Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-21832

Bamboo docker image is unable to communicate with the Bitbucket when using Bamboo version 7.2.10.

    • Icon: Bug Bug
    • Resolution: Tracked Elsewhere
    • Icon: High High
    • 8.0.4
    • 7.2.10
    • Repository (Bitbucket)
    • None

      Issue Summary

      Cannot create new linked repositories with Bitbucket server after upgrade of Bamboo to 7.2.10 as Bamboo is not able to communicate to Bitbucket server through SSH_PROXY due to missing ssh_rsa hostkey algorithm in OpenSSH_8.9p1 version which is coming with docker image of Bamboo server version 7.2.10.
      The issue occurs with the existing linked repositories as well.

      Steps to Reproduce

      1. Pull the docker image atlassian/bamboo-server:7.2.10-jdk8 from docker hub registry.
      2. Create a docker container with the image and start the Bamboo instance.
      3. Create an Application link for the Bitbucket server (version 7.17.9).
      4. Try to create a linked repository from the Bamboo overview > linked repositories tab.

      NOTE: This will also happen on non-docker instances considering OpenSSH is 8.8 or later as RSA signatures using the SHA-1 hash algorithm are now disabled by default.

      Expected Results

      • Linked repository should be created successfully with Bitbucket server.

      Actual Results

      • Throwing below error on Bamboo UI.
        Unable to negotiate with 127.0.0.1 port 35937: no matching host key type found. Their offer: ssh-rsa fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
        


        The below exception is thrown in the atlassian-bamboo.log file:

        2022-07-28 13:24:41,141 WARN [sshd-SshServer[1fea5ce6]-nio2-thread-6] [ServerSessionImpl] exceptionCaught(ServerSessionImpl[null@/127.0.0.1:54618])[state=Opened] IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 / server: ssh-rsa)
        2022-07-28 13:24:41,143 DEBUG [http-nio-8085-exec-21] [SshProxy] Removing proxy user mapping: 582d287f-e4e1-4b2e-8960-763af8897a29
        2022-07-28 13:24:41,149 INFO [http-nio-8085-exec-21] [BitbucketServerServerConfigurator] Can't authenticate with Bitbucket Server despite successful public key storage: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl2rNy50dvEaB4NVvsPtF/qCgTwrBVfdFVmzIiccKwdyQy0nggTMt5uNBTKusNCbqw4Ow0zWVhfQCYlH8YEKsNoJpfiEsNhsW+R0Hi7b1o1qiSm6ZOi5y1d+dr34Au8A1rPd/bUA/oW7XC47AOR8yB650HcaRTYPt1tVCRVpTr9m+GNQcsV3y09r/ydi79k7bMThPz+Ff74V3HkHRb3HJmwTF0SqqeuwwactxKOUIhlkjDhYhfzhHOPBXvh3goHcmgiAsl+OEgrj3XQ99dihKmcvlkM8saVaVcjDO6ctMTp85GIYLcJnQYXZ2eCMdnNMGdSCO/RbJYo6R1ysWAh2v5 http://bamboo7l:8085
        

      Workarounds

      • Re-enable the disabled signing algorithm in OpenSSH 8.8 and newer by including the following details inside the ~./ssh_config file to allow the use of ssh-rsa (SHA-1) for host and user authentication against Bitbucket:
        Host 127.0.0.1
            HostkeyAlgorithms +ssh-rsa
            PubkeyAcceptedAlgorithms +ssh-rsa
        
      • OR: upgrade Bamboo to 8.0.4 or later

            [BAM-21832] Bamboo docker image is unable to communicate with the Bitbucket when using Bamboo version 7.2.10.

            Eduardo Alvarenga (Inactive) made changes -
            Remote Link Original: This issue links to "CLIP-1689 (Bulldog)" [ 697570 ] New: This issue links to "CLIP-1689 (JIRA Server (Bulldog))" [ 697570 ]
            Eduardo Alvarenga (Inactive) made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 707323 ]
            Jan Majkutewicz (Inactive) made changes -
            Remote Link New: This issue links to "CLIP-1689 (Bulldog)" [ 697570 ]
            Jan Majkutewicz (Inactive) made changes -
            Resolution New: Tracked Elsewhere [ 15 ]
            Status Original: Short Term Backlog [ 12074 ] New: Closed [ 6 ]
            Jan Majkutewicz (Inactive) made changes -
            Assignee New: Jan Majkutewicz [ jmajkutewicz ]
            Krzysztof Podsiadło made changes -
            Summary Original: Bamboo is unable to communicate with the Bitbucket server after upgrading to Bamboo version 7.2.10. New: Bamboo docker image is unable to communicate with the Bitbucket when using Bamboo version 7.2.10.
            Rudy Slaiby made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 679572 ]
            Shashank Kumar made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 668729 ]
            Marcin Gardias made changes -
            Description Original: h3. Issue Summary

