SSH keys no longer work since the update to 1.69.2.0

[Ramo-Y]

After the update I could not do anything with repositories cloned via ssh. I also can't clone new repositories with ssh. I recreated the ssh keys but it didn't work.

We use Bitbucket as our git server and have the same issue with multiple collaborators.

The logs:

Workaround:

Use the installed git instance instead of the one from git-fork

[DanPristupov]

Here's what I found: https://stackoverflow.com/a/69657512

Git For Windows 2.33.1 comes with OpenSSH 8.8 which disables RSA signatures using the SHA-1 hash algorithm by default.

Incompatibility is more likely when connecting to older SSH implementations that have not been upgraded or have not closely tracked improvements in the SSH protocol.

Here's a topic in the issue tracker of Git-for-windows: git-for-windows/git#3468

Solutions:

1. Ensure you are on Fork 1.69.3 and generate a new SSH key pair
   or
2. Uncheck all keys in the SSH configuration dialog in Fork, open %localappdata%\fork\gitInstance\2.33.1\etc\ssh\ssh_config and add the following:

Host stash.company.org
  HostkeyAlgorithms +ssh-rsa
  PubkeyAcceptedAlgorithms

[Ramo-Y]

When I add the following and try to fetch via console, an error message appears:

Host stash.company.org
  HostkeyAlgorithms +ssh-rsa
  PubkeyAcceptedAlgorithms

The error message:

$ git fetch
/etc/ssh/ssh_config line 59: no argument after keyword "pubkeyacceptedalgorithms"
/etc/ssh/ssh_config: terminating, 1 bad configuration options
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

However, after I added that, it works via console:

Host stash.company.org
  HostkeyAlgorithms +ssh-rsa
  PubkeyAcceptedAlgorithms +ssh-rsa

Unfortunately, it does not work via the fork UI

[DanPristupov]

Did you update stash.company.org with your own company host?

[Ramo-Y]

Did you update stash.company.org with your own company host?

Yeah sure :)

As I said, it works via the Fork-integrated console (top right), but not via the UI

[mtnpke]

I see the same behavior. It does work if in the SSH Key selection dialogue in Fork, no key is selected. It seems that if a key is selected, the ssh_config is not taken into account or something like that.

[mtnpke]

For people using Bitbucket Server, an update might be the way to go: https://jira.atlassian.com/browse/BSERV-13013

[DanPristupov]

I've just released the 1.69.3 update which generates ED25519 keys by default.

[Ramo-Y]

I have regenerated the ssh key and it works. Thanks Dan!

[leonidcan]

I am getting Smudge error while downloading assets from LFS :(

[shard013]

I've just released the 1.69.3 update which generates ED25519 keys by default.

Thank you for that update @DanPristupov. However some services such as Azure DevOps do not support ED25519 yet. This was the first thing I tried when I started getting this error.

Could you add an easier way to allow users to opt back into ssh-rsa please?

[DanPristupov]

@shard013 I didn't know that. We will add the ability to select a type of key in the next update. You can still use existing RSA keys, or the new ones, if you generate them in CLI (ssh-keygen -t rsa -b 4096)

[shard013]

@DanPristupov When I have a specific key selected I get the following error.
Unable to negotiate with x.x.x.x port 22: no matching host key type found. Their offer: ssh-rsa
fatal: Could not read from remote repository.

This happens even after setting HostkeyAlgorithms and PubkeyAcceptedAlgorithms in %localappdata%\fork\gitInstance\2.33.1\etc\ssh\ssh_config

I was able to set this as expected in my ~/.ssh/config but the Fork git client doesn't seem to recognise the setting in either. Unchecking the key to let the ssh agent manage the keys fixed the issue, but it was not obvious to me that this was the work around until finding this issue.

[melchor629]

@DanPristupov When I have a specific key selected I get the following error. Unable to negotiate with x.x.x.x port 22: no matching host key type found. Their offer: ssh-rsa fatal: Could not read from remote repository.

This happens even after setting HostkeyAlgorithms and PubkeyAcceptedAlgorithms in %localappdata%\fork\gitInstance\2.33.1\etc\ssh\ssh_config

I was able to set this as expected in my ~/.ssh/config but the Fork git client doesn't seem to recognise the setting in either. Unchecking the key to let the ssh agent manage the keys fixed the issue, but it was not obvious to me that this was the work around until finding this issue.

Same issue as above comment, fixed by disabling the key in Fork. The difference is I'm using the "Git for Windows" instance instead of the internal one.

[JulianPritchard]

I've been having some similar issues with Git-Fork on Windows with SSH when using a SSH Proxy

I needed to have my ssh traffic to github go over https, so I set the following in my ~/.ssh/config

ProxyCommand "C:/Program Files/Git/mingw64/bin/connect.exe" -H http://proxy.uri:9001/ %h %p

Host github.com
    Hostname ssh.github.com
    Port 443
    User git

All CLI methods of connecting via SSH were working, I even copied the test connection string from the fork.log and ran it in the git-fork mingw instance I opened from the GUI and it ran as expected.

Unchecking the key in the File -> Configure SSH Keys... seems to have resolved this and now it is working correctly.

(Apologies for any weird phrases: I tried to add the terms I used when searching for the issue in case someone else is having similar trouble and comes across this thread)

[Pell17]

I'm on Windows, version 1.70.0.0 and still cannot get this to work. Git works in the console (Repository -> Open in console) so this has been a workaround for me. I now traced it down to the following. Fork is executing Git with the following environment variable set:

GIT_SSH_COMMAND=ssh -i 'C:/Users/myname/.ssh/fork_ssh_key' -F '/dev/null'

The -F command line parameter causes SSH to ignore all config files. By tracing the process, I have confirmed that SSH is not accessing any config files.
Similarly, when I execute git in the console with this environment variable, it also fails:

$ GIT_SSH_COMMAND="ssh -i 'C:/Users/myname/.ssh/fork_ssh_key' -F '/dev/null'" git fetch
Unable to negotiate with 10.10.10.10 port 29418: no matching host key type found. Their offer: ssh-rsa,ssh-dss
fatal: Could not read from remote repository.

So I believe the -F must go. Reading the config file will also enable having individual keys for different git servers.

[DanPristupov]

@Pell17 uncheck all SSH keys in the SSH configuration dialog (File -> Configure SSH keys). Otherwise Fork will override the system SSH configuration.

[Pell17]

This works but is quite unintuitive. I would recommend to add this information to the "Configure SSH keys" dialog.