Description of problem: When using `gh codespace ssh` the client fails to connect and receives the following error message: ``` failed to connect to Live Share: error connecting to ssh session: error creating ssh client connection: ssh: handshake failed: ssh: unknown key algorithm: rsa-sha2-512 ``` Version-Release number of selected component (if applicable): 2.23.0-1.fc37.x86_64 How reproducible: Always Steps to Reproduce: 1. Browse to a github.com repository 2. Click the green Code button and select Codespaces tab, create a new codespace 3. In codespaces create ~/.ssh/authorized_keys with correct permissions, insert an ed25519 public key. 4. Open Fedora37 terminal from a user with the ed25519 keys. 5. Execute `gh codespace ssh` and select the codespace. 6. Observe the error Actual results: RSA error is returned every time. Expected results: The gh client requests the passphrase for the ed25519 private key. When the correct passphrase is entered the connection is established to the codespace. Additional info: Removing the Fedora gh RPM and installing the same version of the gh client from GitHub releases at https://github.com/cli/cli fixes the issue. Instead of an error the client requests the passphrase for the id_ed25519 private key and connects to the codespace. Upstream RPM that works: `gh-2.23.0-1.x86_64`
@mikel any updates? Patching F37 leads to reinstallation of the F37 RPM breaking the `gh codespace ssh` functionality. Requiring removing and reinstalling the upstream RPM multiple times when the functionality is relied upon. Thanks
I think we'll need to package gh's fork of golang/x/crypto [1] and manually handle the replace directives [2] (see [3] for how this is done in aerc) to use that instead. [1] https://github.com/cli/crypto [2] https://github.com/cli/cli/blob/1fc98f6808728cb72bffb6642c81e47632b7cb54/go.mod#L87 [3] https://src.fedoraproject.org/rpms/aerc/blob/rawhide/f/aerc.spec#_58
Thanks for checking this Maxwell, I've been quite busy lately. I'll work in a copr repo to generate the forked crypto library and test if gh works fine with it.
I've created a build for F37 in copr: https://copr.fedorainfracloud.org/coprs/mikelo2/gh/ I'm able to connect to the codespace with this build: > gh codespace ssh > ? Choose codespace: foo/bar (main): glowing goldfish > Welcome to Ubuntu 20.04.5 LTS (GNU/Linux 5.4.0-1105-azure x86_64) > (...) Trevor, can you confirm? F38 is broken at the moment and packages can't be built. The specs are available at: https://github.com/mikelolasagasti/github-cli There are many old specs used in the initial work to bring gh to Fedora. Now, to have this in the official repos: - Requires new package golang-github-cli-crypto, the forked crypto repo that implements RFC8332 by GitHub. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2183701 - https://src.fedoraproject.org/rpms/golang-github-cenkalti-backoff 4.2.0 in F37. I'll contact fab again about backporting this and about my related cleanup PR.
(In reply to Mikel Olasagasti Uranga from comment #4) > I've created a build for F37 in copr: > > https://copr.fedorainfracloud.org/coprs/mikelo2/gh/ > > I'm able to connect to the codespace with this build: > > > gh codespace ssh > > ? Choose codespace: foo/bar (main): glowing goldfish > > Welcome to Ubuntu 20.04.5 LTS (GNU/Linux 5.4.0-1105-azure x86_64) > > (...) > > Trevor, can you confirm? > > F38 is broken at the moment and packages can't be built. > > The specs are available at: > > https://github.com/mikelolasagasti/github-cli > > There are many old specs used in the initial work to bring gh to Fedora. > > Now, to have this in the official repos: > > - Requires new package golang-github-cli-crypto, the forked crypto repo that > implements RFC8332 by GitHub. > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2183701 > - https://src.fedoraproject.org/rpms/golang-github-cenkalti-backoff 4.2.0 in > F37. I'll contact fab again about backporting this and about my related > cleanup PR. Mikel, The copr repo RPM resolves the RSA error and establishes a connection to the codespace as expected. Thanks
FEDORA-2023-a7423af03f has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-a7423af03f
FEDORA-2023-a7423af03f has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
@mikel Did this issue get split into separate tickets? I noticed this one got closed with the mention of F39, but nothing about F37 or F38 (which I believe is only a couple of weeks out). Thanks
This case has been automatically closed as a build for rawhide that has the fix has been built. As I reference the BZ in the changelog it gets automatically closed. The fix is not part of F38 or F37 yet. I'm waiting the ACK from fab on backporting `golang-github-cenkalti-backoff` 4.2.0 required by latest `gh` version. I try to keep the branches equal to rawhide so I can backport commits between branches, that's why I'm waiting the `golang-github-cenkalti-backoff` backport. I'll link the updates for F38 and F37 to this BZ and it should report updates about the status of those releases. I could clone the BZ for each release as Red Hat does for this kind of situations, but I rather not because of the extra work. Sorry for the confusion.
Great. Thank you for the quick response.
FEDORA-2023-b3b4f45dcf has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-b3b4f45dcf
FEDORA-2023-cb20f08a4e has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-cb20f08a4e
FEDORA-2023-b3b4f45dcf has been pushed to the Fedora 38 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-b3b4f45dcf See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-cb20f08a4e has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-cb20f08a4e` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-cb20f08a4e See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-b3b4f45dcf has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2023-cb20f08a4e has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.