            Cannot create new linked repositories with Bitbucket server after upgrade of Bamboo to 7.2.10 as Bamboo is not able to communicate to Bitbucket server through SSH_PROXY due to missing *ssh_rsa* hostkey algorithm in OpenSSH_8.9p1 version which is coming with docker image of Bamboo server version 7.2.10.
            The issue occurs with the existing linked repositories as well.
            h3. Steps to Reproduce
             # Pull the docker image atlassian/bamboo-server:7.2.10-jdk8 from docker hub registry.
             # Create a docker container with the image and start the Bamboo instance.
             # Create an Application link for the Bitbucket server (version 7.17.9).
             # Try to create a linked repository from the Bamboo overview > linked repositories tab.

            NOTE: This will also happen on non-docker instances considering [OpenSSH is 8.8 or later|https://www.openssh.com/txt/release-8.8] as RSA signatures using the SHA-1 hash algorithm are now disabled by default.
            h3. Expected Results
             * Linked repository should be created successfully with Bitbucket server.

            h3. Actual Results
             * Throwing below error on Bamboo UI.
            {noformat}
            Unable to negotiate with 127.0.0.1 port 35937: no matching host key type found. Their offer: ssh-rsa fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
            {noformat}
            !linked_repo1.png|thumbnail!
            The below exception is thrown in the atlassian-bamboo.log file:
            {noformat}
            2022-07-28 13:24:41,141 WARN [sshd-SshServer[1fea5ce6]-nio2-thread-6] [ServerSessionImpl] exceptionCaught(ServerSessionImpl[null@/127.0.0.1:54618])[state=Opened] IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 / server: ssh-rsa)
            2022-07-28 13:24:41,143 DEBUG [http-nio-8085-exec-21] [SshProxy] Removing proxy user mapping: 582d287f-e4e1-4b2e-8960-763af8897a29
            2022-07-28 13:24:41,149 INFO [http-nio-8085-exec-21] [BitbucketServerServerConfigurator] Can't authenticate with Bitbucket Server despite successful public key storage: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl2rNy50dvEaB4NVvsPtF/qCgTwrBVfdFVmzIiccKwdyQy0nggTMt5uNBTKusNCbqw4Ow0zWVhfQCYlH8YEKsNoJpfiEsNhsW+R0Hi7b1o1qiSm6ZOi5y1d+dr34Au8A1rPd/bUA/oW7XC47AOR8yB650HcaRTYPt1tVCRVpTr9m+GNQcsV3y09r/ydi79k7bMThPz+Ff74V3HkHRb3HJmwTF0SqqeuwwactxKOUIhlkjDhYhfzhHOPBXvh3goHcmgiAsl+OEgrj3XQ99dihKmcvlkM8saVaVcjDO6ctMTp85GIYLcJnQYXZ2eCMdnNMGdSCO/RbJYo6R1ysWAh2v5 http://bamboo7l:8085
            {noformat}

            h3. Workarounds
             * Re-enable the disabled signing algorithm in OpenSSH 8.8 and newer by including the following details inside the ~./ssh_config file to allow the use of ssh-rsa (SHA-1) for host and user authentication against Bitbucket:
            {noformat}
            Host 127.0.0.1
                HostkeyAlgorithms +ssh-rsa
                PubkeyAcceptedAlgorithms +ssh-rsa
            {noformat}
             * Upgrade Bamboo to 8.0.4 or later
            New: h3. Issue Summary

            Cannot create new linked repositories with Bitbucket server after upgrade of Bamboo to 7.2.10 as Bamboo is not able to communicate to Bitbucket server through SSH_PROXY due to missing *ssh_rsa* hostkey algorithm in OpenSSH_8.9p1 version which is coming with docker image of Bamboo server version 7.2.10.
            The issue occurs with the existing linked repositories as well.
            h3. Steps to Reproduce
             # Pull the docker image atlassian/bamboo-server:7.2.10-jdk8 from docker hub registry.
             # Create a docker container with the image and start the Bamboo instance.
             # Create an Application link for the Bitbucket server (version 7.17.9).
             # Try to create a linked repository from the Bamboo overview > linked repositories tab.

