You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
running an old version of bamboo server 5.14.5. Today Github stopped allowing SHA-1.
Logs are now full of bellow error and can not build.
ERROR: You're using an RSA key with SHA-1, which is no longer allowed. Please use a newer client or a different key type.
and catalina.out contain.
2022-01-11 16:07:53,744 WARN [sshd-SshClient[7c628a8b]-nio2-thread-4] [BambooTrustedKeyServerKeyVerifier] Server at github.com/220.127.116.11:22 presented unverified EC key: SHA256:...............
We are assuming this is because of some old java lib, which version do we need to upgrade to? Does 8.x versions also have these problems ?
it's probably not ur key that is wrong if it's sha256. It's the hashing algorithm(SHA-1) used by bamboo ssh proxy.
I got this reply from Atlassian
Bamboo versions previous to v8.04 use an older SSH proxy SHA to access Bitbucket. This was updated in v8.04 to use a newer algorithm, so I believe upgrading to 8.0.5 or later will resolve this issue.
Ok good - so this is official answer we and anyone else who stumbles onto this thread about (especially since support ticket responses are slow right now).
Before March 15th we all need to upgrade to Bamboo 8.0.4 or later to ensure the proxy layer can support SHA2 (I suspected it was doing some sort of proxy with what I saw in the logs but nothing was documented, good to hear confirmation!)
We are also facing this issue and would appreciate a response on this issue too, but here is what I have found.
GitHub Security Bulletin: https://github.blog/2021-09-01-improving-git-protocol-security-github/#when-are-these-changes-effective
GitHub is conducting a test where they disable old keys for RSA/DSA (SHA1) to get people aware they need to update their key before March 15th where it will be blocked for good.
What is interesting is our key is SHA2! The key works from the command line, but within Bamboo it fails with the error message above.
I hope to hear 7.x or 8.x fixes this because we are long overdue for an upgrade (we are on 6.8.x) and will get that process moving once we have confirmation on what version to upgrade to.
We updated ssh related libraries in 8.0.4. Upgrading to that (or later) version should fix the problem.
Related JAC ticket: https://jira.atlassian.com/browse/BAM-21467 (it mentions OpenSSH in the title but it's really about the whole family of problems related to SHA-1 deprecation)