I recently configured my Yubikey to sign commits on github. That is working perfect. An unfortunate by-product of the yubikey seems to be that I have to authenticate with my yubikey even just to clone public repos. I can live with that, but now I am getting a strange error when I try to run cargo test
. It seems git thinks I am using a RSA-1 key and has disallowed RSA-1 keys because of security concerns.
I don't believe I am actually using any RSA-1 keys. The only two keys in my ~/.ssh/known_hosts file are a rsa-ed25519 and a rsa-sha2. The keys themselves should be coming from my yubikey and I would assume that is up to date.
I have to admit, I am a little lost on where to even start debugging this issue.
rogerbos@rogers-mbp resistor-color % cargo test
Updating crates.io index
error: failed to get `enum-iterator` as a dependency of package `resistor-color v1.0.0 (/Users/rogerbos/Exercism/rust/resistor-color)`
Caused by:
failed to load source for dependency `enum-iterator`
Caused by:
Unable to update registry `crates-io`
Caused by:
failed to fetch `https://github.com/rust-lang/crates.io-index`
Caused by:
failed to authenticate when downloading repository: [email protected]:rust-lang/crates.io-index
* attempted ssh-agent authentication, but no usernames succeeded: `git`
if the git CLI succeeds then `net.git-fetch-with-cli` may help here
https://doc.rust-lang.org/cargo/reference/config.html#netgit-fetch-with-cli
Caused by:
ERROR: You're using an RSA key with SHA-1, which is no longer allowed. Please use a newer client or a different key type.
Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/ for more information.
; class=Ssh (23); code=Eof (-20)
Yes, adding
to
~/.cargo/config.toml
indeed solves the issue.