gitlab-sshd: Update crypto module to fix RSA keys with old gpg-agent

stanhu · stanhu · commit 72d615beaa87 · 2022-06-15T23:51:37.000-07:00
When we put gitlab-sshd in production, we noticed a number of clients using RSA keys would fail to login. The server would report: ``` ssh: signature "ssh-rsa" not compatible with selected algorithm "rsa-sha2-512" ``` This is reproducible on Ubuntu 18.04, which ships gpg-agent v2.2.4 and OpenSSH v7.6. That version of gpg-agent does not support `rsa-sha2-256` or `rsa-sha2-512`, but OpenSSH does. As a result, OpenSSH specifies `rsa-sha-512` as the public key algorithm to use in the user authentication request message, but gpg-agent includes an `ssh-rsa` signature. OpenSSH servers tolerates this discrepancy, but the Go implementation fails because it expects a strict match. This commit pulls in https://gitlab.com/gitlab-org/golang-crypto/-/merge_requests/9 to fix the problem. Relates to: 1. golang/go#53391 2. https://gitlab.com/gitlab-org/gitlab-shell/-/issues/587 Changelog: fixed
diff --git a/go.mod b/go.mod
@@ -81,4 +81,4 @@ require (
 	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect
 )
 
-replace golang.org/x/crypto => gitlab.com/gitlab-org/golang-crypto v0.0.0-20220518204012-9dd4a7273aac
+replace golang.org/x/crypto => gitlab.com/gitlab-org/golang-crypto v0.0.0-20220616060731-4818747c9fed
diff --git a/go.sum b/go.sum
@@ -888,8 +888,8 @@ gitlab.com/gitlab-org/gitaly/v14 v14.9.0-rc5.0.20220329111719-51da8bc17059 h1:X7
 gitlab.com/gitlab-org/gitaly/v14 v14.9.0-rc5.0.20220329111719-51da8bc17059/go.mod h1:uX1qhFKBDuPqATlpMcFL2dKDiX8D/tbUg7CYWx7OXt4=
 gitlab.com/gitlab-org/gitlab-shell v1.9.8-0.20201117050822-3f9890ef73dc/go.mod h1:5QSTbpAHY2v0iIH5uHh2KA9w7sPUqPmnLjDApI/sv1U=
 gitlab.com/gitlab-org/gitlab-shell v1.9.8-0.20210720163109-50da611814d2/go.mod h1:QWDYBwuy24qGMandtCngLRPzFgnGPg6LSNoJWPKmJMc=
-gitlab.com/gitlab-org/golang-crypto v0.0.0-20220518204012-9dd4a7273aac h1:qNUzqBTbEGGjF5Fp0NWz3rNmqamwchxM+QKUZYeOS1c=
-gitlab.com/gitlab-org/golang-crypto v0.0.0-20220518204012-9dd4a7273aac/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+gitlab.com/gitlab-org/golang-crypto v0.0.0-20220616060731-4818747c9fed h1:aXSyBpG6K/QsTGevZnpFoDR7Nwvn24RpkDoWe37B8eY=
+gitlab.com/gitlab-org/golang-crypto v0.0.0-20220616060731-4818747c9fed/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 gitlab.com/gitlab-org/labkit v0.0.0-20190221122536-0c3fc7cdd57c/go.mod h1:rYhLgfrbEcyfinG+R3EvKu6bZSsmwQqcXzLfHWSfUKM=
 gitlab.com/gitlab-org/labkit v0.0.0-20200908084045-45895e129029/go.mod h1:SNfxkfUwVNECgtmluVayv0GWFgEjjBs5AzgsowPQuo0=
 gitlab.com/gitlab-org/labkit v1.0.0/go.mod h1:nohrYTSLDnZix0ebXZrbZJjymRar8HeV2roWL5/jw2U=

Original file line number	Diff line number	Diff line change
`@@ -81,4 +81,4 @@ require (`
`81`	`81`	`gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect`
`82`	`82`	`)`
`83`	`83`
`84`		`-replace golang.org/x/crypto => gitlab.com/gitlab-org/golang-crypto v0.0.0-20220518204012-9dd4a7273aac`
	`84`	`+replace golang.org/x/crypto => gitlab.com/gitlab-org/golang-crypto v0.0.0-20220616060731-4818747c9fed`