Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When I add ssh key to an account, I get Can not verify your SSH key: ... asn1: structure error: tags don't match #22693

Open
lasersPew opened this issue Jan 31, 2023 · 12 comments
Open

When I add ssh key to an account, I get Can not verify your SSH key: ... asn1: structure error: tags don't match #22693

lasersPew opened this issue Jan 31, 2023 · 12 comments
Labels
type/bug

Comments

@lasersPew
Copy link

Description

When I add ssh key to an account, I get Can not verify your SSH key: failed to parse DER encoded public key as either PKIX or PEM RSA Key: asn1: structure error: tags don't match (16 vs {class:1 tag:15 length:112 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue: tag: stringType:0 timeType:0 set:false omitEmpty:false} publicKeyInfo @2 asn1: structure error: tags don't match (16 vs {class:1 tag:15 length:112 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue: tag: stringType:0 timeType:0 set:false omitEmpty:false} PublicKey @2

Gitea Version

1.18.1

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

https://gist.github.com/lasersPew/749f3818a1cba92f35de084dabb35840

Screenshots

image
image

Git Version

2.36.3

Operating System

alpine 3.16.3

How are you running Gitea?

Using Docker CLI inside Alpine 0.17 in WSL, no Docker Desktop using WSL2 kernel. Set things up using Portainer, Stacks specifically. Here's the config:

version: "3"

networks:
  gitea:
    external: false

services:
  server:
    image: gitea/gitea:1.18.1
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=db:5432
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=password1
    restart: always
    networks:
      - gitea
    volumes:
      - /config/gitea:/data:rw
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - /config/git:/git:rw
    ports:
      - 3001:3000
      - 2222:22
    depends_on:
      - db

  db:
    image: postgres:14.6-alpine
    container_name: gitea-db
    restart: always
    environment:
      - POSTGRES_USER=gitea
      - POSTGRES_PASSWORD=password1
      - POSTGRES_DB=gitea
    networks:
      - gitea
    volumes:
      - /config/postgres:/var/lib/postgresql/data

Database

PostgreSQL
@jrjake
Copy link

jrjake commented Feb 1, 2023

What command did you run to generate key? And what is filename of key (like ~/.ssh/[file you are uploading])?

@lasersPew
Copy link
Author

lasersPew commented Feb 1, 2023
edited by delvh
Loading

I just ran ssh-keygen to both machines I tried it to and both of which had output on files ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub

Here's the key on one on the machines for reference:

<a SSH private key>

@lunny
Copy link
Member

lunny commented Feb 1, 2023

How do you copy the content?

@zeripath
Copy link
Contributor

zeripath commented Feb 1, 2023

You should only be uploading the PUBLIC key not the PRIVATE key. That is why this is failing,

@zeripath
Copy link
Contributor

zeripath commented Feb 1, 2023

Now interestingly I thought we had code that was able to detect this sort of mistake - and report back to the user that they were doing the wrong thing. So I guess we should double check that.

@delvh
Copy link
Member

delvh commented Feb 1, 2023

Please do not upload any secret data such as your SSH private key to public spaces.
I've removed any trace of it now.
If you're lucky, no one copied it before I did that.
If you're unlucky, your key is now compromised.

@lasersPew
Copy link
Author

Please do not upload any secret data such as your SSH private key to public spaces. I've removed any trace of it now. If you're lucky, no one copied it before I did that. If you're unlucky, your key is now compromised.

Ah no probs. That key is from another docker container and I regenerated it multiple times.

@zeripath
Copy link
Contributor

zeripath commented Feb 2, 2023

@delvh I was going to use that compromised private key to try to improve the error detection!!

zeripath added a commit to zeripath/gitea that referenced this issue Feb 2, 2023
@zeripath
Improve error report when user passes a private key
c411d27 
The error reported when a user passes a private ssh key as their ssh public key is
not very nice.

This PR improves this slightly.

Ref go-gitea#22693

Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath mentioned this issue Feb 2, 2023
Merged
zeripath added a commit that referenced this issue Feb 2, 2023
@zeripath @delvh
Improve error report when user passes a private key (#22726)
2914c52 
The error reported when a user passes a private ssh key as their ssh
public key is not very nice.

This PR improves this slightly.

Ref #22693

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
@LightgardenCC
Copy link

I recommend using the git-bash on windows instead of powershell or cmd to run the ssh-keygen command (echo -n 'sample' | ssh-keygen -Y sign -n gitea -f ./id_rsa) to successfully complete the verification.

When I use powershell, the verification keeps failing, maybe powershell generates an unkown error when it executes these commands.

@lasersPew
Copy link
Author

When I use powershell, the verification keeps failing, maybe powershell generates an unkown error when it executes these commands.

Can confirm that it happens quite a lot, especially when you're SSHing with a Private VPN on, like HackTheBox(the service I used where I get the error)

@KN4CK3R KN4CK3R mentioned this issue Mar 30, 2024
Closed
@jesse-tong
Copy link

I recommend using the git-bash on windows instead of powershell or cmd to run the ssh-keygen command (echo -n 'sample' | ssh-keygen -Y sign -n gitea -f ./id_rsa) to successfully complete the verification.

When I use powershell, the verification keeps failing, maybe powershell generates an unkown error when it executes these commands.

In my machine, git-bash also fails as well, regardless when echo the signature to a file and copy them, or using clip tho.

@simplyniceweb
Copy link

I recommend using the git-bash on windows instead of powershell or cmd to run the ssh-keygen command (echo -n 'sample' | ssh-keygen -Y sign -n gitea -f ./id_rsa) to successfully complete the verification.

When I use powershell, the verification keeps failing, maybe powershell generates an unkown error when it executes these commands.

Works on my end. Windows 11 here. Maximized the git bash and run the command and done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@lunny @zeripath @simplyniceweb @delvh @LightgardenCC @lasersPew @jesse-tong @jrjake