agent key RSA SHA256: … returned incorrect signatu

2020-04-18 06:01发布

问题:

I'm trying to use CircleCI on a Go project on GitHub with the default template for Go projects.

For reference, here's what the default .circleci/config.yml looks like :

version: 2
jobs:
  build:
    docker:
      - image: circleci/golang:1.12.7-buster
    working_directory: /go/src/github.com/Permaweb/Host
    steps:
      - checkout
      - run: go get -t -u -v ./...
      - run: go test -v ./...

When the job runs, I get an error that's totally unrelated to the code itself.

agent key RSA SHA256:L1iUIhjfKejEONe0TFU3TaWkNwE2O0xWF/09K7P8WnA returned incorrect signature type
There is no tracking information for the current branch.
Please specify which branch you want to merge with.
See git-pull(1) for details.

    git pull <remote> <branch>

If you wish to set tracking information for this branch you can do so with:

    git branch --set-upstream-to=origin/<branch> develop

The error happens during a git pull on CircleCI on a branch that's different from master.

How can I fix this?

回答1:

There are two issues here, which are separate and independent.

The "agent key returned incorrect signature type" warning means that the SSH agent that's being used returned invalid data.

When you use an RSA SSH key, you can sign with one of several hash algorithms: SHA-1, SHA-256, or SHA-512. Originally, only SHA-1 was supported, and so every use of an RSA key implied that you were using SHA-1. However, SHA-1 is weak, so additional, stronger hash algorithms were added.

This message means that the SSH connection negotiated a connection using an RSA key with a different signature algorithm, either SHA-256 or SHA-512. However, the SSH agent, when asked to make the signature for that connection, provided an SHA-1 signature, which isn't in compliance with the agent protocol.

This message isn't intrinsically fatal, although the remote side may choose to reject your connection if it doesn't support SHA-1 signatures.

The other message you're seeing, the message from Git, means that you're trying to perform a git pull command without having a remote for that branch set up. In this case, that's because you're using go get on an existing repository, since that command will attempt to update the existing repository.

If you just want to install dependencies, running go build will usually do that automatically for you, so there's no need to run go get specifically for that purpose. If you need something more complex, then you should use Git itself for that, since go get is not designed to be used in complex situations.