On 2022-04-26 at 14:49:14, Carlo Marcelo Arenas Belón wrote: > On Tue, Apr 26, 2022 at 02:05:14PM +0000, Elektronik (C.Gerhardt GmbH & Co. KG) wrote: > > > > I found that after an update from git 2.31.1. to 2.36 the authentication to our git server (running gitea 1.13.1) fails. We are getting the following error: > > I am guessing the issue might be the one documented in the following git for > windows issue: > > https://github.com/git-for-windows/git/issues/3468 > > The problem is not with git (neither a git for windows) specific issue, but > with the underlying version of openssh that is used in your server and the > best course of option is to upgrade that and generate a new host key, but > there are other options shown in that ticket that might help in the meanwhile. Yes, the error message you're seeing indicates that your version of OpenSSH, which is used by Git for Windows, has disabled the insecure ssh-rsa signature algorithm. Keys using the ssh-rsa key type, which can use ssh-rsa as the signature algorithm or the secure rsa-sha2-256 and rsa-sha2-512, can continue to be used if you support the new signature types. The problem is that Gitea uses the Go SSH library, which inherits this problem. Gitea is tracking this as [0]. The easiest way to solve this would be to add a host key that is Ed25519, which won't have the same problem. The issue I mentioned above also has a workaround to re-enable the ssh-rsa signature type if you can't do that, but of course that's insecure. [0] https://github.com/go-gitea/gitea/issues/17798 -- brian m. carlson (he/him or they/them) Toronto, Ontario, CA
Attachment:
signature.asc
Description: PGP signature