            NOTE: This will also happen on non-docker instances considering [OpenSSH is 8.8 or later|https://www.openssh.com/txt/release-8.8] as RSA signatures using the SHA-1 hash algorithm are now disabled by default.
            h3. Expected Results
             * Linked repository should be created successfully with Bitbucket server.

            h3. Actual Results
             * Throwing below error on Bamboo UI.
            {noformat}
            Unable to negotiate with 127.0.0.1 port 35937: no matching host key type found. Their offer: ssh-rsa fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
            {noformat}
            !linked_repo1.png|thumbnail!
            The below exception is thrown in the atlassian-bamboo.log file:
            {noformat}
            2022-07-28 13:24:41,141 WARN [sshd-SshServer[1fea5ce6]-nio2-thread-6] [ServerSessionImpl] exceptionCaught(ServerSessionImpl[null@/127.0.0.1:54618])[state=Opened] IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 / server: ssh-rsa)
            2022-07-28 13:24:41,143 DEBUG [http-nio-8085-exec-21] [SshProxy] Removing proxy user mapping: 582d287f-e4e1-4b2e-8960-763af8897a29
            2022-07-28 13:24:41,149 INFO [http-nio-8085-exec-21] [BitbucketServerServerConfigurator] Can't authenticate with Bitbucket Server despite successful public key storage: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl2rNy50dvEaB4NVvsPtF/qCgTwrBVfdFVmzIiccKwdyQy0nggTMt5uNBTKusNCbqw4Ow0zWVhfQCYlH8YEKsNoJpfiEsNhsW+R0Hi7b1o1qiSm6ZOi5y1d+dr34Au8A1rPd/bUA/oW7XC47AOR8yB650HcaRTYPt1tVCRVpTr9m+GNQcsV3y09r/ydi79k7bMThPz+Ff74V3HkHRb3HJmwTF0SqqeuwwactxKOUIhlkjDhYhfzhHOPBXvh3goHcmgiAsl+OEgrj3XQ99dihKmcvlkM8saVaVcjDO6ctMTp85GIYLcJnQYXZ2eCMdnNMGdSCO/RbJYo6R1ysWAh2v5 http://bamboo7l:8085
            {noformat}

            h3. Workarounds
             * Re-enable the disabled signing algorithm in OpenSSH 8.8 and newer by including the following details inside the ~./ssh_config file to allow the use of ssh-rsa (SHA-1) for host and user authentication against Bitbucket:
            {noformat}
            Host 127.0.0.1
                HostkeyAlgorithms +ssh-rsa
                PubkeyAcceptedAlgorithms +ssh-rsa
            {noformat}
             * OR: upgrade Bamboo to 8.0.4 or later
            Marcin Gardias made changes -
            Description Original: h3. Issue Summary

            Cannot create new linked repositories with Bitbucket server after upgrade of Bamboo to 7.2.10 as Bamboo is not able to communicate to Bitbucket server through SSH_PROXY due to missing *ssh_rsa* hostkey algorithm in OpenSSH_8.9p1 version which is coming with docker image of Bamboo server version 7.2.10.
            The issue occurs with the existing linked repositories as well.
            h3. Steps to Reproduce
             # Pull the docker image atlassian/bamboo-server:7.2.10-jdk8 from docker hub registry.
             # Create a docker container with the image and start the Bamboo instance.
             # Create an Application link for the Bitbucket server (version 7.17.9).
             # Try to create a linked repository from the Bamboo overview > linked repositories tab.

            NOTE: This will also happen on non-docker instances considering [OpenSSH is 8.8 or later|https://www.openssh.com/txt/release-8.8] as RSA signatures using the SHA-1 hash algorithm are now disabled by default.
            h3. Expected Results
             * Linked repository should be created successfully with Bitbucket server.

            h3. Actual Results
             * Throwing below error on Bamboo UI.
            {noformat}
            Unable to negotiate with 127.0.0.1 port 35937: no matching host key type found. Their offer: ssh-rsa fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
            {noformat}
            !linked_repo1.png|thumbnail!
            The below exception is thrown in the atlassian-bamboo.log file:
            {noformat}
            2022-07-28 13:24:41,141 WARN [sshd-SshServer[1fea5ce6]-nio2-thread-6] [ServerSessionImpl] exceptionCaught(ServerSessionImpl[null@/127.0.0.1:54618])[state=Opened] IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 / server: ssh-rsa)
            2022-07-28 13:24:41,143 DEBUG [http-nio-8085-exec-21] [SshProxy] Removing proxy user mapping: 582d287f-e4e1-4b2e-8960-763af8897a29
            2022-07-28 13:24:41,149 INFO [http-nio-8085-exec-21] [BitbucketServerServerConfigurator] Can't authenticate with Bitbucket Server despite successful public key storage: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl2rNy50dvEaB4NVvsPtF/qCgTwrBVfdFVmzIiccKwdyQy0nggTMt5uNBTKusNCbqw4Ow0zWVhfQCYlH8YEKsNoJpfiEsNhsW+R0Hi7b1o1qiSm6ZOi5y1d+dr34Au8A1rPd/bUA/oW7XC47AOR8yB650HcaRTYPt1tVCRVpTr9m+GNQcsV3y09r/ydi79k7bMThPz+Ff74V3HkHRb3HJmwTF0SqqeuwwactxKOUIhlkjDhYhfzhHOPBXvh3goHcmgiAsl+OEgrj3XQ99dihKmcvlkM8saVaVcjDO6ctMTp85GIYLcJnQYXZ2eCMdnNMGdSCO/RbJYo6R1ysWAh2v5 http://bamboo7l:8085
            {noformat}

