However, the GitKraken team has warned that users who upgraded to a new version will still need to replace their GitKraken generated keys if they were generated in the affected versions. The vulnerability was fixed with the release of GitKraken 8.0.1. A remote attacker can generate duplicate SSH keys and gain unauthorized access to the affected systems. The vulnerability exists due to an error in the pseudo-random number generator used by keypair to generate RSA keys for SSH connections. The bug, which was discovered in late September by the GitKraken team, resides in the open source SSH key generation library that was implemented in GitKraken versions 7.6.x, 7.7.x, 8.0.0, released between 5-12-21 and 9-27-21. The decision to revoke SSH keys was made after GitKraken engineering team contacted Git hosting service providers about the issue. Same for extra links.Microsoft Azure DevOps, GitHub, GitLab, and BitBucket, four of the largest code hosting portals to date, have all issued a mass recall of SSH keys following a report about a vulnerability in GitKraken, a popular Git software client. PS: Sorry that I can't embed images directly into my answer, not enough karma for that yet. If you wanted to use the command line to change the URL you can run the git-bash equivalent to git remote set-url from within the repo's root directory. Without Pagent you can only use one key at a time and change the settings when you need to change keys. In Windows if you aren't using Pagent (from PuTTY) then you shouldn't select "use local agent" in GitKraken. switch these from to these steps are done then you can start changing GitKraken's ssh settings. This will open a sub-window that that will have two text boxes you can edit. Click options and select "Edit Origin".Hovering over this item reveals a vertical ".", that is the options button. With the remote group expanded you should see a source called Origin.This panel may be hidden, if so you'll need to click the right facing arrow symbol that should appear under the folder icon in the top left. In the left panel expand the remote group (represented by a cloud).Luckily you can do this inside GitKraken.įirst you should navigate to your repo in GitKraken. You will first have to change the URL for your remote. If the repo was cloned with HTTPS then no changes to SSH settings will work. When I do a pull I'm always prompted to insert the username and pass (even though I started the ssh-agent process from the git-bash).ĭon't know how I can solve this so any help you guys can provide will be much appreciated.Īlso, can't find a single way in app or online to remove/delete a repository from the app (I hope it's not obvious and I'm making a fool of myself).gitkraken and changed the paths for the ssh keys to: "useLocalAgent": true, "privateKey": "C:\Users\mendo\.ssh\id_rsa", "publicKey": "C:\Users\mendo\.ssh\id_rsa.pub". Have messed around with the profile inside.Added the public one to my gitlab profile and can "ssh -T successfully. I'm running Windows 10 with git-bash and have followed the tutorial on Github to generate the keys and add them to the ssh-agent. I believe the repo from Gitlab was added with https, can't find a way to change this, don't know if it's important. Configuration options / tutorials for this issue are scarce/nonexistant. I've been having a hard time getting the auth to work with ssh keys (don't want to be prompted for user and pass every time).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |