New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Repository.Push fails with You're using an RSA key with SHA-1
even if ssh key works ok from CLI
#516
Comments
I'm gathering feedback from other colleagues and this seems to be another error:
Please note that the ssh key is properly loaded in the ssh agent and Git CLI works correctly |
Maybe you are facing this issue: #411 Hope it helps. |
@smveloso thanks a lot, it appears to help indeed. For the records this seems to be the actual magic trick: ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
ssh-keyscan -t ecdsa github.com >> ~/.ssh/known_hosts |
I'm running into the same issue, but trying the suggested fixes of:
doesn't seem to work for me. Is anyone else seeing this and, if so, have you found a workaround? |
Since go-git is using x/crypto/ssh via github.com/gliderlabs/ssh, I think it is affected by golang/go#49952 |
Hello everybody, I'm seeing this happen on clones as well. Just doing a plain clone like this: _, err := git.PlainClone(cloneDir, false, &git.CloneOptions{
URL: repo.URL,
}) Results in this error:
This SSH key was created using this command: ssh-keygen -t rsa -b 2048 -f ~/.ssh/github |
Just got the following working as a workaround. # Generate an ECDSA key since it doesn't seem to be affected by this SHA-1 RSA thing.
ssh-keygen -t ecdsa -f /path/to/github/ecdsa/key Then in my code: auth, err := ssh.NewPublicKeysFromFile("git", "/path/to/github/ecdsa/key", "")
if err != nil {
// handle it
}
_, err = git.PlainClone(cloneDir, false, &git.CloneOptions{
Auth: auth,
URL: repo.URL,
}) |
I believe this will be fixed if you upgrade golang.org/x/crypto to v0.3.0. I've just tested a test program with that version against GitHub with an RSA key and it appears to work correctly. If folks want, I can even send a PR with that change. |
#620 already updates |
Fixed as per #620 merge. |
We recently migrated all our codebase from GitLab to GitHub and one of our internal tools (go v1.18) suddenly stopped working.
This example should help to better describe and reproduce the issue: https://github.com/plato-app/alex-test-gitpush/blob/master/main.go
This is the output running
go run main.go
on my Macbook Air M1:FATA[2022-04-13T09:02:51-04:00] unknown error: ERROR: You're using an RSA key with SHA-1, which is no longer allowed. Please use a newer client or a different key type.
The commit gets created correclty, only the push fails, but pushing the very same commit from Git CLI (
git version 2.32.0 (Apple Git-132)
) it works correctly:SSH key loaded via SSH agent,
ssh-key -l
shows4092 SHA256:PZfI8AJp6diTWnUZ1jh[cut...] (RSA)
The text was updated successfully, but these errors were encountered: