Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

no matching cipher found

Massimiliano Arione
Massimiliano Arione July 12, 2016

I'm getting this error trying with `ssh -T git@bitbucket.com`. The machine in which I'm getting such errors has a configured ssh key (it was working until last week and I didn't change anything, nor inside the machine nor in the repository settings).

Full errror:

bash-4.1$ ssh -T git@bitbucket.org
no matching cipher found: client aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128

Machine is a Centos 6.8

 

Edit: just tried to add the same key on github, it's working sad

Watch
Like evzijst likes this
10296 views

1 answer

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
Mark Adams
Mark Adams
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 13, 2016

Hi Massimiliano,

We recently made some updates to our SSH server to improve perfomance, reliability, and security for our customers. Part of these updates involved dropping support for a few older and less secure ciphers.

When your SSH client attempts to open a connection, the server and client exchange lists of ciphers that they support for encrypting the SSH session. The first cipher that the client and server have in common is used to encrypt the connection. If there are no ciphers in common between the client and the server, you'll see the "no matching cipher found" message that you are receiving.

The easiest way to resolve the issue is to update the version of OpenSSH that you're using to a newer version that supports one of the following ciphers:

  • aes128-ctr
  • aes192-ctr
  • aes256-ctr
  • aes128-gcm@openssh.com
  • arcfour256
  • arcfour128

If you continue to have issues after updating OpenSSH to a version that includes one of the supported ciphers, please contact our support team via https://support.atlassian.com and they'll get things figured out for you.

Mark

View More Comments
jredmond
jredmond
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 13, 2016

CBC ciphers are insecure and should be disabled: https://www.kb.cert.org/vuls/id/958563

Like
Massimiliano Arione
Massimiliano Arione July 13, 2016

The issue is that CentOS 6.7 has an old version of SSH, and even trying to force the CTR cyphers is a fail. I tried to find a package for that system with a newer SSH version, but I couldn't.

 

Like
Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events