Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Github sha-1 error's from 11th of Jan.

Nils
Nils January 11, 2022

Hello,

running an old version of bamboo server 5.14.5. Today Github stopped allowing SHA-1.

 

Logs are now full of bellow error and can not build.

ERROR: You're using an RSA key with SHA-1, which is no longer allowed. Please use a newer client or a different key type.

and catalina.out contain.

2022-01-11 16:07:53,744 WARN [sshd-SshClient[7c628a8b]-nio2-thread-4] [BambooTrustedKeyServerKeyVerifier] Server at github.com/140.82.121.4:22 presented unverified EC key: SHA256:...............

We are assuming this is because of some old java lib, which version do we need to upgrade to? Does 8.x versions also have these problems ?

Answer
Watch
Like Jonas Skubic likes this
2439 views

4 answers

1 vote
Nils
Nils January 11, 2022

Hello,

it's probably not ur key that is wrong if it's sha256. It's the hashing algorithm(SHA-1) used by bamboo ssh proxy.

 

I got this reply from Atlassian

Bamboo versions previous to v8.04 use an older SSH proxy SHA to access Bitbucket. This was updated in v8.04 to use a newer algorithm, so I believe upgrading to 8.0.5 or later will resolve this issue.

View More Comments
Joe Radkowski
Joe Radkowski January 12, 2022

Ok good - so this is official answer we and anyone else who stumbles onto this thread about (especially since support ticket responses are slow right now).

Before March 15th we all need to upgrade to Bamboo 8.0.4 or later to ensure the proxy layer can support SHA2  (I suspected it was doing some sort of proxy with what I saw in the logs but nothing was documented, good to hear confirmation!)

 

Thanks!

Like Marcin Gardias likes this
Reply
1 vote
Joe Radkowski
Joe Radkowski January 11, 2022

We are also facing this issue and would appreciate a response on this issue too, but here is what I have found.

 

GitHub Security Bulletin: https://github.blog/2021-09-01-improving-git-protocol-security-github/#when-are-these-changes-effective

GitHub is conducting a test where they disable old keys for RSA/DSA (SHA1) to get people aware they need to update their key before March 15th where it will be blocked for good. 

What is interesting is our key is SHA2! The key works from the command line, but within Bamboo it fails with the error message above.

I hope to hear 7.x or 8.x fixes this because we are long overdue for an upgrade (we are on 6.8.x) and will get that process moving once we have confirmation on what version to upgrade to.

Reply
0 votes
Marcin Gardias
Marcin Gardias
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 22, 2022

We updated ssh related libraries in 8.0.4. Upgrading to that (or later) version should fix the problem.

 

Related JAC ticket: https://jira.atlassian.com/browse/BAM-21467 (it mentions OpenSSH in the title but it's really about the whole family of problems related to SHA-1 deprecation)

Reply
0 votes
Errol Cheong
Errol Cheong January 11, 2022

I am also facing this issue as an iOS Developer. We're using Xcode to try and clone repos but github thinks my SHA2 key is SHA1 instead and fails.

Reply

Suggest an answer

Log in or Sign up to answer
Bamboo
Bamboo
TAGS
AUG Leaders

Atlassian Community Events

    See all events