Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,462,561
Community Members
 
Community Events
176
Community Groups

Github sha-1 error's from 11th of Jan.

Hello,

running an old version of bamboo server 5.14.5. Today Github stopped allowing SHA-1.

 

Logs are now full of bellow error and can not build.

ERROR: You're using an RSA key with SHA-1, which is no longer allowed. Please use a newer client or a different key type.

and catalina.out contain.

2022-01-11 16:07:53,744 WARN [sshd-SshClient[7c628a8b]-nio2-thread-4] [BambooTrustedKeyServerKeyVerifier] Server at github.com/140.82.121.4:22 presented unverified EC key: SHA256:...............

We are assuming this is because of some old java lib, which version do we need to upgrade to? Does 8.x versions also have these problems ?

4 answers

Hello,

it's probably not ur key that is wrong if it's sha256. It's the hashing algorithm(SHA-1) used by bamboo ssh proxy.

 

I got this reply from Atlassian

Bamboo versions previous to v8.04 use an older SSH proxy SHA to access Bitbucket. This was updated in v8.04 to use a newer algorithm, so I believe upgrading to 8.0.5 or later will resolve this issue.

Ok good - so this is official answer we and anyone else who stumbles onto this thread about (especially since support ticket responses are slow right now).

Before March 15th we all need to upgrade to Bamboo 8.0.4 or later to ensure the proxy layer can support SHA2  (I suspected it was doing some sort of proxy with what I saw in the logs but nothing was documented, good to hear confirmation!)

 

Thanks!

Like Marcin Gardias likes this

We are also facing this issue and would appreciate a response on this issue too, but here is what I have found.

 

GitHub Security Bulletin: https://github.blog/2021-09-01-improving-git-protocol-security-github/#when-are-these-changes-effective

GitHub is conducting a test where they disable old keys for RSA/DSA (SHA1) to get people aware they need to update their key before March 15th where it will be blocked for good. 

What is interesting is our key is SHA2! The key works from the command line, but within Bamboo it fails with the error message above.

I hope to hear 7.x or 8.x fixes this because we are long overdue for an upgrade (we are on 6.8.x) and will get that process moving once we have confirmation on what version to upgrade to.

0 votes

We updated ssh related libraries in 8.0.4. Upgrading to that (or later) version should fix the problem.

 

Related JAC ticket: https://jira.atlassian.com/browse/BAM-21467 (it mentions OpenSSH in the title but it's really about the whole family of problems related to SHA-1 deprecation)

I am also facing this issue as an iOS Developer. We're using Xcode to try and clone repos but github thinks my SHA2 key is SHA1 instead and fails.

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events