Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How force ssh RSA with PEM format use SHA-2 and NOT SHA-1 by default?

Tags:

git

ssh

spring-boot

spring-cloud-config-server

I have a spring config server but i change the repository to a private one and i am trying to use a SSH authentication.

my application.yml its like this:

spring:
  cloud:
    config:
    server:
      git:
        uri: [email protected]:server/repo.git
        ignoreLocalSshSettings: true
        hostKey: githostkey
        hostKeyAlgorithm: ssh-rsa
        strictHostKeyChecking: true
        passphrase: passphrase
        privateKey : |
                    -----BEGIN RSA PRIVATE KEY-----
                    ...............................
                    -----END RSA PRIVATE KEY-----

but i get this error when the config server try to connect to the repo:

     "org.eclipse.jgit.errors.NoRemoteRepositoryException: 
     [email protected]:server/repo.git: ERROR: You're using an RSA key with SHA-1, which is 
     no longer allowed. Please use a newer client or a different key type."

spring cloud documentation here

recommend use "ssh-keygen -m PEM -t rsa -b 4096 -f ~/config_server_deploy_key.rsa" to create a key pair in the correct format and i added the public key to SSH keys in my github repo.

i check the generated key with 'ssh -i ~/.ssh/config_server_deploy_key.rsa [email protected]' and i got:

  Hi user! You've successfully authenticated, but GitHub does not provide shell 
  access.
  Connection to github.com closed.

but git expose here that SHA-1 SSH is not sopported, supporting the exception I get at first place.

i am trying to use 'ssh-keygen -m PEM -t rsa-sha2-512 -C "[email protected]"' to generate a valid key but i have the same issue.

anyone can give me a clue?

like image 377
Juan Sanchez Avatar asked Oct 16 '25 02:10

Juan Sanchez

1 Answers

i resolve this issue

i get all hostkey of github this way:

ssh -vvv [email protected]

then i use:

ssh-keygen -t ecdsa -b 256 -m PEM

add the new public key to my repo and then

  uri: [email protected]:myserver/myRepo.git
      ignoreLocalSshSettings: true
      ignore-local-ssh-settings: true
      hostKey: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
      hostKeyAlgorithm: ecdsa-sha2-nistp256
      strictHostKeyChecking: true
      passphrase: 'passphrase'
      privateKey : |
                    -----BEGIN EC PRIVATE KEY-----
                    '''''''''''''''''''''''''''''''''
                    -----END EC PRIVATE KEY-----

and with this everything worked perfectly!

like image 189
Juan Sanchez Avatar answered Oct 18 '25 19:10

Juan Sanchez

Sign in to Comment

Related questions

Git svn fetch retrieving only one revision at a time
Can VS Code display modified files by folder in git version manager?
How to use git push prune to delete remote branches
Why does this git rebase think there's nothing to do?
How does git tag --contains work?
Git merge file content outside of a repo (--no-index)
ssh is using wrong key despite config and bypassing config
Why do all my GitHub commits show as unverified?
Can you add Databricks jobs to a Git repo?
Semantic Versioning Guidance With Packages Name Changes From a Git Repo
How to set up "Git Changelog" in Jenkins?
git-svn crashing on big repo migration

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!