            h3. Workaround
             * Re-enable the disabled signing algorithm in OpenSSH 8.8 and newer by including the following details inside the ~./ssh_config file to allow the use of ssh-rsa (SHA-1) for host and user authentication against Bitbucket:
            {noformat}
            Host 127.0.0.1
                HostkeyAlgorithms +ssh-rsa
                PubkeyAcceptedAlgorithms +ssh-rsa
            {noformat}
             * Upgrade Bamboo to 8.0.4 or later
            New: h3. Issue Summary

            Cannot create new linked repositories with Bitbucket server after upgrade of Bamboo to 7.2.10 as Bamboo is not able to communicate to Bitbucket server through SSH_PROXY due to missing *ssh_rsa* hostkey algorithm in OpenSSH_8.9p1 version which is coming with docker image of Bamboo server version 7.2.10.
            The issue occurs with the existing linked repositories as well.
            h3. Steps to Reproduce
             # Pull the docker image atlassian/bamboo-server:7.2.10-jdk8 from docker hub registry.
             # Create a docker container with the image and start the Bamboo instance.
             # Create an Application link for the Bitbucket server (version 7.17.9).
             # Try to create a linked repository from the Bamboo overview > linked repositories tab.

            NOTE: This will also happen on non-docker instances considering [OpenSSH is 8.8 or later|https://www.openssh.com/txt/release-8.8] as RSA signatures using the SHA-1 hash algorithm are now disabled by default.
            h3. Expected Results
             * Linked repository should be created successfully with Bitbucket server.

            h3. Actual Results
             * Throwing below error on Bamboo UI.
            {noformat}
            Unable to negotiate with 127.0.0.1 port 35937: no matching host key type found. Their offer: ssh-rsa fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
            {noformat}
            !linked_repo1.png|thumbnail!
            The below exception is thrown in the atlassian-bamboo.log file:
            {noformat}
            2022-07-28 13:24:41,141 WARN [sshd-SshServer[1fea5ce6]-nio2-thread-6] [ServerSessionImpl] exceptionCaught(ServerSessionImpl[null@/127.0.0.1:54618])[state=Opened] IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 / server: ssh-rsa)
            2022-07-28 13:24:41,143 DEBUG [http-nio-8085-exec-21] [SshProxy] Removing proxy user mapping: 582d287f-e4e1-4b2e-8960-763af8897a29
            2022-07-28 13:24:41,149 INFO [http-nio-8085-exec-21] [BitbucketServerServerConfigurator] Can't authenticate with Bitbucket Server despite successful public key storage: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl2rNy50dvEaB4NVvsPtF/qCgTwrBVfdFVmzIiccKwdyQy0nggTMt5uNBTKusNCbqw4Ow0zWVhfQCYlH8YEKsNoJpfiEsNhsW+R0Hi7b1o1qiSm6ZOi5y1d+dr34Au8A1rPd/bUA/oW7XC47AOR8yB650HcaRTYPt1tVCRVpTr9m+GNQcsV3y09r/ydi79k7bMThPz+Ff74V3HkHRb3HJmwTF0SqqeuwwactxKOUIhlkjDhYhfzhHOPBXvh3goHcmgiAsl+OEgrj3XQ99dihKmcvlkM8saVaVcjDO6ctMTp85GIYLcJnQYXZ2eCMdnNMGdSCO/RbJYo6R1ysWAh2v5 http://bamboo7l:8085
            {noformat}

            h3. Workarounds
             * Re-enable the disabled signing algorithm in OpenSSH 8.8 and newer by including the following details inside the ~./ssh_config file to allow the use of ssh-rsa (SHA-1) for host and user authentication against Bitbucket:
            {noformat}
            Host 127.0.0.1
                HostkeyAlgorithms +ssh-rsa
                PubkeyAcceptedAlgorithms +ssh-rsa
            {noformat}
             * Upgrade Bamboo to 8.0.4 or later

              jmajkutewicz Jan Majkutewicz (Inactive)
              dac6e1c9d0b2 Jyothi Charupalli
              Affected customers:
              0 This affects my team
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: