0

Context: I am trying to verify my public key on a Gitea instance. Gitea provides a token for me to generate a signature; The instructions say:

echo -n 'TOKEN_PROVIDED' | ssh-keygen -Y sign -n gitea -f PATH_TO_PUBLIC_KEY

When I do this, ssh-keygen replies with

unknown option -- Y

I've been able to verify before on my personal computer, but it seems like ssh-keygen on the server I am logged in at has a different ssh-keygen as it seems to be missing that flag.

  • Should I be using a different version of ssh-keygen?
  • How else could I verify with my current ssh-keygen version?

Specific stack info (although I hope the answers are general enough to be applicable elsewhere):

  • Debian 10
Christian Galo
  • 11
  • 3

2 Answers2

1

Your version of OpenSSH is too old.

Debian 10 appears to have version 7.9p1, but the -Y argument to ssh-keygen (and support for signing and verification in general) didn't show up until version 8.0p1.

Debian 10 is approraching end-of-life. One solution would be to update to a more recent release.

An alternative solution would be to use a container runtime like Docker or Podman to run a more recent version of ssh-keygen (e.g., the debian:11 image includes OpenSSH 8.4p1).

larsks
  • 41,276
  • 13
  • 117
  • 170
-1

For ssh from windows, execute this command in cmd (opened as administrative):

notepad ~/.ssh/

after that, enter tab to complete like:

notepad C:\Users\User\.ssh\known_hosts

In the opened notepad window, remove the server IP row that you are trying to connect. Save in notepad and close it. Ssh again, it will be fixed.

On Linux:

vim ~/.ssh/known_hosts

Same as windows.

mohammad khanjani
  • 1
  • 3