has changed, it will not accept ssh-rsa (from the server) anymore: debug1: Offering public key: /home/XXXX/.ssh/id_rsa RSA SHA256:XXXXXXXXXXXXXX agent debug1: send_pubkey_test: no mutual signature algorithm

Workaround: Set this in .ssh/config: Host HOSTNAME PubkeyAcceptedKeyTypes +ssh-rsa

I think SSHD is capable of newer host key sigs

andrm avatar Nov 03 '20 15:11 andrm

Thank you for reporting it and including a workaround. Support will be included when PR #1272 is merged. But I guess we need to make sure that the initial server keys get generated with the new chipers, too, so this issue is left as the reminder to implement that.

flaix avatar Nov 04 '20 18:11 flaix

This just came up on the public Git mailing list. Public key authentication fails because the user is on OpenSSH 8.8, which disables ssh-rsa by default. (Fedora jumped on this early, but it's starting to hit more Linux distributions now.)

bturner avatar Dec 31 '21 09:12 bturner