Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some Open SSH and RSA key versions are not compatible with Gitpod SSH Gateway #12287

Closed
iQQBot opened this issue Aug 23, 2022 · 0 comments · Fixed by #12288
Closed

Some Open SSH and RSA key versions are not compatible with Gitpod SSH Gateway #12287

iQQBot opened this issue Aug 23, 2022 · 0 comments · Fixed by #12288
Assignees
@iQQBot
Labels
feature: ssh type: bug Something isn't working

Comments

@iQQBot
Copy link
Contributor

iQQBot commented Aug 23, 2022
edited
Loading

Bug description

some user can't connect workspace through ssh gateway when

  1. openssh 8.8 or above
  2. using RSA algorithm as the private key

This is because openssh disables RSA signatures using the SHA-1 hash algorithm by default link

In order to use the more secure sha256/sha512 algorithm, the server need support RFC 8308 for negotiating the specific type of algorithm supported with the client.

Currently golang/crypto does not officially support RFC 8303, there is a PR golang/crypto#211 that is currently being followed up, but it has been a long time since there has been any action

I think we probably can't wait for the official PR golang/crypto#211 merge, on the one hand, this PR hasn't had a new commit for 2 months and the last comment was a month ago, no one knows when it will be merged

Also the latest beta for macOS has upgraded the ssh-client to openssh 9.0 which means the latest macOS 13.0 will have a ton of people having this problem by the time it's released in the fall, so we may have to merge it ourselves and watch for official movement

Steps to reproduce

use ssh-keygen to generate rsa key pair
upload public key to Gitpod
install openssh 9.0 client in your local machine or workspace
using this private key to connect new workspace via ssh gateway

Workspace affected

No response

Expected behavior

No response

Example repository

No response

Anything else?

No response
@iQQBot iQQBot added the type: bug Something isn't working label Aug 23, 2022
@iQQBot iQQBot self-assigned this Aug 23, 2022
@iQQBot iQQBot moved this to In Progress in 🚀 IDE Team Aug 23, 2022
@iQQBot iQQBot mentioned this issue Aug 23, 2022
Merged
1 task
@loujaybee loujaybee changed the title some user can't connect workspace through ssh gateway Some Open SSH and RSA key versions are not compatible with Gitpod SSH Gateway Aug 24, 2022
@loujaybee loujaybee mentioned this issue Aug 24, 2022
Open
Repository owner moved this from In Progress to Done in 🚀 IDE Team Aug 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iQQBot iQQBot

Labels
feature: ssh type: bug Something isn't working
Projects
🚀 IDE Team
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[ssh-gateway] support rsa sha256/sha512 algorithm gitpod-io/gitpod
2 participants
@akosyakov @iQQBot