Minimalist by design

Fixing gitlab's "Fingerprint cannot be generated" error


I recently came across a strange error with my Gitlab instance, which was fairly fresh (roughly two months): it was impossible to add new key to any account.

Googling the exact error proved unfruitful, as I don’t use SELinux and all pages where about SELinux preventing ssh-keygen to use files in the /tmp directory. And all keywords combinations led infallibly to the exact same results.

The solution jumped on me as I was doing research about ssh-keygen to try to understand.

From OpenSSH 6.8 changelog (2015-03-18):

Add FingerprintHash option to ssh(1) and sshd(8), and equivalent command-line flags to the other tools to control algorithm used for key fingerprints. The default changes from MD5 to SHA256 and format from hex to base64.

I guess the gitlab team didn’t know about this recent change. There is already (at the time of writing) a pull request to fix this error. For those who can’t wait, here is a quick fix to get running now :

Et voilĂ  !