Sample Header Ad - 728x90

Git ls-remote to github fails with classic "SHA-1 not supported" on tunneled ssh session but `ssh -T git@github.com` doesn't

1 vote
0 answers
91 views
git ssh-tunneling github ssh-config
Cross-posting from [here](https://stackoverflow.com/questions/78737977/git-ls-remote-to-github-fails-with-classic-sha-1-not-supported-on-tunneled-ssh?noredirect=1#comment138823224_78737977) as suggested by the community. A bit of context: At my company we do tunneling to ssh into EC2 boxes. This tunneling command is as usual, uses ForwardAgent and the proxycommand is something like this: ProxyCommand ssh tunnelhost exec nc %h 22. Some other configs are: 
AddKeysToAgent yes
UseKeychain yes
IdentitiesOnly yes
UserKnownHostsFile ~/.ssh/known_hosts
HostKeyAlgorithms +ssh-rsa,ssh-dss,ssh-ed25519
PubkeyAcceptedAlgorithms +ssh-rsa,ssh-ed25519
KexAlgorithms +diffie-hellman-group1-sha1
PubKeyAuthentication yes
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_ecdsa
As you can see, I already tried RSA, ED25519 and ECDSA keys (all of them added to GitHub) and it seems like my key is not the issue. **The problem:** The issue is that, if I do a git ls-remote --heads git@github.com:company_org/repository.git I keep getting the error: 
ERROR: You're using an RSA key with SHA-1, which is no longer allowed.
Please use a newer client or a different key type.
Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/  for more information.
I know my key is not SHA-1 but still keep getting this error. To confirm my theory (that my key is fine) I used (following github's guidance) the ssh -T git@github.com command and I see it's working as I receive the correct response: 
Hi stoicAlchemist! You've successfully authenticated, but GitHub does not provide shell access.
I have a feeling that the server might have a conflicting config somewhere but I don't know where to look. More Context: It seems that I'm the only one on my team that is having this issue, the other engineers don't have an issue, that's why I'm leaning towards a config. I already tried changing keys, and even tried different types, changed configs to see if any of them were to blame but with no luck.
Asked by Stoic Alchemist (366 rep)
Jul 12, 2024, 06:27 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "git"
More questions tagged "ssh-tunneling"
More questions tagged "github"
Footer Ad - 728x90