Can we have an option to allow the deprecated and insecure ssh-rsa signing?
I've had good success moving my keys over to 1Pass now, but sadly I still cannot move my work SSH key over. This isn't the fault of 1Pass at all, but the fault of none other than Microsoft, surprise surprise...
I can't use any Git interactions with my company's repositories using 1Pass' agent since the remote server only supports RSA/SHA1 (ssh-rsa) signing:
debug2: peer server KEXINIT proposal debug2: KEX algorithms: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256 debug2: host key algorithms: ssh-rsa debug2: ciphers ctos: aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes256-ctr debug2: ciphers stoc: aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes256-ctr debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512 debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512 debug2: compression ctos: none debug2: compression stoc: none debug2: languages ctos: debug2: languages stoc:
And thus 1Pass will correctly refuse to sign the Git operations. Microsoft, again, unsurprisingly suggests using the insecure option instead of fixing the issue...
Is it possible to have some kind of option to allow RSA/SHA1 signing, may it be hidden or made available in some way, with a warning to go with it?
1Password Version: 8.8.0 (80800093)
Extension Version: 2.3.4
OS Version: Windows 10 Pro (21H2)
Comments
-
We're planning to add support for SHA-1
ssh-rsain the near future. We'll keep you posted here!0 -
Awesome! Thank you guys for making a great product ๐
0 -
@PurplProto We've added support to the agent for legacy
ssh-rsaconnections. Available in the latest 1Password beta!0 -
@floris_1P That's awesome news!
And thanks for remembering to reply as well ๐
0 -
Happy to report it's working well. Thanks again to the 1Pass team ๐
0
