Description
Description
When verifying an SSH key to use it for signatures, gitea instructs to pipe a token to ssh-keygen -Y sign -n gitea -f /path_to_your_privkey:
https://github.com/go-gitea/gitea/blob/v1.21.2/templates/user/settings/keys_ssh.tmpl#L81
This is however not doable when the private key is on e.g. a smartcard (like a YubiKey) and SSH is done via an agent (which is what most people are probably doing anyways regardless of whether they use a hardware token).
In (at least) cases like this you can/need to pass the file containing the public key to ssh-keygen and the agent takes care of the rest.
Since this was changed from pubkey to private key in #20112 (cc @rluetzner @6543 @wxiaoguang ) I decided to not just revert it, but file a bug to discuss this first.
Ideally, it should be explained in the UI here that both variants are possible or link to appropriate docs.
Gitea Version
1.21.2
Can you reproduce the bug on the Gitea demo site?
Yes
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
NixOS 23.05
How are you running Gitea?
I deploy gitea on NixOS with the NixOS module.
This is not relevant to the issue itself because the instructions for verifying an SSH key are always the same.
Database
PostgreSQL