search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
45.11k stars 5.49k forks source link

When I add ssh key to an account, I get Can not verify your SSH key: ... asn1: structure error: tags don't match #22693

Open lasersPew opened 1 year ago

lasersPew commented 1 year ago

Description

When I add ssh key to an account, I get Can not verify your SSH key: failed to parse DER encoded public key as either PKIX or PEM RSA Key: asn1: structure error: tags don't match (16 vs {class:1 tag:15 length:112 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue: tag: stringType:0 timeType:0 set:false omitEmpty:false} publicKeyInfo @2 asn1: structure error: tags don't match (16 vs {class:1 tag:15 length:112 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue: tag: stringType:0 timeType:0 set:false omitEmpty:false} PublicKey @2

Gitea Version

1.18.1

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

https://gist.github.com/lasersPew/749f3818a1cba92f35de084dabb35840

Screenshots

image image

Git Version

2.36.3

Operating System

alpine 3.16.3

How are you running Gitea?

Using Docker CLI inside Alpine 0.17 in WSL, no Docker Desktop using WSL2 kernel. Set things up using Portainer, Stacks specifically. Here's the config:

version: "3"

networks:
  gitea:
    external: false

services:
  server:
    image: gitea/gitea:1.18.1
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=db:5432
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=password1
    restart: always
    networks:
      - gitea
    volumes:
      - /config/gitea:/data:rw
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - /config/git:/git:rw
    ports:
      - 3001:3000
      - 2222:22
    depends_on:
      - db

  db:
    image: postgres:14.6-alpine
    container_name: gitea-db
    restart: always
    environment:
      - POSTGRES_USER=gitea
      - POSTGRES_PASSWORD=password1
      - POSTGRES_DB=gitea
    networks:
      - gitea
    volumes:
      - /config/postgres:/var/lib/postgresql/data

Database

PostgreSQL

jrjake commented 1 year ago

What command did you run to generate key? And what is filename of key (like ~/.ssh/[file you are uploading])?

lasersPew commented 1 year ago

I just ran ssh-keygen to both machines I tried it to and both of which had output on files ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub

Here's the key on one on the machines for reference:

<a SSH private key>
lunny commented 1 year ago

How do you copy the content?

zeripath commented 1 year ago

You should only be uploading the PUBLIC key not the PRIVATE key. That is why this is failing,

zeripath commented 1 year ago

Now interestingly I thought we had code that was able to detect this sort of mistake - and report back to the user that they were doing the wrong thing. So I guess we should double check that.

delvh commented 1 year ago

Please do not upload any secret data such as your SSH private key to public spaces. I've removed any trace of it now. If you're lucky, no one copied it before I did that. If you're unlucky, your key is now compromised.

lasersPew commented 1 year ago

Please do not upload any secret data such as your SSH private key to public spaces. I've removed any trace of it now. If you're lucky, no one copied it before I did that. If you're unlucky, your key is now compromised.

Ah no probs. That key is from another docker container and I regenerated it multiple times.

zeripath commented 1 year ago

@delvh I was going to use that compromised private key to try to improve the error detection!!

LightgardenCC commented 1 year ago

I recommend using the git-bash on windows instead of powershell or cmd to run the ssh-keygen command (echo -n 'sample' | ssh-keygen -Y sign -n gitea -f ./id_rsa) to successfully complete the verification.

When I use powershell, the verification keeps failing, maybe powershell generates an unkown error when it executes these commands.

lasersPew commented 1 year ago

When I use powershell, the verification keeps failing, maybe powershell generates an unkown error when it executes these commands.

Can confirm that it happens quite a lot, especially when you're SSHing with a Private VPN on, like HackTheBox(the service I used where I get the error)

jesse-tong commented 4 months ago

I recommend using the git-bash on windows instead of powershell or cmd to run the ssh-keygen command (echo -n 'sample' | ssh-keygen -Y sign -n gitea -f ./id_rsa) to successfully complete the verification.

When I use powershell, the verification keeps failing, maybe powershell generates an unkown error when it executes these commands.

In my machine, git-bash also fails as well, regardless when echo the signature to a file and copy them, or using clip tho.

simplyniceweb commented 2 months ago

I recommend using the git-bash on windows instead of powershell or cmd to run the ssh-keygen command (echo -n 'sample' | ssh-keygen -Y sign -n gitea -f ./id_rsa) to successfully complete the verification.

When I use powershell, the verification keeps failing, maybe powershell generates an unkown error when it executes these commands.

Works on my end. Windows 11 here. Maximized the git bash and run the command and done.