Fix generating SSH key fingerprints with OpenSSH 6.8.
Created by: sstanovnik
OpenSSH 6.8 introduces a new feature that changes the default fingerprint format and algorithm used by ssh-keygen. This breaks adding new SSH keys, because GitLab expects the colon-delimited format.
The message the user sees on the Add an SSH Key screen is "Fingerprint cannot be generated", similar to #7413 (closed), but the underlying cause is different.
This change checks the OpenSSH version and explicitly specifies the previous format if needed.
Closed by
(Jun 19, 2025 5:47pm UTC)
The changes were not merged into master
96 major, minor = out[0], out[1] 97 if major.to_i > 6 or (major.to_i == 6 and minor.to_i >= 8) 98 explicit_fingerprint_algorithm = true 99 end 100 end 101 102 if explicit_fingerprint_algorithm 103 cmd_output, cmd_status = popen(%W(ssh-keygen -E md5 -lf #{file.path}), '/tmp') 104 else 105 cmd_output, cmd_status = popen(%W(ssh-keygen -lf #{file.path}), '/tmp') 106 end 90 107 end 91 108 92 109 if cmd_status.zero? 93 cmd_output.gsub /(\h{2}:)+\h{2}/ do |match| 94 self.fingerprint = match Created by: jacobvosmaer
This regex code looks a little wonky to me. I wonder if we can just pick out the MD5 fingerprint with something like:
# constant should be defined somewhere at the top of the class FINGERPRINT_REGEX = Regexp.new('\h{2}:' * 15 + '\h{2}') # 16 hex bytes separated by ':' self.fingerprint = cmd_output.scan(FINGERPRINT_REGEX).firstBy Administrator on 2015-03-24T11:07:31 (imported from GitLab project)
96 major, minor = out[0], out[1] 97 if major.to_i > 6 or (major.to_i == 6 and minor.to_i >= 8) 98 explicit_fingerprint_algorithm = true 99 end 100 end 101 102 if explicit_fingerprint_algorithm 103 cmd_output, cmd_status = popen(%W(ssh-keygen -E md5 -lf #{file.path}), '/tmp') 104 else 105 cmd_output, cmd_status = popen(%W(ssh-keygen -lf #{file.path}), '/tmp') 106 end 90 107 end 91 108 92 109 if cmd_status.zero? 93 cmd_output.gsub /(\h{2}:)+\h{2}/ do |match| 94 self.fingerprint = match Created by: Razer6
Already first issue reported related to this https://gitlab.com/gitlab-org/gitlab-ce/issues/1289
By Administrator on 2015-03-24T12:18:27 (imported from GitLab project)
