I've just noticed that ForgeJo LTS seems to be unable to handle my ED25519 SSH key, and instead insists on an RSA key. I noticed the hard way because I initially only added an ED25519 key and then was unable to push to the repo until I also added an RSA key. Is this to be expected?
fatal: Could not read from remote repository. #437
Maybe the length of your key is too small or ED25519 is disabled? See https://forgejo.org/docs/v11.0/admin/config-cheat-sheet/#ssh-minimum-key-sizes-sshminimum_key_sizes for the (default) minimum sizes.
If Forgejo accepted the key in the settings, it is accepted. Otherwise, it tells you about the problem while adding the key.
The most common cause for this is an SSH configuration that enforces a certain key. Could you run ssh -T git@your-forgejo-instance (with another user than git if you chose another one, this is the Forgejo system user, not your personal user account)? It allows to see if Forgejo thinks you are someone else.
you can repeat the above command with explicit files like
ssh -T git@your-instance -i /home/.../.ssh/my-ed25519-key
to see if this is accepted.
@mahlzahn wrote in #437 (comment):
Maybe the length of your key is too small or ED25519 is disabled? See https://forgejo.org/docs/v11.0/admin/config-cheat-sheet/#ssh-minimum-key-sizes-sshminimum_key_sizes for the (default) minimum sizes.
My ED25519 key is 512 bits long, which should be enough (min is half that).
@fnetX If I use this command:
ssh -T git@your-instance -i /home/.../.ssh/my-ed25519-key
Then I get a login banner, but then, the session hangs. If I use the same command without specifying the key (my agent has both the RSA and ED25519 keys), then I get a message that I have successfully authenticated, but that ForgeJo doesn't provide shell access. If I use the command without '-T', I can log in with the ED25519 key and get a shell.
This sounds like a misconfiguration with your SSH server. I think you should not be able to sign in using this key and this user. You might want to check your /home/git/.ssh/authorized_keys files to see if it only contains entries managed by Forgejo, and not twice your key.
All entries should look like this:
# gitea public key
command="/data/git/bin/forgejo --config=/etc/forgejo/conf/app.ini serv key-3",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,no-user-rc,restrict ssh-ed25519 AAAA... keyname
Before removing the key, please make sure that you have another way to log in to your system (e.g. another user or another key), so that disabling shell access for this key does not lock you out. Then, remove the key without the command prefix (or put it behind a comment).
No due date set.
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?