Adjective: Comparative form of nerdy: more nerdy.

ERROR: You’re using an RSA key with SHA-1, which is no longer allowed.

Encountered this error when trying to do a git clone on an older system which we can’t upgrade right now.

ERROR: You’re using an RSA key with SHA-1, which is no longer allowed. Please use a newer client or a different key type.
Please see for more information.

Install a dependency and grab the version you are going to upgrade to/create build directories. I went with 7.2 as it’s the minimum that will work, and the system is older so the latest version might cause issues with installation.

yum install pam-devel
cd /usr/src/
tar -xzvf openssh-7.2p2.tar.gz
mkdir -p /usr/src/redhat/SPECS
cp openssh-7.2p2/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
mkdir -p /root/rpmbuild/SOURCES
cp openssh-7.2p2.tar.gz /root/rpmbuild/SOURCES/

Edit the spec file

nano -w /usr/src/redhat/SPECS/openssh.spec

and change the following to match

%define no_x11_askpass 1
%define no_gnome_askpass 1
#%attr(-,root,root) %{_bindir}/slogin
#%attr(-,root,root) %{_mandir}/man1/slogin.1*

Then update all the references for build requires to the version that works

sed -i 's/BuildPreReq/BuildRequires/g' openssh.spec

Build the RPMs

cd /usr/src/redhat/SPECS/
rpmbuild -bb openssh.spec

# ll /root/rpmbuild/RPMS/x86_64/
total 1420
-rw-r--r-- 1 root root 439728 Sep 23 13:13 openssh-7.2p2-1.x86_64.rpm
-rw-r--r-- 1 root root 581740 Sep 23 13:13 openssh-clients-7.2p2-1.x86_64.rpm
-rw-r--r-- 1 root root  16964 Sep 23 13:13 openssh-debuginfo-7.2p2-1.x86_64.rpm
-rw-r--r-- 1 root root 391648 Sep 23 13:13 openssh-server-7.2p2-1.x86_64.rpm

Install and check the version

rpm -Uvh /root/rpmbuild/RPMS/x86_64/openssh*.rpm

# ssh -V

Before restarting sshd, you need to add this to /etc/ssh/sshd_config

AuthorizedKeysCommandUser root

Then restart sshd

service sshd restart

Any ssh keys used for github will need to be regenerated using the newer ssh-keygen

Leave a Reply

Your email address will not be published. Required fields are marked *