Description
Bug description
some user can't connect workspace through ssh gateway when
- openssh 8.8 or above
- using RSA algorithm as the private key
This is because openssh disables RSA signatures using the SHA-1 hash algorithm by default link
In order to use the more secure sha256/sha512 algorithm, the server need support RFC 8308 for negotiating the specific type of algorithm supported with the client.
Currently golang/crypto does not officially support RFC 8303, there is a PR golang/crypto#211 that is currently being followed up, but it has been a long time since there has been any action
I think we probably can't wait for the official PR golang/crypto#211 merge, on the one hand, this PR hasn't had a new commit for 2 months and the last comment was a month ago, no one knows when it will be merged
Also the latest beta for macOS has upgraded the ssh-client to openssh 9.0 which means the latest macOS 13.0 will have a ton of people having this problem by the time it's released in the fall, so we may have to merge it ourselves and watch for official movement
Steps to reproduce
use ssh-keygen to generate rsa key pair
upload public key to Gitpod
install openssh 9.0 client in your local machine or workspace
using this private key to connect new workspace via ssh gateway
Workspace affected
No response
Expected behavior
No response
Example repository
No response
Anything else?
No response
Metadata
Metadata
Assignees
Labels
Type
Projects
Status