Search
Close this search box.

Git Blog

Releasing the Power of Git

Keif fixing issues for GitKraken users

Weak SSH Key Generation Fix in GitKraken v8.0.1

GitKraken

GitKraken

If you are using GitKraken versions 7.6.x, 7.7.x, or 8.0.0, this article explains what steps you can take to maintain secure SSH key connections to remote repositories on GitHub, GitLab, Bitbucket, and Azure DevOps.  

How to Fix the Weak SSH Key Issue

This issue only affects GitKraken users who generated SSH keys through the GitKraken interface using versions 7.6.x, 7.7.x,  8.0.0. If you are not sure what version you used to generate your SSH key, we encourage you to renew your key through the following process.

Affected users need to:

  1. Remove all old GitKraken-generated SSH keys stored locally. 

  2. Generate new SSH keys using GitKraken 8.0.1, or later, for each of your Git service providers. 

Follow these instructions to generate and connect an SSH key in GitKraken for:


If you have any questions or concerns, please contact our support team at [email protected]

More Information About the Issue

In late September, the GitKraken team discovered a flaw in the open source SSH key generation library that was implemented in versions 7.6.x, 7.7.x, 8.0.0, released between 5/12/21 and 9/27/21. This flaw resulted in a weaker form of public SSH keys being created. Weak keys are created with low entropy, meaning there is a higher probability of key duplication.

The GitKraken engineering team has fixed this issue as of version 8.0.1 by replacing the previous SSH key generation library with a new one. Note: Users who have upgraded to version 8.0.1 or later will still need to replace their GitKraken generated keys if they were generated in the affected versions. 
The team also contacted Git hosting service providers GitHub, Bitbucket, GitLab, and Azure DevOps to alert them to the issue. Working closely with all of these providers, we invalidated the weak public keys that were in use. Where possible, the affected keys are now permanently blocked by the Git hosting service providers.

We will continue to work toward the highest security standards possible for all of our users. 

Like this post? Share it!

Read More Articles

Make Git Easier, Safer &
More Powerful

with GitKraken
Start Free GitKraken Pro Trial
Products
Pricing
Help Center  
GitKraken Desktop
GitLens
Git Integration for Jira
Community

Learn Git Library
Git Commands Cheat Sheet
Git Blog
GitKraken Labs
Git Conference
Ambassador Program
Newsletter
Slack Community  
GitKraken for Students
Store
Keif Gallery

Company

Contact Us
About Us
Careers
Customers
Media
News
Awards
Events
Press Releases
Logos
Privacy

Slack Youtube Linkedin

© 2024 Axosoft, LLC DBA GitKraken

Visual Studio Code is required to install GitLens.

Don’t have Visual Studio Code? Get it now.
Continue to install GitLens

Team Collaboration Services

Secure cloud-backed services that span across all products in the DevEx platform to keep your workflows connected across projects, repos, and team members
Launchpad – All your PRs, issues, & tasks in one spot to kick off a focused, unblocked day. Code Suggest – Real code suggestions anywhere in your project, as simple as in Google Docs. Cloud Patches – Speed up PR reviews by enabling early collaboration on work-in-progress. Workspaces – Group & sync repos to simplify multi-repo actions, & get new devs coding faster. DORA Insights – Data-driven code insights to track & improve development velocity. Security & Admin – Easily set up SSO, manage access, & streamline IdP integrations.
Start Your Free Trial

GitKraken Browser Extension

Your bridge between apps
Track PRs   –   View PRs in GitKraken or VS Code  –   Work More Effectively with Repo Providers
Add to Chrome
Add to Firefox
Add to Microsoft Edge

GitLens for VS Code

Your IDE, Smarter with Git
30M+ INSTALLS
Navigate Git, Minimize MistakesUnblock PR & Code ReviewsManage Multiple ReposCode with Momentum
Install GitLens in VS Code

GitKraken CLI

Ultimate CLI for Git Collaboration
Bring PRs, WIPs & Issues to the TerminalRun Multi-Repo CommandsManage Groups of ReposSuggest Code Revisions 
winget install gitkraken.cli
Or download on GitHub

GitKraken.dev

Your Command Center in the Browser
Track PRs & IssuesSuggest and Share Code ChangesRamp Up New Devs FasterBring Your Team TogetherSecure and Control Your Data
Sign Into Your Account
Sign up for free

GitKraken Desktop

Simplify Git For Any OS
Visualize Git, Minimize Mistakes   –   Unblock PR & Code Reviews   –   Manage Multiple Repos   – Resolve Merge Conflicts with Ease   –   Ramp Up Devs Faster
Start Free GitKraken Pro Trial