| Issue 3517: | OpenSSH 7.0 dropped support for diffie-hellman-group1-sha1 - "no matching key exchange method" | |
| 28 people starred this issue and may be notified of changes. | Back to list |
Affected Version: GerritCodeReview_2.11.2 (SSHD-CORE-0.14.0) Steps to reproduce: 1. Update openssh client to 7.0 2. Try to 'git pull' from gerrit over ssh Output: $ git pull Unable to negotiate with 192.168.1.101: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 fatal: Could not read from remote repository. OpenSSH 7.0 dropped support for several ciphers: http://www.openssh.com/txt/release-7.0 Temporary workaround is to edit .ssh/config as described here: http://www.openssh.com/legacy.html
Aug 26, 2015
#1
gary.bea...@wandisco.com
Sep 9, 2015
for me it helped to delete the ssh_host_key in the gerrit folder (for me: /var/lib/gerrit/etc/) $ rm /var/lib/gerrit/etc/ssh_host_key $ rm /usr/share/java/bcprov.jar #delete old bouncy castle $ java -jar /usr/share/java/gerrit/gerrit.war init -d /var/lib/gerrit which asked to download the newest bouncy castle jars and regenerated the key. now it works.
Oct 13, 2015
Agreed; having Bouncy Castle libraries installed will work with diffie-hellman-group14-sha1. It shouldn't be necessary to regenerate the SSH keys (though I am working on a simple app to convert the "simple" RSA key to the ssh-keygen format in the event you want to add a DSA host key as well). If you don't see diffie-hellman-group14-sha1 advertised, make sure you have the proper version of the Bouncy Castle libraries installed (removing them and running "gerrit init" should prompt you for the download, as I recall).
Nov 19, 2015
Cross link WIP in review: https://gerrit-review.googlesource.com/72261
Nov 19, 2015
(No comment was entered for this change.)
Status:
ChangeUnderReview
Dec 1, 2015
Just to clarify the work around. For standalone/Jetty install (gerrit.sh), place the bouncy castle jar in <gerrit site>/lib/. For tomcat (daemon.sh), you will have to place it where the actual war is deployed tomcat/webapps/<something>/WEB-INF/lib/ if your server is configured to unpackWar. |
|
| ► Sign in to add a comment |