Skip to content

fix: Support both DSA and RSA public keys for OpenSSH 10.0+ compatibility #494

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Tarun-goswamii wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: Support both DSA and RSA public keys for OpenSSH 10.0+ compatibility #494

Tarun-goswamii wants to merge 1 commit into from

Conversation

@Tarun-goswamii
Copy link

@Tarun-goswamii Tarun-goswamii commented Jan 6, 2026

Summary

OpenSSH 10.0 (released 2025-04-09) removed DSA key support. This updates _load_pubkey() to recognize both DSA and RSA public keys, ensuring backward compatibility for existing users while supporting new installations.

Fixes the toolkit side of: sugarlabs/sugar#1004

Problem

The existing code only recognizes ssh-dss (DSA) prefix:

magic = 'ssh-dss '
for line in lines:
    line = line.strip()
    if not line.startswith(magic):
        continue
    return line[len(magic):]

#Solution
Support both key types:#

supported_key_types = ('ssh-dss ', 'ssh-rsa ')
for line in lines:
    line = line.strip()
    for magic in supported_key_types:
        if line.startswith(magic):
            return line[len(magic):]

@tarun111111
fix: support both DSA and RSA public keys for OpenSSH 10.0+ compatibi…
121313f 
…lity

OpenSSH 10.0 removed DSA key support. This change updates the
public key parsing to support both key types:
- ssh-dss (DSA) - for existing user profiles
- ssh-rsa (RSA) - for new profiles created on OpenSSH 10.0+

This ensures backward compatibility: users with existing DSA keys
can continue using Sugar, while new users will have RSA keys
generated by the companion change in the sugar repository.

The _hash_private_key() function already supports both key formats
through the OPENSSH PRIVATE KEY header detection.

Related: sugarlabs/sugar#1004
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Tarun-goswamii @tarun111111