Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-21402

OpenSSH 8.8 client incompatibility and workaround

XMLWordPrintable

      Update: This issue is fixed

      Bitbucket Cloud now supports rsa-sha2-256 and rsa-sha2-512 algorithms. The OpenSSH 8.8 client will function without the need for a workaround.

      The team deployed a fix on Tuesday, Oct 19. After monitoring for two days, this ticket was closed because we are confident that the OpenSSH 8.8 incompatibility has been resolved.

      Issue Summary

      The latest release of OpenSSH — version 8.8, released on September 26th — introduced a configuration change that prevents that client from connecting to Bitbucket Cloud over SSH. Bitbucket engineers are actively addressing this, and there are workarounds available in the meantime.

      See the Community post for more details.

      Steps to Reproduce

      Connect to bitbucket.org using OpenSSH >= 8.8.

      Expected Results

      SSH client connects to Bitbucket.

      Actual Results

      SSH connection fails with the following error message:

      Unable to negotiate with <ip address> port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

      Workaround

      If you are receiving the warning above, there are two options: updating your SSH config locally, or switching from SSH to HTTPS.

      Update local SSH configuration

      You can continue to use SSH by adding the lines below into the Host bitbucket.org section of your SSH configuration:

      Host bitbucket.org
         HostkeyAlgorithms +ssh-rsa
         PubkeyAcceptedAlgorithms +ssh-rsa 

      On Unix-like systems, this configuration is located at $HOME/.ssh/config or /etc/ssh/ssh_config.

      On Windows systems, this configuration is located at %USERPROFILE%\.ssh\config or %PROGRAMFILES%\Git\etc\ssh\ssh_config.

      Use HTTPS instead of SSH

      HTTPS connections to Bitbucket Cloud are unaffected by changes to the OpenSSH client. Therefore, you can avoid this issue by updating your git client to use HTTPS instead of SSH to talk to Bitbucket Cloud by following the instructions on this page. Switching to HTTPS will require using a different authentication mechanism. We recommend using an app password for automated git clients such as build machines or if you have two-factor authentication enabled.

      To remove this workaround in the future, follow the same instructions to change your remote URL back to the SSH URL.

            [BCLOUD-21402] OpenSSH 8.8 client incompatibility and workaround

            dmoller added a comment -

            I am also unsubscribing because the issue is fixed.

            To all folks still having problems: know that they are due to either your bad setup or another issue unrelated to the default accepted key algorithms in OpenSSH-8.8. Please report another issue and stop causing further spam to this thread.

            Otherwise: please Atlassian moderators step in and lock this conversation.

            dmoller added a comment - I am also unsubscribing because the issue is fixed . To all folks still having problems: know that they are due to either your bad setup or another issue unrelated to the default accepted key algorithms in OpenSSH-8.8. Please report another issue and stop causing further spam to this thread. Otherwise: please Atlassian moderators step in and lock this conversation.

            Deleted Account (Inactive) added a comment -

            I also confirm it now works after the fix have been removed from my ~/.ssh/config file

            Deleted Account (Inactive) added a comment - I also confirm it now works after the fix have been removed from my ~/.ssh/config file

            mehrad_mahmoudian added a comment -

            I'm unsubscribing from this thread as I have moved all my repos to another git provider. Imho this is a lost cause as "OpenSSH 8.8 was released on 2021-09-26" which in three days will be one full moth that the issue is there and Bitbucket has done nothing other than forcing us to use https instead of ssh.

            mehrad_mahmoudian added a comment - I'm unsubscribing from this thread as I have moved all my repos to another git provider. Imho this is a lost cause as " OpenSSH 8.8 was released on 2021-09-26 " which in three days will be one full moth that the issue is there and Bitbucket has done nothing other than forcing us to use https instead of ssh.

            Kobus Myburgh added a comment -

            @igorl - then there is something else that could still cause this under a specific set of circumstances. Mine does not work. I have removed my workaround, I have upgraded my Git and OpenSSH again, and no luck.

            Kobus Myburgh added a comment - @igorl - then there is something else that could still cause this under a specific set of circumstances. Mine does not work. I have removed my workaround, I have upgraded my Git and OpenSSH again, and no luck.

            Mario Brandt added a comment -

            Command line works without the workaround. However VSCode still fails to pull or push.

             

             

            git show --textconv :next.txtFrom bitbucketorg:USERNAME/repo 
* branch            master     -> FETCH_HEAD
fatal: Not possible to fast-forward, aborting.

             

            Mario Brandt added a comment - Command line works without the workaround. However VSCode still fails to pull or push.     git show --textconv :next.txtFrom bitbucketorg:USERNAME/repo  * branch            master     -> FETCH_HEAD fatal: Not possible to fast-forward, aborting.  

            igorl added a comment -

            You shouldn't need anything. I've removed that workaround from .ssh/config (to force old algorithm for BB) and it just worked.

            igorl added a comment - You shouldn't need anything. I've removed that workaround from .ssh/config (to force old algorithm for BB) and it just worked.

            Kobus Myburgh added a comment -

            It is still not working for me. Is there something I must do on my side after this to make it work? Regenerate keys? Change configs? What?

            Kobus Myburgh added a comment - It is still not working for me. Is there something I must do on my side after this to make it work? Regenerate keys? Change configs? What?

            Rok Papež added a comment -

            Good job guys.

            Rok Papež added a comment - Good job guys.

            tomdearden added a comment -

            Working for me since the Tuesday rollout on MacOS with OpenSSH 8.8p1 - thank you!

            tomdearden added a comment - Working for me since the Tuesday rollout on MacOS with OpenSSH 8.8p1 - thank you!

            Tom Kane (Inactive) added a comment -

            Bitbucket Cloud now supports rsa-sha2-256 and rsa-sha2-512 algorithms. The OpenSSH 8.8 client will function without the need for a workaround.

            The team deployed a fix on Tuesday, Oct 19. After monitoring for two days we are confident that the OpenSSH 8.8 incompatibility has been resolved.

            Kind regards,

            Tom Kane

            Engineering Manager, Bitbucket Cloud

            Tom Kane (Inactive) added a comment - Bitbucket Cloud now supports  rsa-sha2-256  and  rsa-sha2-512  algorithms. The OpenSSH 8.8 client will function without the need for a workaround. The team deployed a fix on Tuesday, Oct 19. After monitoring for two days we are confident that the OpenSSH 8.8 incompatibility has been resolved. Kind regards, Tom Kane Engineering Manager, Bitbucket Cloud

              Unassigned Unassigned
              tkane Tom Kane (Inactive)
              Affected customers:
              66 This affects my team
              Watchers:
              64 Start watching this issue

                Created:
                Updated:
                Resolved: