djmoch

djmoch

For contribution only. My personal projects are hosted at https://git.danielmoch.com.

Member Since 8 years ago

Orlando, FL

Experience Points
8
follower
Lessons Completed
0
follow
Lessons Completed
1
stars
Best Reply Awards
2
repos

3 contributions in the last year

Pinned
⚡ A code-searching tool similar to ack, but faster.
⚡ Packages and commands for using Plan 9 from Go
Activity
Dec
27
3 weeks ago
pull request

djmoch pull request 9fans/go

djmoch
djmoch

acmego: Add Python formatter

Enable formatting of Python code with acmego -f.

push

djmoch push djmoch/go

djmoch
djmoch

acmego: Add Python formatter

commit sha: 2160cacdb3621ba9420c5fce32b0acf6b46e6bef

push time in 3 weeks ago
Activity icon
fork

djmoch forked 9fans/go

⚡ Packages and commands for using Plan 9 from Go
djmoch MIT License Updated
fork time in 3 weeks ago
Dec
7
1 month ago
Activity icon
issue

djmoch issue mssun/passforios

djmoch
djmoch

OpenSSH Disabled RSA/SHA-1 Signature Algo By Default

Pass currently offers outdated signature algorithms to the server when attempting to connect. This is why some users are having issues connecting when their server runs a newer version of OpenSSH (version 8.8 and newer).

I assume Pass uses a library to handle SSH, but I'll confess I can't figure out which one. That library should ideally be upgraded to a version that supports newer signature algorithms.

As for why the folks at OpenSSH think it's important to upgrade, here's a quote from their release notes:

Potentially-incompatible changes
================================

This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K [1]

For most users, this change should be invisible and there is
no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
will automatically use the stronger algorithm where possible.

Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options. For example, the following stanza in ~/.ssh/config will enable
RSA/SHA1 for host and user authentication for a single destination host:

    Host old-host
        HostkeyAlgorithms +ssh-rsa
	PubkeyAcceptedAlgorithms +ssh-rsa

We recommend enabling RSA/SHA1 only as a stopgap measure until legacy
implementations can be upgraded or reconfigured with another key type
(such as ECDSA or Ed25519).

[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
    Application to the PGP Web of Trust" Leurent, G and Peyrin, T
    (2020) https://eprint.iacr.org/2020/014.pdf
Dec
6
1 month ago
Activity icon
issue

djmoch issue comment mssun/passforios

djmoch
djmoch

Unable to pull/push from repository: "GTCredentialProvider failed to provide credentials"

Hi Mingshen,

I have found recently that I am unable to pull/push from my password store repository due to an error which says "GTCredentialProvider failed to provide credentials". I have tried using incorrect SSH credentials and get a different error, so I am sure I am using the correct password for my SSH key.

I am using key-based authentication. This issue started for me around 15 October. I am not sure if this issue coincides exactly with my update to iOS 15.0.2, but it is very close.

Some phone details:

  • iPhone 12 mini
  • iOS 15.0.2

Some details about my password store repository:

  • git 2.33.1 (I have tried downgrading to git 2.32 which did not help unfortunately)
  • openssh 8.8p1
  • SSH key authentication enforced

Many thanks, if there is any other info I can provide please let me know.

Edit (2021-11-02): I have worked around this by using ssh with password authentication and without keys, which is not a significant issue for me right now - but keys definitely make me sleep easier at night ...

djmoch
djmoch

I'm also having this issue, I suspect for the same reason as @barbosaaob (I'm also running OpenSSH 8.8, LibreSSL 3.4.1). It appears there's a bug in OpenSSH 8.8 such that the default PubkeyAcceptedAlgorithms list does not include ssh-rsa (although the documentation says it should).