23 09 2022
ERROR: You’re using an RSA key with SHA-1, which is no longer allowed.
absw | Errors, Linux, RHEL |
Encountered this error when trying to do a git clone on an older system which we can’t upgrade right now.
ERROR: You’re using an RSA key with SHA-1, which is no longer allowed. Please use a newer client or a different key type.
Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/ for more information.
Install a dependency and grab the version you are going to upgrade to/create build directories. I went with 7.2 as it’s the minimum that will work, and the system is older so the latest version might cause issues with installation.
tar -xzvf openssh-7.2p2.tar.gz |
mkdir -p /usr/src/redhat/SPECS |
cp openssh-7.2p2/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/ |
mkdir -p /root/rpmbuild/SOURCES |
cp openssh-7.2p2.tar.gz /root/rpmbuild/SOURCES/ |
Edit the spec file
nano -w /usr/src/redhat/SPECS/openssh.spec |
and change the following to match
%define no_gnome_askpass 1 |
Then update all the references for build requires to the version that works
sed -i 's/BuildPreReq/BuildRequires/g' openssh.spec |
Build the RPMs
cd /usr/src/redhat/SPECS/ |
rpmbuild -bb openssh.spec |
-rw-r--r-- 1 root root 439728 Sep 23 13:13 openssh-7.2p2-1.x86_64.rpm |
-rw-r--r-- 1 root root 581740 Sep 23 13:13 openssh-clients-7.2p2-1.x86_64.rpm |
-rw-r--r-- 1 root root 16964 Sep 23 13:13 openssh-debuginfo-7.2p2-1.x86_64.rpm |
-rw-r--r-- 1 root root 391648 Sep 23 13:13 openssh-server-7.2p2-1.x86_64.rpm |
Install and check the version
rpm -Uvh /root/rpmbuild/RPMS/x86_64/openssh*.rpm |
Before restarting sshd, you need to add this to /etc/ssh/sshd_config
AuthorizedKeysCommandUser root |
Then restart sshd
Any ssh keys used for github will need to be regenerated using the newer ssh-keygen