Specifically, some SSH keys used on NFSN have stopped working. The problem seems to be because of a recent change in OpenSSH that invalidates certain (weaker) RSA keys.
NFSN recommends using Ed25519 keys instead for better security and performance. DeployHQ doesn’t generate these by default so this note documents how to use a custom keypair.
Assumes you have ssh-keygen and, optionally, pbcopy.
On your local machine:
ssh-keygen -t ed25519
You could provide more options but I stop there and follow the prompts, which will guide you through naming and saving your keypair. I believe you have to leave the passphrase blank for this to work with DeployHQ but I don’t know for sure.
You can quickly copy your public key thusly:
pbcopy < ~/path/to/keyname.pub
See NFSN’s member FAQs regarding public keys.
Navigate to the server config in your project and choose the option to upload a custom key. See DeployHQ’s documentation if needed. You can quickly copy your private key with:
pbcopy < ~/path/to/keyname
Note: you may need to click the link that resets the “host key.”
On the previous step, DeployHQ will warn you that your custom key will also be used to authenticate with your repo. So you will need to go to your repo’s setting and add the new public key there. Or, if you plan to be using this key for multiple repos, add the public key to your account settings.
date: Sunday, September 19, 2021
time: 1:15 PM
tagged: #reference #dev
published: https://blakewatson.com/notes/7b49e327