DEXDEVS
GitHub has deprecated RSA key using SHA-1
eicky
March 14, 2024
10:55 am
GitHub has deprecated RSA key using SHA-1 due to security vulnerabilities associated with SHA-1. GitHub now requires more secure cryptographic standards. To resolve this issue, you'll need to generate a new SSH key using a more secure algorithm, such as ED25519 or RSA with a size of at least 2048 bits (though larger sizes like 4096 bits are often recommended for RSA).

Generating a New SSH Key

Using ED25519 (Recommended for most users)

  1. Generate a New ED25519 SSH Key:
    ssh-keygen -t ed25519 -C "your_email@example.com"
    When prompted to "Enter a file in which to save the key," press Enter to accept the default file location. Enter a secure passphrase when prompted.
  2. Start the SSH Agent in the Background:
    eval "$(ssh-agent -s)"
  3. Add Your SSH Key to the SSH Agent:
    ssh-add ~/.ssh/id_ed25519

Using RSA with a Larger Key Size

If, for some reason, you need to use RSA instead of ED25519, make sure to generate a key with a size of at least 4096 bits.
  1. Generate a New RSA SSH Key:
    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
  2. Follow the same steps as above to start the SSH agent and add your new SSH key to it.

Adding the New SSH Key to Your GitHub Account

  1. Copy the SSH Public Key to Your Clipboard:
    • For ED25519: cat ~/.ssh/id_ed25519.pub | pbcopy
    • For RSA: cat ~/.ssh/id_rsa.pub | pbcopy
    If pbcopy isn't available on your system (like on Linux), use xclip or simply open the file and copy its contents manually.
  2. Add the SSH Key to Your GitHub Account:
    • Go to GitHub and navigate to your account settings.
    • Click on "SSH and GPG keys" then "New SSH key".
    • Paste your public key into the field, give it a descriptive title, and click "Add SSH key".

Retry Cloning the Repository

With your new SSH key generated, added to your SSH agent, and linked to your GitHub account, try cloning the repository again. This time, the connection should be secure and free from the previously encountered error.

Additional Notes

  • The transition away from SHA-1 by GitHub and other services is part of an industry-wide effort to improve security. SHA-1 has been found to be vulnerable to collision attacks, where two different inputs produce the same hash output, compromising the integrity of cryptographic signatures.
  • If you encounter any errors related to the SSH agent or adding the key, ensure the SSH agent is running and that you've entered the commands correctly.
  • For more detailed information about GitHub's security practices and why certain key types or cryptographic algorithms are deprecated, refer to the link provided in the error message or visit GitHub's official documentation.
Category : Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *