50% off your 1st seat of GitKraken Pro — only $4/month!

Git Blog

Releasing the Power of Git

Keif fixing issues for GitKraken users

Weak SSH Key Generation Fix in GitKraken v8.0.1

If you are using GitKraken versions 7.6.x, 7.7.x, or 8.0.0, this article explains what steps you can take to maintain secure SSH key connections to remote repositories on GitHub, GitLab, Bitbucket, and Azure DevOps.  

How to Fix the Weak SSH Key Issue

This issue only affects GitKraken users who generated SSH keys through the GitKraken interface using versions 7.6.x, 7.7.x,  8.0.0. If you are not sure what version you used to generate your SSH key, we encourage you to renew your key through the following process.

Affected users need to:

  1. Remove all old GitKraken-generated SSH keys stored locally. 

  2. Generate new SSH keys using GitKraken 8.0.1, or later, for each of your Git service providers. 

Follow these instructions to generate and connect an SSH key in GitKraken for:

If you have any questions or concerns, please contact our support team at support@gitkraken.com

More Information About the Issue

In late September, the GitKraken team discovered a flaw in the open source SSH key generation library that was implemented in versions 7.6.x, 7.7.x, 8.0.0, released between 5/12/21 and 9/27/21. This flaw resulted in a weaker form of public SSH keys being created. Weak keys are created with low entropy, meaning there is a higher probability of key duplication.

The GitKraken engineering team has fixed this issue as of version 8.0.1 by replacing the previous SSH key generation library with a new one. Note: Users who have upgraded to version 8.0.1 or later will still need to replace their GitKraken generated keys if they were generated in the affected versions. 
The team also contacted Git hosting service providers GitHub, Bitbucket, GitLab, and Azure DevOps to alert them to the issue. Working closely with all of these providers, we invalidated the weak public keys that were in use. Where possible, the affected keys are now permanently blocked by the Git hosting service providers.

We will continue to work toward the highest security standards possible for all of our users. 

Like this post? Share it!

Read More Articles

Make Git Easier, Safer &
More Powerful

with GitKraken
Visual Studio Code is required to install GitLens.

Don’t have Visual Studio Code? Get it now.