github / RSA key problems preventing cargo from updating crates

422 views Asked by At

I recently configured my Yubikey to sign commits on github. That is working perfect. An unfortunate by-product of the yubikey seems to be that I have to authenticate with my yubikey even just to clone public repos. I can live with that, but now I am getting a strange error when I try to run cargo test. It seems git thinks I am using a RSA-1 key and has disallowed RSA-1 keys because of security concerns.

I don't believe I am actually using any RSA-1 keys. The only two keys in my ~/.ssh/known_hosts file are a rsa-ed25519 and a rsa-sha2. The keys themselves should be coming from my yubikey and I would assume that is up to date.

I have to admit, I am a little lost on where to even start debugging this issue.

rogerbos@rogers-mbp resistor-color % cargo test                                  
    Updating crates.io index
error: failed to get `enum-iterator` as a dependency of package `resistor-color v1.0.0 (/Users/rogerbos/Exercism/rust/resistor-color)`

Caused by:
  failed to load source for dependency `enum-iterator`

Caused by:
  Unable to update registry `crates-io`

Caused by:
  failed to fetch `https://github.com/rust-lang/crates.io-index`

Caused by:
  failed to authenticate when downloading repository: [email protected]:rust-lang/crates.io-index

  * attempted ssh-agent authentication, but no usernames succeeded: `git`

  if the git CLI succeeds then `net.git-fetch-with-cli` may help here
  https://doc.rust-lang.org/cargo/reference/config.html#netgit-fetch-with-cli

Caused by:
  ERROR: You're using an RSA key with SHA-1, which is no longer allowed. Please use a newer client or a different key type.
  Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/ for more information.

  ; class=Ssh (23); code=Eof (-20)
1

There are 1 answers

0
Alexey Demin On

Yes, adding

[net]
git-fetch-with-cli = true

to ~/.cargo/config.toml indeed solves the issue.