SSH key cannot be verified due to 2047 length #20249
Comments
|
Does this happen for other key types too? If not, we should change this: gitea/modules/setting/setting.go Line 173 in ed13d7a to: MinimumKeySizes: map[string]int{"ed25519": 256, "ed25519-sk": 256, "ecdsa": 256, "ecdsa-sk": 256, "rsa": 2047},and add a comment as to why this is 2047 rather than 2048. If so, we should change this: gitea/models/asymkey/ssh_key_parse.go Line 198 in ed13d7a to: if minLen, found := setting.SSH.MinimumKeySizes[keyType]; found && length + 1 >= minLen {and add a comment explaining that we allow one byte shorter due to accepting an initial/terminal 0. If you're able to find out which of the above is the case then we can make the patch. In the meantime as a workaround you can change the defaults to allow minimums one byte less in size. |
|
I am unsure as i do not run gitea myself, and was advised by the person who runs the server. we did implement the workaround and that worked fine but i still opened an issue after some research into why it was happening |
|
OK I think it's only rsa that can be affected here. So I'll just do a very simple pr. |
Unfortunately it appears that 2048 bit RSA keys can occasionally be created in such a way that they appear to have 2047 bit length. This PR simply changes our defaults to allow these. Fix go-gitea#20249 Signed-off-by: Andrew Thornton <[email protected]>
Unfortunately it appears that 2048 bit RSA keys can occasionally be created in such a way that they appear to have 2047 bit length. This PR simply changes our defaults to allow these. Fix #20249 Signed-off-by: Andrew Thornton <[email protected]>
Unfortunately it appears that 2048 bit RSA keys can occasionally be created in such a way that they appear to have 2047 bit length. This PR simply changes our defaults to allow these. Fix go-gitea#20249 Signed-off-by: Andrew Thornton <[email protected]>
Backport go-gitea#20272 Unfortunately it appears that 2048 bit RSA keys can occasionally be created in such a way that they appear to have 2047 bit length. This PR simply changes our defaults to allow these. Fix go-gitea#20249 Signed-off-by: Andrew Thornton <[email protected]>
Backport #20272 Unfortunately it appears that 2048 bit RSA keys can occasionally be created in such a way that they appear to have 2047 bit length. This PR simply changes our defaults to allow these. Fix #20249 Signed-off-by: Andrew Thornton <[email protected]> Co-authored-by: techknowlogick <[email protected]>
Unfortunately it appears that 2048 bit RSA keys can occasionally be created in such a way that they appear to have 2047 bit length. This PR simply changes our defaults to allow these. Fix go-gitea#20249 Signed-off-by: Andrew Thornton <[email protected]>
Description
When generating an rsa ssh key, there is a chance the final bit is a zero, resulting in a 2047 bit length key, by default git tea does not allow for these keys. this should be changed to allow people to use them.
Gitea Version
1.17.0+dev-759-g761db4d53
Can you reproduce the bug on the Gitea demo site?
Yes
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
No response
How are you running Gitea?
https://try.gitea.io/user/settings/keys
Database
No response
The text was updated successfully, but these errors were encountered: