Uploaded image for project: 'Bamboo'
  1. Bamboo
  2. BAM-21467

Bamboo stops communicating to Bitbucket Server and Data Center after updating to Git for Windows 2.33.0(2) or newer

    XMLWordPrintable

Details

    Description

      Issue Summary

      Bamboo running on Windows fails to communicate to Bitbucket Server and Data Center (e.g. creating new repositories, triggering plans, running change detection and etc) after installing Git for Windows 2.33.0(2) or newer. This is happening because Git for Windows 2.33.0(2) bundles OpenSSH 8.8p1 which removed support for ssh-rsa (SHA-1) (release notes). This is the type of key created by Bamboo to communicate to Bitbucket Server and Data Center.

      Steps to Reproduce

      1. Install Bamboo (e.g. 8.0.3) on Windows.
      2. Install Git for Windows 2.32.
      3. Create an application link between Bamboo and Bitbucket Server or Data Center.
      4. Create a new Bitbucket Server / Stash repository.
      5. Up to this point everything should be working fine.
      6. Update the version of Git for Windows to 2.33.0(2) or newer.

      Expected Results

      Everything continues to run as expected and you are able to create new Bitbucket Server / Stash repositories and run existing plans that are linked to Bitbucket Server / Stash repositories.

      Actual Results

      Creating new Bitbucket Server / Stash repositories fail with the following error message:

      atlassian-bamboo.log
      2021-10-19 09:10:41,107 WARN [sshd-SshServer[b1834bf]-nio2-thread-2] [ServerSessionImpl] exceptionCaught(ServerSessionImpl[null@/127.0.0.1:62083])[state=Opened] IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 / server: ssh-rsa)
      

      Attempting to run an existing plan using a Bitbucket Server / Stash repository results in the following error message:

      atlassian-bamboo.log
      Caused by: com.atlassian.bamboo.plugins.git.GitCommandException: command ['C:\Program Files\Git\cmd\git.exe' ls-remote ssh://9218c7ce-eefd-4ed6-8e60-06413b9c3378@127.0.0.1:51140/proj/myrepo.git] failed with code 128. Working directory was [C:\Program Files\Bamboo\temp]., stderr:
      Unable to negotiate with 127.0.0.1 port 51140: no matching host key type found. Their offer: ssh-rsa
      fatal: Could not read from remote repository.
      

      Workaround

      Workaround 1

      • Downgrade the version of Git for Windows to 2.33 (which has OpenSSH v8.7p1) or 2.32.

      Workaround 2

      Re-enable the disabled signing algorithm in OpenSSH 8.8 and newer by including the following details inside the C:\Program Files\Git\etc\ssh\ssh_config file to allow the use of ssh-rsa (SHA-1) for host and user authentication against Bitbucket:

      Host 127.0.0.1
          HostkeyAlgorithms +ssh-rsa
          PubkeyAcceptedAlgorithms +ssh-rsa
      
      INFO

      Bamboo uses an ssh proxy to communicate to Bitbucket Server whether you're using Bitbucket Server / Stash or Git repository types so the host we need to allow the use of ssh-rsa (SHA-1) should be 127.0.0.1 and not the Bitbucket hostname.

      Attachments

        Issue Links

          Activity

            People

              mgardias Marcin Gardias
              brosa Bruno Rosa
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: