Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to clone repository: Unable to exchange encryption keys #620

Open
benjaminbhollon opened this issue Jun 23, 2023 · 7 comments
Open

Failed to clone repository: Unable to exchange encryption keys #620

benjaminbhollon opened this issue Jun 23, 2023 · 7 comments

Comments

@benjaminbhollon
Copy link

This started recently, but every time I try to clone from my password repository I get this error:

Failed to clone repository from ssh://feynman/~/git/passwords to file file://private/var/mobile/Containers/Shared/AppGroup/273C16E8-30FE-4A34-B427-9987462E427D/Library/password-store-temp
Underlying Error: failed to start SSH session: Unable to exchange encryption keys

This exact configuration worked previously. I think it stopped after some updates on the server I'm trying to clone from.

Any pointers you have are much appreciated.
@apfohl
Copy link

apfohl commented Jul 6, 2023

I also get a similar error now. „Unable to exchange encryption keys“. Can someone tell what algorithms are now used when connecting via ssh? I’m no swift expert, but might be due to a dependency update.

@apfohl
Copy link

apfohl commented Jul 7, 2023

Might be related to #624

@benjaminbhollon
Copy link
Author

My best guess is that it's an incompatibility between whatever library the app is using and more recent versions of git—or, more likely, ssh—on the server side.

Looking at that issue, I am running NixOS for the server I'm trying to sync to (though I'm using just a bare git repo rather than a frontend like Gitea) so it could definitely be related.

@charlie-collard
Copy link

charlie-collard commented Aug 6, 2023
edited
Loading

Exactly the same issue for me, also running NixOS on the server. Definitely seems related to the linked issue.

@adamoudad
Copy link

adamoudad commented Jul 29, 2024
edited
Loading

Having the same issue too. passforios on iPad, and my password-store on a NixOS machine accessible via SSH.

It could be a problem related to the key generation algorithm: #153 .

I used ssh-keygen in iSH app to generate keys using RSA with default settings, is there any other algorithm that works?

Edit: I was able to succesfully clone my password-store with the same configuration using password-store app on Android. So the issue with passforios is likely coming from the git or ssh version/implementation they use.

@charlie-collard
Copy link

charlie-collard commented Jul 29, 2024
edited
Loading

@adamoudad as a workaround, adding this to my server NixOS config fixed this issue, along with using a ssh-ed25519 key instead of ssh-rsa. Definitely not ideal though, as I assume there was a security reason this MAC was disabled in the first place.

services.openssh.settings.Macs = [ "hmac-sha2-512" ];

@adamoudad
Copy link

adamoudad commented Jul 29, 2024
edited
Loading

Thanks for the workaround @charlie-collard !

For compatibility, it might be best to append hmac-sha2-512 to the default list used by the Nix option.

services.openssh.settings.Macs = [
      "hmac-sha2-512-etm@openssh.com"
      "hmac-sha2-256-etm@openssh.com"
      "umac-128-etm@openssh.com"
      "hmac-sha2-512" # For compatibility with passforios
      ];

In case hmac-sha2-512 does not work, more options to try out can found here #624 (comment)

@adamoudad adamoudad mentioned this issue Jul 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@apfohl @charlie-collard @adamoudad @benjaminbhollon