SSH key cannot be verified due to 2047 length

[BeeFox-sys]

Description

When generating an rsa ssh key, there is a chance the final bit is a zero, resulting in a 2047 bit length key, by default git tea does not allow for these keys. this should be changed to allow people to use them.

Gitea Version

1.17.0+dev-759-g761db4d53

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

https://try.gitea.io/user/settings/keys

Database

No response

[zeripath]

Does this happen for other key types too?

If not, we should change this:

gitea/modules/setting/setting.go

Line 173 in ed13d7a

MinimumKeySizes: map[string]int{"ed25519": 256, "ed25519-sk": 256, "ecdsa": 256, "ecdsa-sk": 256, "rsa": 2048},

to:

		MinimumKeySizes:               map[string]int{"ed25519": 256, "ed25519-sk": 256, "ecdsa": 256, "ecdsa-sk": 256, "rsa": 2047},

and add a comment as to why this is 2047 rather than 2048.

If so, we should change this:

gitea/models/asymkey/ssh_key_parse.go

Line 198 in ed13d7a

if minLen, found := setting.SSH.MinimumKeySizes[keyType]; found && length >= minLen {

to:

	if minLen, found := setting.SSH.MinimumKeySizes[keyType]; found && length + 1 >= minLen {

and add a comment explaining that we allow one byte shorter due to accepting an initial/terminal 0.

---

If you're able to find out which of the above is the case then we can make the patch.

In the meantime as a workaround you can change the defaults to allow minimums one byte less in size.

[BeeFox-sys]

I am unsure as i do not run gitea myself, and was advised by the person who runs the server. we did implement the workaround and that worked fine but i still opened an issue after some research into why it was happening

[zeripath]

OK I think it's only rsa that can be affected here. So I'll just do a very simple pr.