[sr #110545] SSH key not recognized on Git commit

[Bob Proulx]

Follow-up Comment #10, sr #110545 (project administration):

The problem is triggered by the deprecation of SHA1 hashes in the new OpenSSH
8.8 release from last week.  Which prevents the host key from being accepted. 
I am not sure why switching to an ed25519 key avoids this.  But if that works
then great as ed25519 keys are both stronger and more compact.  They will
likely become the default in a future release.

For a temporary workaround on the client side please apply the "old-host"
mitigation described in the OpenSSH 8.8 release notes.  This allows the
ssh-rsa algorithm on the client side again and is reported to solve the
problem.  (I can't test this because my unstable system only has OpenSSH 8.4
available and everything works there.)

https://www.openssh.com/releasenotes.html

Host old-host
    HostkeyAlgorithms +ssh-rsa
    PubkeyAcceptedAlgorithms +ssh-rsa

And to be clear "old-host" here is a placeholder for the name of the host as
it is being used to connect.  Here for example if git.savannah.gnu.org is the
name being used to connect then the above must match it exactly.  If you are
using a different alias then match it using whatever alias you are using.

Host git.savannah.gnu.org
    HostkeyAlgorithms +ssh-rsa
    PubkeyAcceptedAlgorithms +ssh-rsa

That will allow the connection to proceed.  I consider this only a temporary
workaround to the problem.  Obviously upgrading the server side of the
connection is best.  However digging into it tonight again revealed various
entanglements that will need to be worked through and prevent it from being an
easy trivial thing to do.  Ugh.


    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/support/?110545>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/