* Error after update from 2.31.1 -> 2.36: Unable to negotiate with IP port X: no matching host key type found. @ 2022-04-26 14:05 Elektronik (C.Gerhardt GmbH & Co. KG) 2022-04-26 14:49 ` Carlo Marcelo Arenas Belón 0 siblings, 1 reply; 5+ messages in thread From: Elektronik (C.Gerhardt GmbH & Co. KG) @ 2022-04-26 14:05 UTC (permalink / raw) To: git@vger.kernel.org; +Cc: CRM (C.Gerhardt GmbH & Co. KG) Hey at all, don't know if this is the right way to report a bug although I read so in https://git-scm.com/community. Never used mailing lists before so I hope I am doing well... I found that after an update from git 2.31.1. to 2.36 the authentication to our git server (running gitea 1.13.1) fails. We are getting the following error: $ git clone ssh://git@192.168.101.69:4711/CG/DT_installer_script.git Cloning into 'DT_installer_script'... Unable to negotiate with 192.168.101.69 port 4711: no matching host key type found. Their offer: ssh-rsa fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. The SSH keys were generated with Puttygen, converted to openSSH format and are stored in c:\users\USER\.ssh\ The keys have not been changed after the update. With Version 2.31.1 it is working fine but after upgrading to 2.36 I get the above error. Am I doing something wrong or is this a buggy behaviour? OS: Win 10 Best regards, i.A. Stefan Mayrhofer C. Gerhardt GmbH & Co. KG Cäsariusstraße 97 D-53639 Königswinter Tel.: +49 2223 2999 513 Fax: +49 2223 2999 99 Mail: mailto:elektronik@gerhardt.deWeb: https://www.gerhardt.de ----------------------------------------------------------------------------------- Persönlich haftende Gesellschafter: Dr. Macke GmbH, Königswinter - Vertretungsberechtigte Geschäftsführer: Jan Macke, Tom Macke Registergericht: Amtsgericht Siegburg - Registernummer: HRA4275 - WEEE: Reg.-Nr. DE 54940101 Aus Rechts- und Sicherheitsgruenden ist die in dieser E-Mail gegebene Information nicht rechtsverbindlich. Eine rechtsverbindliche Bestaetigung reichen wir Ihnen gerne auf Anforderung in schriftlicher Form nach.Beachten Sie bitte, dass jede Form der unautorisierten Nutzung, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail nicht gestattet ist. Diese Nachricht ist ausschliesslich fuer den bezeichneten Adressaten oder dessen Vertreter bestimmt. Sollten Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein, so bitten wir Sie, sich mit dem Absender der E-Mail in Verbindung zu setzen. For legal and security reasons the information provided in this e-mail is not legally binding. Upon request we would be pleased to provide you with a legally binding confirmation in written form. Any form of unauthorised use, publication, reproduction, copying or disclosure of the content of this email is not permitted. This message is exclusively for the person addressed or their representative. If you are not the intended recipient of this message and its contents, please notify the sender immediately. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Error after update from 2.31.1 -> 2.36: Unable to negotiate with IP port X: no matching host key type found. 2022-04-26 14:05 Error after update from 2.31.1 -> 2.36: Unable to negotiate with IP port X: no matching host key type found Elektronik (C.Gerhardt GmbH & Co. KG) @ 2022-04-26 14:49 ` Carlo Marcelo Arenas Belón 2022-04-26 15:52 ` rsbecker 2022-04-26 21:24 ` brian m. carlson 0 siblings, 2 replies; 5+ messages in thread From: Carlo Marcelo Arenas Belón @ 2022-04-26 14:49 UTC (permalink / raw) To: Elektronik (C.Gerhardt GmbH & Co. KG) Cc: git@vger.kernel.org, CRM (C.Gerhardt GmbH & Co. KG) On Tue, Apr 26, 2022 at 02:05:14PM +0000, Elektronik (C.Gerhardt GmbH & Co. KG) wrote: > > I found that after an update from git 2.31.1. to 2.36 the authentication to our git server (running gitea 1.13.1) fails. We are getting the following error: I am guessing the issue might be the one documented in the following git for windows issue: https://github.com/git-for-windows/git/issues/3468 The problem is not with git (neither a git for windows) specific issue, but with the underlying version of openssh that is used in your server and the best course of option is to upgrade that and generate a new host key, but there are other options shown in that ticket that might help in the meanwhile. Carlo ^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: Error after update from 2.31.1 -> 2.36: Unable to negotiate with IP port X: no matching host key type found. 