Uploaded image for project: 'Qt Quality Assurance Infrastructure'
  1. Qt Quality Assurance Infrastructure
  2. QTQAINFRA-1530

Gerrit does not work with OpenSSH 7.7 clients (by default)

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • None
    • unversioned
    • Gerrit
    • None

    Description

      Since OpenSSH 6.7, CBC modes are disabled by default, see https://www.openssh.com/releasenotes.html

      Pushes fail with:

      Unable to negotiate with 54.229.21.112 port 29418: no matching cipher found. Their offer: aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc

      Workaround:

      GIT_SSH_COMMAND="ssh -c aes256-cbc" git push ...

      Obviously this is not ideal, would it be possible to upgrade Gerrit such that newer ciphers are supported? Since Gerrit v2.12-553-ge8a521447d, more modern ciphers are supported: https://github.com/apache/mina-sshd/blob/sshd-1.0.0/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java#L67

      Attachments

        Issue Links

          is duplicated by

          Task - A task that needs to be done. QTQAINFRA-2471 Update supported SSH ciphers on codereview.qt-project.org

          • Not Evaluated - Not yet evaluated/prioritized
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              jujokini Jukka Jokiniva
              Lekensteyn Peter Wu
              Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes