Uploaded image for project: 'Qt Quality Assurance Infrastructure'
  1. Qt Quality Assurance Infrastructure
  2. QTQAINFRA-1530

Gerrit does not work with OpenSSH 7.7 clients (by default)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: P1: Critical P1: Critical
    • None
    • unversioned
    • Gerrit
    • None

      Since OpenSSH 6.7, CBC modes are disabled by default, see https://www.openssh.com/releasenotes.html

      Pushes fail with:

      Unable to negotiate with 54.229.21.112 port 29418: no matching cipher found. Their offer: aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc

      Workaround:

      GIT_SSH_COMMAND="ssh -c aes256-cbc" git push ...

      Obviously this is not ideal, would it be possible to upgrade Gerrit such that newer ciphers are supported? Since Gerrit v2.12-553-ge8a521447d, more modern ciphers are supported: https://github.com/apache/mina-sshd/blob/sshd-1.0.0/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java#L67

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            jujokini Jukka Jokiniva
            Lekensteyn Peter Wu
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes