Skip to content

GitLab

Closed
Created by Administrator@rootOwner

Openssh 6.8 fingerprint error

Created by: Araeos

Descriptions

Summary

Adding a public key using the web interface fails, unable to generate a fingerprint.

Details

Adding a correctly formatted openssh public key fails with the red error text similiar to issue #7413 (closed). The key is correctly formatted and using the rails console with the command

Gitlab::Popen.popen(%W(ssh-keygen -lf /tmp/mykey.pub), '/tmp')

yields

=> ["2048 SHA256:g46P/hZKy/teaxfzjmyumd3KFwTWlfq2VJ8zgD5QxwU felix@caeros (RSA)\n", 0]

showing the successfully generated fingerprint in the new format described in the changelog:

  • Add FingerprintHash option to ssh(1) and sshd(8), and equivalent command-line flags to the other tools to control algorithm used for key fingerprints. The default changes from MD5 to SHA256 and format from hex to base64.

    Fingerprints now have the hash algorithm prepended. An example of the new format: SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE Please note that visual host keys will also be differen

Workaround

Downgrade to openssh 6.7 works.

Additional Info

gitlab: 7.9.0 gitlab-shell: 2.6.0 Openssh: 6.8 OS: Archlinux selinux is not installed