I have an rsa 2048 key with a 65537 public exponent, but the ssh-agent refuses to sign it.
signing with ssh-rsa is unsupported; SHA-1 may be insecure is the message in the log for the ssh-agent.
openssl rsa -text -in ./id_rsa |grep publ
writing RSA key
publicExponent: 65537 (0x10001)
ssh-keygen -l -f ~/.ssh/id_rsa
2048 SHA256: no comment (RSA)
the key is visible with ssh-add -l
but 1password refuses to sign it..
1Password Version: 8.6.1
Extension Version: Not Provided
OS Version: ubuntu 20.04
Referrer: forum-search:signing with ssh-rsa is unsupported
Comments
-
I found this comment on another thread after posting this .. and it may be my problem..
"Do you see anything appear in the logs when you invoke the SSH command? On macOS: ~/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/logs/1Password_rCURRENT.log
It could be that the EC2 instance only supports SHA1 signatures for RSA keys. This is something that the SSH agent doesn't support at the moment. If that's the case, you can consider switching to Ed25519 keys, or upgrading OpenSSH on your server so that it supports more modern algorithms.
For Azure DevOps, that's not an option unfortunately. So be on the lookout for updates! (Either from our side or from Azure's side)
@jamie_shaw About the Private vault requirement, see this thread."
0 -
perhaps an addition to the error message in the logs would be useful to point out that the ssh-server instance is too old and wont negotiate the newer rsa format.
0 -
Hey!
Thank you for reaching out. Your assessment is correct: the SSH-agent does not yet support SHA-1. We are currently looking into adding support for SHA-1 for those cases where making server-side changes is not possible.
Joris
0 -
@rocket110 The latest 1Password beta now supports legacy
ssh-rsa
connections too!0