Currently AWS CodeCommit requires an RSA SSH Key (ED25519 not supported) when connecting to the git repos. However, the way CodeCommit works is it generates a random user that you will need to use when connecting to codecommit AFTER you upload your SSH Key to AWS CodeCommit. Therefore, we have no idea what the USER@HOST will be until after the key has been provided to AWS. How can onlykey be used in this scenario?
The onlykey-agent does support RSA keys as stored keys - OnlyKey SSH/GPG agent | Docs
It sounds like if CodeCommit is generating a random user then its not using the user you specify in your SSH public key anyway. It sounds like it just ignores the user@host you specify in your public key if it is then generating a random username. If this is the case you would:
- Load your RSA signing key into OnlyKey
- Generate public key (using any username as it’s ignored) i.e.
onlykey-agent user@host -e rsa -sk RSA2
- Upload your public key
- Find out what the random username it assigns is
- From then on use onlykey-agent with that i.e.
onlykey-agent -c randomuser@host -e rsa -sk RSA2
running
onlykey-agent user@host -e rsa -sk RSA2
Errors
libagent.device.interface.DeviceError: Error response length is not a valid public key
I tried creating new keys in gnuPG and then loaded the encryption key to RSA slot 1 with “use for decryption” selected and the signing key to RSA slot 2 with “use for signing” selected to onlykey for measure but still same error.
I have a backup onlykey that I just completely wiped and installed fresh with the v2.1.1 STD firmware. I didn’t load any custom keys and tried it and same error.
I am running ubuntu desktop 20.04.
What size RSA key are you using. RSA-2048 and RSA-4096 are supported.
I generated an RSA-4096 key for E, S and A using gnuPG on ubuntu. works fine on yubikey