Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

Former Member's avatar
Former Member
3 years ago

I have an rsa 2048 key with a 65537 public exponent, but the ssh-agent refuses to sign it.

signing with ssh-rsa is unsupported; SHA-1 may be insecure is the message in the log for the ssh-agent.
openssl rsa -text -in ./id_rsa |grep publ
writing RSA key
publicExponent: 65537 (0x10001)

ssh-keygen -l -f ~/.ssh/id_rsa
2048 SHA256: no comment (RSA)

the key is visible with ssh-add -l

but 1password refuses to sign it..


1Password Version: 8.6.1
Extension Version: Not Provided
OS Version: ubuntu 20.04
Referrer: forum-search:signing with ssh-rsa is unsupported

  • Former Member's avatar
    Former Member

    I found this comment on another thread after posting this .. and it may be my problem..

    "Do you see anything appear in the logs when you invoke the SSH command? On macOS: ~/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/logs/1Password_rCURRENT.log

    It could be that the EC2 instance only supports SHA1 signatures for RSA keys. This is something that the SSH agent doesn't support at the moment. If that's the case, you can consider switching to Ed25519 keys, or upgrading OpenSSH on your server so that it supports more modern algorithms.

    For Azure DevOps, that's not an option unfortunately. So be on the lookout for updates! (Either from our side or from Azure's side)

    @jamie_shaw About the Private vault requirement, see this thread."

  • Former Member's avatar
    Former Member

    perhaps an addition to the error message in the logs would be useful to point out that the ssh-server instance is too old and wont negotiate the newer rsa format.

  • Former Member's avatar
    Former Member

    Hey!

    Thank you for reaching out. Your assessment is correct: the SSH-agent does not yet support SHA-1. We are currently looking into adding support for SHA-1 for those cases where making server-side changes is not possible.

    Joris

  • floris_1P's avatar
    floris_1P
    Icon for 1Password Team rank1Password Team

    @rocket110 The latest 1Password beta now supports legacy ssh-rsa connections too!