Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Tracked Elsewhere
Priority: High
Fix Version/s: 8.0.4
Affects Version/s: 7.2.10
Component/s: Repository (Bitbucket)
Labels:
None

Support reference count:
1
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Issue Summary

Cannot create new linked repositories with Bitbucket server after upgrade of Bamboo to 7.2.10 as Bamboo is not able to communicate to Bitbucket server through SSH_PROXY due to missing ssh_rsa hostkey algorithm in OpenSSH_8.9p1 version which is coming with docker image of Bamboo server version 7.2.10.
The issue occurs with the existing linked repositories as well.

Steps to Reproduce

Pull the docker image atlassian/bamboo-server:7.2.10-jdk8 from docker hub registry.
Create a docker container with the image and start the Bamboo instance.
Create an Application link for the Bitbucket server (version 7.17.9).
Try to create a linked repository from the Bamboo overview > linked repositories tab.

NOTE: This will also happen on non-docker instances considering OpenSSH is 8.8 or later as RSA signatures using the SHA-1 hash algorithm are now disabled by default.

Expected Results

Linked repository should be created successfully with Bitbucket server.

Actual Results

Throwing below error on Bamboo UI.

Unable to negotiate with 127.0.0.1 port 35937: no matching host key type found. Their offer: ssh-rsa fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.

The below exception is thrown in the atlassian-bamboo.log file:

2022-07-28 13:24:41,141 WARN [sshd-SshServer[1fea5ce6]-nio2-thread-6] [ServerSessionImpl] exceptionCaught(ServerSessionImpl[null@/127.0.0.1:54618])[state=Opened] IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 / server: ssh-rsa)
2022-07-28 13:24:41,143 DEBUG [http-nio-8085-exec-21] [SshProxy] Removing proxy user mapping: 582d287f-e4e1-4b2e-8960-763af8897a29
2022-07-28 13:24:41,149 INFO [http-nio-8085-exec-21] [BitbucketServerServerConfigurator] Can't authenticate with Bitbucket Server despite successful public key storage: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl2rNy50dvEaB4NVvsPtF/qCgTwrBVfdFVmzIiccKwdyQy0nggTMt5uNBTKusNCbqw4Ow0zWVhfQCYlH8YEKsNoJpfiEsNhsW+R0Hi7b1o1qiSm6ZOi5y1d+dr34Au8A1rPd/bUA/oW7XC47AOR8yB650HcaRTYPt1tVCRVpTr9m+GNQcsV3y09r/ydi79k7bMThPz+Ff74V3HkHRb3HJmwTF0SqqeuwwactxKOUIhlkjDhYhfzhHOPBXvh3goHcmgiAsl+OEgrj3XQ99dihKmcvlkM8saVaVcjDO6ctMTp85GIYLcJnQYXZ2eCMdnNMGdSCO/RbJYo6R1ysWAh2v5 http://bamboo7l:8085

Workarounds

Re-enable the disabled signing algorithm in OpenSSH 8.8 and newer by including the following details inside the ~./ssh_config file to allow the use of ssh-rsa (SHA-1) for host and user authentication against Bitbucket:
```
Host 127.0.0.1
    HostkeyAlgorithms +ssh-rsa
    PubkeyAcceptedAlgorithms +ssh-rsa
```
OR: upgrade Bamboo to 8.0.4 or later

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

linked_repo1.png
454 kB
28/Jul/2022 2:38 PM

Issue Links

is caused by: CLIP-1689 Loading...

mentioned in: Page Loading...; Page Loading...; Page Loading...

Activity

People

Assignee:: Jan Majkutewicz (Inactive)

Reporter:: Jyothi Charupalli

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 28/Jul/2022 2:35 PM

Updated:: 03/Oct/2023 12:53 AM

Resolved:: 20/Oct/2022 9:11 AM