AW: Error after update from 2.31.1 -> 2.36: Unable to negotiate with IP port X: no matching host key type found.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for the responses and explanations. I have understood that the old ssh-rsa is deprecated and will update to the new certificates and current git release by next week. Until then we'll keep the older 2.31 version so that I can work for now. As the server is located in our local network that is no big security issue.

Best regards, 

i.A. Stefan Mayrhofer 
C. Gerhardt GmbH & Co. KG 
Cäsariusstraße 97 
D-53639 Königswinter 

Tel.: +49 2223 2999 513 
Fax: +49 2223 2999 99 
Mail: elektronik@xxxxxxxxxxx 
Web: www.gerhardt.de 
----------------------------------------------------------------------------------- 
Persönlich haftende Gesellschafterin: Dr. Macke GmbH, Königswinter - Vertretungsberechtigte Geschäftsführer: Jan Macke, Tom Macke 
Registergericht: Amtsgericht Siegburg - Registernummer: HRA4275 - WEEE: Reg.-Nr. DE 54940101 

Aus Rechts- und Sicherheitsgruenden ist die in dieser E-Mail gegebene Information nicht rechtsverbindlich. Eine rechtsverbindliche Bestaetigung reichen wir Ihnen gerne auf Anforderung in schriftlicher Form nach.Beachten Sie bitte, dass jede Form der unautorisierten Nutzung, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail nicht gestattet ist. Diese Nachricht ist ausschliesslich fuer den bezeichneten Adressaten oder dessen Vertreter bestimmt. Sollten Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein, so bitten wir Sie, sich mit dem Absender der E-Mail in Verbindung zu setzen. 
For legal and security reasons the information provided in this e-mail is not legally binding. Upon request we would be pleased to provide you with a legally binding confirmation in written form. Any form of unauthorised use, publication, reproduction, copying or disclosure of the content of this email is not permitted. This message is exclusively for the person addressed or their representative. If you are not the intended recipient of this message and its contents, please notify the sender immediately. 
-----Ursprüngliche Nachricht-----
Von: brian m. carlson <sandals@xxxxxxxxxxxxxxxxxxxx> 
Gesendet: Dienstag, 26. April 2022 23:24
An: Carlo Marcelo Arenas Belón <carenas@xxxxxxxxx>
Cc: Elektronik (C.Gerhardt GmbH & Co. KG) <elektronik@xxxxxxxxxxx>; git@xxxxxxxxxxxxxxx; CRM (C.Gerhardt GmbH & Co. KG) <crm@xxxxxxxxxxx>
Betreff: Re: Error after update from 2.31.1 -> 2.36: Unable to negotiate with IP port X: no matching host key type found.

On 2022-04-26 at 14:49:14, Carlo Marcelo Arenas Belón wrote:
> On Tue, Apr 26, 2022 at 02:05:14PM +0000, Elektronik (C.Gerhardt GmbH & Co. KG) wrote:
> >  
> > I found that after an update from git 2.31.1. to 2.36 the authentication to our git server (running gitea 1.13.1) fails. We are getting the following error: 
> 
> I am guessing the issue might be the one documented in the following git for
> windows issue:
> 
>   https://github.com/git-for-windows/git/issues/3468
> 
> The problem is not with git (neither a git for windows) specific issue, but
> with the underlying version of openssh that is used in your server and the
> best course of option is to upgrade that and generate a new host key, but
> there are other options shown in that ticket that might help in the meanwhile.

Yes, the error message you're seeing indicates that your version of
OpenSSH, which is used by Git for Windows, has disabled the insecure
ssh-rsa signature algorithm.  Keys using the ssh-rsa key type, which can
use ssh-rsa as the signature algorithm or the secure rsa-sha2-256 and
rsa-sha2-512, can continue to be used if you support the new signature
types.

The problem is that Gitea uses the Go SSH library, which inherits this
problem.  Gitea is tracking this as [0].  The easiest way to solve this
would be to add a host key that is Ed25519, which won't have the same
problem.

The issue I mentioned above also has a workaround to re-enable the
ssh-rsa signature type if you can't do that, but of course that's
insecure.

[0] https://github.com/go-gitea/gitea/issues/17798
-- 
brian m. carlson (he/him or they/them)
Toronto, Ontario, CA




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux