Details
-
Bug
-
Resolution: Fixed
-
Low
-
8.0.3
-
None
-
3
-
Severity 3 - Minor
-
Description
Issue Summary
Bamboo running on Windows fails to communicate to Bitbucket Server and Data Center (e.g. creating new repositories, triggering plans, running change detection and etc) after installing Git for Windows 2.33.0(2) or newer. This is happening because Git for Windows 2.33.0(2) bundles OpenSSH 8.8p1 which removed support for ssh-rsa (SHA-1) (release notes). This is the type of key created by Bamboo to communicate to Bitbucket Server and Data Center.
Steps to Reproduce
- Install Bamboo (e.g. 8.0.3) on Windows.
- Install Git for Windows 2.32.
- Create an application link between Bamboo and Bitbucket Server or Data Center.
- Create a new Bitbucket Server / Stash repository.
- Up to this point everything should be working fine.
- Update the version of Git for Windows to 2.33.0(2) or newer.
Expected Results
Everything continues to run as expected and you are able to create new Bitbucket Server / Stash repositories and run existing plans that are linked to Bitbucket Server / Stash repositories.
Actual Results
Creating new Bitbucket Server / Stash repositories fail with the following error message:
2021-10-19 09:10:41,107 WARN [sshd-SshServer[b1834bf]-nio2-thread-2] [ServerSessionImpl] exceptionCaught(ServerSessionImpl[null@/127.0.0.1:62083])[state=Opened] IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 / server: ssh-rsa)
Attempting to run an existing plan using a Bitbucket Server / Stash repository results in the following error message:
Caused by: com.atlassian.bamboo.plugins.git.GitCommandException: command ['C:\Program Files\Git\cmd\git.exe' ls-remote ssh://9218c7ce-eefd-4ed6-8e60-06413b9c3378@127.0.0.1:51140/proj/myrepo.git] failed with code 128. Working directory was [C:\Program Files\Bamboo\temp]., stderr: Unable to negotiate with 127.0.0.1 port 51140: no matching host key type found. Their offer: ssh-rsa fatal: Could not read from remote repository.
Workaround
Workaround 1
- Downgrade the version of Git for Windows to 2.33 (which has OpenSSH v8.7p1) or 2.32.
Workaround 2
Re-enable the disabled signing algorithm in OpenSSH 8.8 and newer by including the following details inside the C:\Program Files\Git\etc\ssh\ssh_config file to allow the use of ssh-rsa (SHA-1) for host and user authentication against Bitbucket:
Host 127.0.0.1
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
Bamboo uses an ssh proxy to communicate to Bitbucket Server whether you're using Bitbucket Server / Stash or Git repository types so the host we need to allow the use of ssh-rsa (SHA-1) should be 127.0.0.1 and not the Bitbucket hostname.