Can we have an option to allow the deprecated and insecure ssh-rsa signing?

PurplProto

I've had good success moving my keys over to 1Pass now, but sadly I still cannot move my work SSH key over. This isn't the fault of 1Pass at all, but the fault of none other than Microsoft, surprise surprise...

I can't use any Git interactions with my company's repositories using 1Pass' agent since the remote server only supports RSA/SHA1 (ssh-rsa) signing:

debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes256-ctr
debug2: ciphers stoc: aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes256-ctr
debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:

And thus 1Pass will correctly refuse to sign the Git operations. Microsoft, again, unsurprisingly suggests using the insecure option instead of fixing the issue...

Is it possible to have some kind of option to allow RSA/SHA1 signing, may it be hidden or made available in some way, with a warning to go with it?

---

1Password Version: 8.8.0 (80800093)
Extension Version: 2.3.4
OS Version: Windows 10 Pro (21H2)

floris_1P

We're planning to add support for SHA-1 ssh-rsa in the near future. We'll keep you posted here!

PurplProto

Awesome! Thank you guys for making a great product 💜

floris_1P

@PurplProto We've added support to the agent for legacy ssh-rsa connections. Available in the latest 1Password beta!

PurplProto

@floris_1P That's awesome news!

And thanks for remembering to reply as well 😄

PurplProto

Happy to report it's working well. Thanks again to the 1Pass team 💜