Github droped support for ssh keys with rsa #55
Comments
guilhermebodin
changed the title
|
I'm certainly open to update https://github.com/GunnarFarneback/LocalRegistry.jl/blob/master/docs/ssh_keys.md with new advice but first it's necessary to research the intersection of what Julia's versions of libgit2 and libssh2 provide and GitHub accepts. Some hints are given in this section of GitHub's blog post:
|
|
This issue has some information about workarounds, JuliaLang/Pkg.jl#3030. Using the julia 1.7 with ed25519 and the ENV variable to use your own git works and setting some .git-credentials also works. |
|
If you are on Julia 1.7+ I strongly recommend following https://github.com/GunnarFarneback/LocalRegistry.jl/blob/master/docs/ssh_keys.md#2-using-an-external-git-binary-with-julias-package-manager For Julia 1.6 I don't think there is any kind of key that both works with Julia and is accepted by GitHub. Yes, libssh2 1.9 has support for ECDSA keys, but only if you build with openssl as crypto backend, which Julia doesn't. For libssh2 1.10 (used by Julia 1.8), ECDSA is supported also with the mbedtls crypto backend, which Julia does use, but only if you tell the libssh2 build that you use an mbedtls built with ECDSA support and, presumably, also that you did build mbedtls with ECDSA support. |
|
What should be added to GH Actions like https://github.com/julia-actions/add-julia-registry or https://github.com/julia-actions/julia-runtest to support this? |
|
Hopefully somebody else knows. GH Actions are far outside my competence. |
|
By coincidence, I tried to use an ECDSA key (which is my default) with LocalRegistry and it worked fine, so I think this can be changed now. At least my gitea did not complain and it just worked :) I guess the SSH key generation recommendation can be changed to this: You may want to explicitly specify |
|
LocalRegistry uses command line git for its operations and is thus insensitive to what does or does not work with libgit2. The question here is what works when Pkg tries to reach a registry or a package which requires an ssh key. But yes, Julia 1.8 ought to work better and maybe something has been backported to 1.6 or 1.7. |
|
As I said, I haven't encountered problems with those sorts of keys. All git ssh access to that server is gated behind that key, which I've added to my ssh-agent. I can see what happens when I don't explicitly add it to my agent, but I think in that case I get asked for a key location/unlock password for the key. |
|
If you are using |
|
Understood - then I'll test with the |
|
Maybe this is a bit late. But it's similar to what is discussed above, and maybe it'll be helpful to someone else since I spent a few hours on this. I wanted to use LocalRegistry and private github tokens. I managed to get it to work with |
Hi @GunnarFarneback recently Github dropped the support for new rsa ssh keys https://github.blog/2021-09-01-improving-git-protocol-security-github/
How could we change this part Set Up Persistent git ssh Authentication that Julia Recognizes of the tutorial to manage private registries?
The text was updated successfully, but these errors were encountered: