-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Git 2.33.1 breaks rsa/sha-1 negotiation over ssh #3468
Comments
I fear that this ship has sailed. v2.33.1 is already an official Git for Windows version. BTW OpenSSH's release notes also have this to say:
|
Thanks for the reference. I didn't notice it. Solved now. I didn't mean that you "republish 2.33.1", it was more like a comment for next time that a breaking change is inserted. |
I'm in trouble similar to yours.The newest Git 2.33.1 throw error: |
@xiayitian1003 you probably missed the solution:
|
Specific example that I can confirm works as a workaround: create file
Update |
I should add, that although the above workaround does work for Stash, the better solution is to generate a new RSA key pair. For example:
Next, on your Stash website, under Manage Account, SSH Keys, add a new key, using the contents of the |
That is wrong, IMHO. Your example updates the client keys, while the incompatibility is with host keys on the server side. The workaround in ~/.ssh/config just allows those server-side host keys to be accepted. Apart from that: It would be nice, if someone with git acces could add a warning for this issue in the release-notes. Not everybody follows all the relese-notes of included packages... just my 2c |
You can always open a PR to edit https://github.com/git-for-windows/build-extra/blob/master/ReleaseNotes.md. |
For extra info, I was struggling with the config file not working on Windows and Bitbucket |
At least on my setup, the host keys were Ok. Regenerating my client keys solved the issue for me. |
The issue isn't really an issue of either side, but an incompatibility between the two sides.
All three are solutions, but the first two should be prefered for security reasons.
That works, but will be overwriten when updating or reinstalling Git for Windows. |
Yeah, I'm just puzzling over this..... |
@Eddy555 why not put it into |
It doesn't work for some reason, and I've not been able to figure out why. Putting it into the Git folder config file did work. Maybe because of the SSH program that's being used (Git\usr\bin)? |
You can always figure out where |
|
Excellent. |
As far as I know, many code hosting platforms will use golang to develop their Git Over SSH server(Gitea, Gogs, Gitee, CODING, Ant Code, CodeUp .....). Because golang x/crypto does not support the HostKey algorithm of |
any body can help me to
i add this to config file but this is not useful. some body help me please |
@heartacker you need to adjust |
yes i have change old-host to ip:
|
You appear to be missing the +ssh-rsa on PubkeyAcceptedAlgorithms |
Thank, it Work
|
The suggested change on the |
Looks like that vscode extension is using an old version of OpenSSH (pre 8.5). You can probably use the old deprecated name of that config option: |
Worked like a charm! Thanks |
This comment has been minimized.
This comment has been minimized.
@orgads FWIW, Gerrit 3.6 fixes this incompatibility. |
The release notes of openssh 8.8, which is shipped with this version, say:
Our (internal) Git servers still use this algorithm, so we can not connect to any of them with this version of Git. This is the default key that is created by Gerrit, even on version 3.4, which is the latest stable (it was replaced and then reverted).
If you consider this upgrade necessary, please at least postpone it for a major release.
The text was updated successfully, but these errors were encountered: