agent key RSA SHA256: … returned incorrect signature type

Question

I\'m trying to use CircleCI on a Go project on GitHub with the default template for Go projects.

For reference, here\'s what the default .circleci/config.yml

Answer 1

There are two issues here, which are separate and independent.

The "agent key returned incorrect signature type" warning means that the SSH agent that's being used returned invalid data.

When you use an RSA SSH key, you can sign with one of several hash algorithms: SHA-1, SHA-256, or SHA-512. Originally, only SHA-1 was supported, and so every use of an RSA key implied that you were using SHA-1. However, SHA-1 is weak, so additional, stronger hash algorithms were added.

This message means that the SSH connection negotiated a connection using an RSA key with a different signature algorithm, either SHA-256 or SHA-512. However, the SSH agent, when asked to make the signature for that connection, provided an SHA-1 signature, which isn't in compliance with the agent protocol.

This message isn't intrinsically fatal, although the remote side may choose to reject your connection if it doesn't support SHA-1 signatures.

The other message you're seeing, the message from Git, means that you're trying to perform a git pull command without having a remote for that branch set up. In this case, that's because you're using go get on an existing repository, since that command will attempt to update the existing repository.

If you just want to install dependencies, running go build will usually do that automatically for you, so there's no need to run go get specifically for that purpose. If you need something more complex, then you should use Git itself for that, since go get is not designed to be used in complex situations.