Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Github sha-1 error's from 11th of Jan.

Hello,

running an old version of bamboo server 5.14.5. Today Github stopped allowing SHA-1.

 

Logs are now full of bellow error and can not build.

ERROR: You're using an RSA key with SHA-1, which is no longer allowed. Please use a newer client or a different key type.

and catalina.out contain.

2022-01-11 16:07:53,744 WARN [sshd-SshClient[7c628a8b]-nio2-thread-4] [BambooTrustedKeyServerKeyVerifier] Server at github.com/140.82.121.4:22 presented unverified EC key: SHA256:...............

We are assuming this is because of some old java lib, which version do we need to upgrade to? Does 8.x versions also have these problems ?

3 answers

Hello,

it's probably not ur key that is wrong if it's sha256. It's the hashing algorithm(SHA-1) used by bamboo ssh proxy.

 

I got this reply from Atlassian

Bamboo versions previous to v8.04 use an older SSH proxy SHA to access Bitbucket. This was updated in v8.04 to use a newer algorithm, so I believe upgrading to 8.0.5 or later will resolve this issue.

Ok good - so this is official answer we and anyone else who stumbles onto this thread about (especially since support ticket responses are slow right now).

Before March 15th we all need to upgrade to Bamboo 8.0.4 or later to ensure the proxy layer can support SHA2  (I suspected it was doing some sort of proxy with what I saw in the logs but nothing was documented, good to hear confirmation!)

 

Thanks!

We are also facing this issue and would appreciate a response on this issue too, but here is what I have found.

 

GitHub Security Bulletin: https://github.blog/2021-09-01-improving-git-protocol-security-github/#when-are-these-changes-effective

GitHub is conducting a test where they disable old keys for RSA/DSA (SHA1) to get people aware they need to update their key before March 15th where it will be blocked for good. 

What is interesting is our key is SHA2! The key works from the command line, but within Bamboo it fails with the error message above.

I hope to hear 7.x or 8.x fixes this because we are long overdue for an upgrade (we are on 6.8.x) and will get that process moving once we have confirmation on what version to upgrade to.

0 votes

I am also facing this issue as an iOS Developer. We're using Xcode to try and clone repos but github thinks my SHA2 key is SHA1 instead and fails.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bamboo

Bamboo Data Center on Kubernetes

Hi, If you are running self-managed environments and looking to adopt modern infrastructure, Bamboo Data Center can now be deployed in a Kubernetes cluster. By leveraging Kubernetes, you can easily...

66 views 0 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you