2022-04-26 14:49 ` Carlo Marcelo Arenas Belón @ 2022-04-26 15:52 ` rsbecker 2022-04-26 21:24 ` brian m. carlson 1 sibling, 0 replies; 5+ messages in thread From: rsbecker @ 2022-04-26 15:52 UTC (permalink / raw) To: 'Carlo Marcelo Arenas Belón', 'Elektronik (C.Gerhardt GmbH & Co. KG)' Cc: git, 'CRM (C.Gerhardt GmbH & Co. KG)' On April 26, 2022 10:49 AM, Carlo Marcelo Arenas Belón wrote: >On Tue, Apr 26, 2022 at 02:05:14PM +0000, Elektronik (C.Gerhardt GmbH & Co. KG) >wrote: >> >> I found that after an update from git 2.31.1. to 2.36 the authentication to our git >server (running gitea 1.13.1) fails. We are getting the following error: > >I am guessing the issue might be the one documented in the following git for >windows issue: > > https://github.com/git-for-windows/git/issues/3468 > >The problem is not with git (neither a git for windows) specific issue, but with the >underlying version of openssh that is used in your server and the best course of >option is to upgrade that and generate a new host key, but there are other >options shown in that ticket that might help in the meanwhile. I noticed this prior to 2.36.0, so I do no think it is related to git. Switching OpenSSH versions triggered this situation. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Error after update from 2.31.1 -> 2.36: Unable to negotiate with IP port X: no matching host key type found. 2022-04-26 14:49 ` Carlo Marcelo Arenas Belón 2022-04-26 15:52 ` rsbecker @ 2022-04-26 21:24 ` brian m. carlson 2022-04-27 6:05 ` AW: " Elektronik (C.Gerhardt GmbH & Co. KG) 1 sibling, 1 reply; 5+ messages in thread From: brian m. carlson @ 2022-04-26 21:24 UTC (permalink / raw) To: Carlo Marcelo Arenas Belón Cc: Elektronik (C.Gerhardt GmbH & Co. KG), git@vger.kernel.org, CRM (C.Gerhardt GmbH & Co. KG) [-- Attachment #1: Type: text/plain, Size: 1669 bytes --] On 2022-04-26 at 14:49:14, Carlo Marcelo Arenas Belón wrote: > On Tue, Apr 26, 2022 at 02:05:14PM +0000, Elektronik (C.Gerhardt GmbH & Co. KG) wrote: > > > > I found that after an update from git 2.31.1. to 2.36 the authentication to our git server (running gitea 1.13.1) fails. We are getting the following error: > > I am guessing the issue might be the one documented in the following git for > windows issue: > > https://github.com/git-for-windows/git/issues/3468 > > The problem is not with git (neither a git for windows) specific issue, but > with the underlying version of openssh that is used in your server and the > best course of option is to upgrade that and generate a new host key, but > there are other options shown in that ticket that might help in the meanwhile. Yes, the error message you're seeing indicates that your version of OpenSSH, which is used by Git for Windows, has disabled the insecure ssh-rsa signature algorithm. Keys using the ssh-rsa key type, which can use ssh-rsa as the signature algorithm or the secure rsa-sha2-256 and rsa-sha2-512, can continue to be used if you support the new signature types. The problem is that Gitea uses the Go SSH library, which inherits this problem. Gitea is tracking this as [0]. The easiest way to solve this would be to add a host key that is Ed25519, which won't have the same problem. The issue I mentioned above also has a workaround to re-enable the ssh-rsa signature type if you can't do that, but of course that's insecure. [0] https://github.com/go-gitea/gitea/issues/17798 -- brian m. carlson (he/him or they/them) Toronto, Ontario, CA [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 262 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* AW: Error after update from 2.31.1 -> 2.36: Unable to negotiate with IP port X: no matching host key type found. 