github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 02:24:21 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Docker rootless SSH access error: "Permission denied (publickey)" due to OpenSSH 8.8 RSA SHA-1 deprecation #8213

New Issue
Closed
opened 2025-11-02 07:57:49 -06:00 by GiteaMirror · 2 comments
GiteaMirror commented 2025-11-02 07:57:49 -06:00
Owner
Copy Link

Originally created by @raffitz on GitHub (Dec 5, 2021).

Gitea Version

1.15.6 built with GNU Make 4.3, go1.16.9 : bindata, timetzdata, sqlite, sqlite_unlock_notify (docker gitea/gitea:1.15.6-rootless)

Git Version

No response

Operating System

No response

How are you running Gitea?

I am running gitea through the docker container gitea/gitea:1.15.6-rootless (image id b26ce93dd8b2)

Database

SQLite

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Description

Using an OpenSSH 8.8 client, using a Gitea server running the built-in ssh server, it leads to an error due to no mutual signature algorithms between ssh server and client.

debug1: Offering public key: *** RSA SHA256:***
debug1: send_pubkey_test: no mutual signature algorithm

OpenSSH 8.8 deprecated RSA signatures using SHA-1 hashes (release notes here).

The built-in ssh server was not prepared for this deprecation, as per upstream: https://github.com/golang/go/issues/49952

Presumably, once the above upstream issue is fixed and Gitea updates the go ssh module version, the Gitea issue will be fixed as well.

Stopgap solution:

As per the OpenSSH 8.8 release notes, I configured my local OpenSSH 8.8 client (through the ssh_config file) with the following:

    Host gitea-host
        HostkeyAlgorithms +ssh-rsa
	PubkeyAcceptedAlgorithms +ssh-rsa

This was sufficient to stop the "Permission denied (publickey)" messages from appearing and for my fetches, pushes and pulls to start working again.

Screenshots

No response

Originally created by @raffitz on GitHub (Dec 5, 2021). ### Gitea Version 1.15.6 built with GNU Make 4.3, go1.16.9 : bindata, timetzdata, sqlite, sqlite_unlock_notify (docker gitea/gitea:1.15.6-rootless) ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? I am running gitea through the docker container gitea/gitea:1.15.6-rootless (image id b26ce93dd8b2) ### Database SQLite ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Description Using an OpenSSH 8.8 client, using a Gitea server running the built-in ssh server, it leads to an error due to no mutual signature algorithms between ssh server and client. ``` debug1: Offering public key: *** RSA SHA256:*** debug1: send_pubkey_test: no mutual signature algorithm ``` OpenSSH 8.8 deprecated RSA signatures using SHA-1 hashes ([release notes here](https://www.openssh.com/txt/release-8.8)). The built-in ssh server was not prepared for this deprecation, as per upstream: https://github.com/golang/go/issues/49952 Presumably, once the above upstream issue is fixed and Gitea updates the go ssh module version, the Gitea issue will be fixed as well. ### Stopgap solution: As per the OpenSSH 8.8 release notes, I configured my local OpenSSH 8.8 client (through the `ssh_config` file) with the following: ``` Host gitea-host HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa ``` This was sufficient to stop the "Permission denied (publickey)" messages from appearing and for my fetches, pushes and pulls to start working again. ### Screenshots _No response_
GiteaMirror added the issue/workaroundissue/duplicate labels 2025-11-02 07:57:49 -06:00
GiteaMirror commented 2025-11-02 07:57:51 -06:00
Author
Owner
Copy Link

@wxiaoguang commented on GitHub (Dec 5, 2021):

Related to this one:

@wxiaoguang commented on GitHub (Dec 5, 2021): Related to this one: * https://github.com/go-gitea/gitea/issues/17798
GiteaMirror commented 2025-11-02 07:57:52 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Dec 5, 2021):

This is a duplicate of #17798

@zeripath commented on GitHub (Dec 5, 2021): This is a duplicate of #17798
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/duplicate issue/workaround
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#8213
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?