git pull的时候神奇的需要密码,可我明明是用秘钥验证的呀!又没有设置密码!在网上找呀找,发现下面的方法可以解决我的问题,这里备忘一下,来源:ssh-rsa验证失败"no mutual signature algorithm" - 知乎 (zhihu.com)
突然发现git无法正常使用了
git@gitee.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.定位ssh错误
❯ ssh -vT git@gitee.com
....
debug1: Offering public key: (none) RSA SHA256:...k agent
debug1: send_pubkey_test: no mutual signature algorithm
...简单的说,就是openssh默认不再支持ssh-rsa算法啦,说是该算法存在安全隐患, 具体可以看看这个新闻:OpenSSH to deprecate SHA-1 logins due to security risk | ZDNet
当然我们可以重新启用ssh-rsa,但存在安全风险。
PubkeyAcceptedKeyTypes +ssh-rsa更好的做法是使用Ed25519
ssh-keygen
ssh-keygen -t ed25519 -C "your_email@example.com"GnuPG - ECC (Elliptic Curve Cryptography)
❯ gpg --expert --edit-key xxx
gpg> addkey
Please select what kind of key you want:
(3) DSA (sign only)
(4) RSA (sign only)
(5) Elgamal (encrypt only)
(6) RSA (encrypt only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(12) ECC (encrypt only)
(13) Existing key
(14) Existing key from card
Your selection? 11
Possible actions for a ECDSA/EdDSA key: Sign Authenticate
Current allowed actions: Sign
(S) Toggle the sign capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? s
Your selection? a
Your selection? q
Please select which elliptic curve you want:
(1) Curve 25519
(3) NIST P-256
(4) NIST P-384
(5) NIST P-521
(6) Brainpool P-256
(7) Brainpool P-384
(8) Brainpool P-512
(9) secp256k1
Your selection? 1
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
Really create? (y/N) y
gpg> save相关资料