2022-04-26 21:24 ` brian m. carlson @ 2022-04-27 6:05 ` Elektronik (C.Gerhardt GmbH & Co. KG) 0 siblings, 0 replies; 5+ messages in thread From: Elektronik (C.Gerhardt GmbH & Co. KG) @ 2022-04-27 6:05 UTC (permalink / raw) To: brian m. carlson, Carlo Marcelo Arenas Belón Cc: git@vger.kernel.org, CRM (C.Gerhardt GmbH & Co. KG) Thanks for the responses and explanations. I have understood that the old ssh-rsa is deprecated and will update to the new certificates and current git release by next week. Until then we'll keep the older 2.31 version so that I can work for now. As the server is located in our local network that is no big security issue. Best regards, i.A. Stefan Mayrhofer C. Gerhardt GmbH & Co. KG Cäsariusstraße 97 D-53639 Königswinter Tel.: +49 2223 2999 513 Fax: +49 2223 2999 99 Mail: elektronik@gerhardt.de Web: www.gerhardt.de ----------------------------------------------------------------------------------- Persönlich haftende Gesellschafterin: Dr. Macke GmbH, Königswinter - Vertretungsberechtigte Geschäftsführer: Jan Macke, Tom Macke Registergericht: Amtsgericht Siegburg - Registernummer: HRA4275 - WEEE: Reg.-Nr. DE 54940101 Aus Rechts- und Sicherheitsgruenden ist die in dieser E-Mail gegebene Information nicht rechtsverbindlich. Eine rechtsverbindliche Bestaetigung reichen wir Ihnen gerne auf Anforderung in schriftlicher Form nach.Beachten Sie bitte, dass jede Form der unautorisierten Nutzung, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail nicht gestattet ist. Diese Nachricht ist ausschliesslich fuer den bezeichneten Adressaten oder dessen Vertreter bestimmt. Sollten Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein, so bitten wir Sie, sich mit dem Absender der E-Mail in Verbindung zu setzen. For legal and security reasons the information provided in this e-mail is not legally binding. Upon request we would be pleased to provide you with a legally binding confirmation in written form. Any form of unauthorised use, publication, reproduction, copying or disclosure of the content of this email is not permitted. This message is exclusively for the person addressed or their representative. If you are not the intended recipient of this message and its contents, please notify the sender immediately. -----Ursprüngliche Nachricht----- Von: brian m. carlson <sandals@crustytoothpaste.net> Gesendet: Dienstag, 26. April 2022 23:24 An: Carlo Marcelo Arenas Belón <carenas@gmail.com> Cc: Elektronik (C.Gerhardt GmbH & Co. KG) <elektronik@gerhardt.de>; git@vger.kernel.org; CRM (C.Gerhardt GmbH & Co. KG) <crm@gerhardt.de> Betreff: Re: Error after update from 2.31.1 -> 2.36: Unable to negotiate with IP port X: no matching host key type found. On 2022-04-26 at 14:49:14, Carlo Marcelo Arenas Belón wrote: > On Tue, Apr 26, 2022 at 02:05:14PM +0000, Elektronik (C.Gerhardt GmbH & Co. KG) wrote: > > > > I found that after an update from git 2.31.1. to 2.36 the authentication to our git server (running gitea 1.13.1) fails. We are getting the following error: > > I am guessing the issue might be the one documented in the following git for > windows issue: > > https://github.com/git-for-windows/git/issues/3468 > > The problem is not with git (neither a git for windows) specific issue, but > with the underlying version of openssh that is used in your server and the > best course of option is to upgrade that and generate a new host key, but > there are other options shown in that ticket that might help in the meanwhile. Yes, the error message you're seeing indicates that your version of OpenSSH, which is used by Git for Windows, has disabled the insecure ssh-rsa signature algorithm. Keys using the ssh-rsa key type, which can use ssh-rsa as the signature algorithm or the secure rsa-sha2-256 and rsa-sha2-512, can continue to be used if you support the new signature types. The problem is that Gitea uses the Go SSH library, which inherits this problem. Gitea is tracking this as [0]. The easiest way to solve this would be to add a host key that is Ed25519, which won't have the same problem. The issue I mentioned above also has a workaround to re-enable the ssh-rsa signature type if you can't do that, but of course that's insecure. [0] https://github.com/go-gitea/gitea/issues/17798 -- brian m. carlson (he/him or they/them) Toronto, Ontario, CA ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-04-27 6:05 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-04-26 14:05 Error after update from 2.31.1 -> 2.36: Unable to negotiate with IP port X: no matching host key type found Elektronik (C.Gerhardt GmbH & Co. KG) 2022-04-26 14:49 ` Carlo Marcelo Arenas Belón 2022-04-26 15:52 ` rsbecker 2022-04-26 21:24 ` brian m. carlson 2022-04-27 6:05 ` AW: " Elektronik (C.Gerhardt GmbH & Co. KG)
Code repositories for project(s) associated with this public inbox https://80x24.org/mirrors/git.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).