-
Bug
-
Resolution: Fixed
-
High
-
None
-
17
-
Severity 3 - Minor
-
294,292
-
Update: This issue is fixed
Bitbucket Cloud now supports rsa-sha2-256 and rsa-sha2-512 algorithms. The OpenSSH 8.8 client will function without the need for a workaround.
The team deployed a fix on Tuesday, Oct 19. After monitoring for two days, this ticket was closed because we are confident that the OpenSSH 8.8 incompatibility has been resolved.
Issue Summary
The latest release of OpenSSH — version 8.8, released on September 26th — introduced a configuration change that prevents that client from connecting to Bitbucket Cloud over SSH. Bitbucket engineers are actively addressing this, and there are workarounds available in the meantime.
See the Community post for more details.
Steps to Reproduce
Connect to bitbucket.org using OpenSSH >= 8.8.
Expected Results
SSH client connects to Bitbucket.
Actual Results
SSH connection fails with the following error message:
Unable to negotiate with <ip address> port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
Workaround
If you are receiving the warning above, there are two options: updating your SSH config locally, or switching from SSH to HTTPS.
Update local SSH configuration
You can continue to use SSH by adding the lines below into the Host bitbucket.org section of your SSH configuration:
Host bitbucket.org
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
On Unix-like systems, this configuration is located at $HOME/.ssh/config or /etc/ssh/ssh_config.
On Windows systems, this configuration is located at %USERPROFILE%\.ssh\config or %PROGRAMFILES%\Git\etc\ssh\ssh_config.
Use HTTPS instead of SSH
HTTPS connections to Bitbucket Cloud are unaffected by changes to the OpenSSH client. Therefore, you can avoid this issue by updating your git client to use HTTPS instead of SSH to talk to Bitbucket Cloud by following the instructions on this page. Switching to HTTPS will require using a different authentication mechanism. We recommend using an app password for automated git clients such as build machines or if you have two-factor authentication enabled.
To remove this workaround in the future, follow the same instructions to change your remote URL back to the SSH URL.
- mentioned in
-
Page Failed to load
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[BCLOUD-21402] OpenSSH 8.8 client incompatibility and workaround
| Description |
Original:
h3. Issue Summary
The latest release of OpenSSH — version 8.8, released on September 26th — introduced a configuration change that prevents that client from connecting to Bitbucket Cloud over SSH. Bitbucket engineers are actively addressing this, and there are workarounds available in the meantime. See the [Community post|https://community.atlassian.com/t5/Bitbucket-articles/OpenSSH-8-8-client-incompatibility-and-workaround/ba-p/1826047] for more details. h3. Steps to Reproduce Connect to bitbucket.org using OpenSSH >= 8.8. h3. Expected Results SSH client connects to Bitbucket. h3. Actual Results SSH connection fails with the following error message: {{Unable to negotiate with <ip address> port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss}} h3. Workaround If you are receiving the warning above, there are two options: updating your SSH config locally, or switching from SSH to HTTPS. h4. Update local SSH configuration You can continue to use SSH by adding the lines below into the {{Host bitbucket.org}} section of your SSH configuration: {{Host bitbucket.org}} {{ HostkeyAlgorithms +ssh-rsa}} {{ PubkeyAcceptedAlgorithms +ssh-rsa}} On Unix-like systems, this configuration is located at {{$HOME/.ssh/config}} or {{/etc/ssh/ssh_config}}. On Windows systems, this configuration is located at {{%USERPROFILE%\.ssh\config}} or {{%PROGRAMFILES%\Git\etc\ssh\ssh_config}}. h4. Use HTTPS instead of SSH HTTPS connections to Bitbucket Cloud are unaffected by changes to the OpenSSH client. Therefore, you can avoid this issue by updating your git client to use HTTPS instead of SSH to talk to Bitbucket Cloud by following the instructions on [this page|https://support.atlassian.com/bitbucket-cloud/docs/change-the-remote-url-to-your-repository/]. Switching to HTTPS will require using a different authentication mechanism. We recommend using an [app password|https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/] for automated git clients such as build machines or if you have two-factor authentication enabled. To remove this workaround in the future, follow [the same instructions|https://support.atlassian.com/bitbucket-cloud/docs/change-the-remote-url-to-your-repository/] to change your remote URL back to the SSH URL. |
New:
h3. Update: This issue is fixed
Bitbucket Cloud now supports {{rsa-sha2-256}} and {{rsa-sha2-512}} algorithms. The OpenSSH 8.8 client will function without the need for a workaround. The team deployed a fix on Tuesday, Oct 19. After monitoring for two days, this ticket was closed because we are confident that the OpenSSH 8.8 incompatibility has been resolved. ---- h3. Issue Summary The latest release of OpenSSH — version 8.8, released on September 26th — introduced a configuration change that prevents that client from connecting to Bitbucket Cloud over SSH. Bitbucket engineers are actively addressing this, and there are workarounds available in the meantime. See the [Community post|https://community.atlassian.com/t5/Bitbucket-articles/OpenSSH-8-8-client-incompatibility-and-workaround/ba-p/1826047] for more details. h3. Steps to Reproduce Connect to bitbucket.org using OpenSSH >= 8.8. h3. Expected Results SSH client connects to Bitbucket. h3. Actual Results SSH connection fails with the following error message: {{Unable to negotiate with <ip address> port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss}} h3. Workaround If you are receiving the warning above, there are two options: updating your SSH config locally, or switching from SSH to HTTPS. h4. Update local SSH configuration You can continue to use SSH by adding the lines below into the {{Host bitbucket.org}} section of your SSH configuration: {{Host bitbucket.org}} {{ HostkeyAlgorithms +ssh-rsa}} {{ PubkeyAcceptedAlgorithms +ssh-rsa}} On Unix-like systems, this configuration is located at {{$HOME/.ssh/config}} or {{/etc/ssh/ssh_config}}. On Windows systems, this configuration is located at {{%USERPROFILE%\.ssh\config}} or {{%PROGRAMFILES%\Git\etc\ssh\ssh_config}}. h4. Use HTTPS instead of SSH HTTPS connections to Bitbucket Cloud are unaffected by changes to the OpenSSH client. Therefore, you can avoid this issue by updating your git client to use HTTPS instead of SSH to talk to Bitbucket Cloud by following the instructions on [this page|https://support.atlassian.com/bitbucket-cloud/docs/change-the-remote-url-to-your-repository/]. Switching to HTTPS will require using a different authentication mechanism. We recommend using an [app password|https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/] for automated git clients such as build machines or if you have two-factor authentication enabled. To remove this workaround in the future, follow [the same instructions|https://support.atlassian.com/bitbucket-cloud/docs/change-the-remote-url-to-your-repository/] to change your remote URL back to the SSH URL. |
| UIS | Original: 294278 | New: 294292 |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: In Progress [ 3 ] | New: Closed [ 6 ] |
| UIS | Original: 276713 | New: 294278 |
| Support reference count | Original: 16 | New: 17 |
| UIS | Original: 276708 | New: 276713 |
| UIS | Original: 1751 | New: 276708 |
| Support reference count | Original: 13 | New: 16 |
| UIS | Original: 2019 | New: 1751 |
| UIS | Original: 2018 | New: 2019 |