Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

On Windows GIT_SSH environment variable not respected

After a recent update, SSH with SourceTree broke on me.

On my private repos I only allow modern, secure SSH ciphers. This used to work fine, but now I get a "No matching cipher found" error anytime I try to fetch or push. It looks like the official Windows Git comes bundled with an old or crippled OpenSSH client that doesn't support modern ciphers.

For command line usage, I was able to work around this by setting the GIT_SSH variable to point to my Cygwin SSH client. But, SourceTree doesn't seem to respect this setting and still tries to use the bundled SSH client.

Any ideas on how I can work around this?

2 answers

1 accepted

0 votes
Answer accepted

Someone on GitHub found a work around for this!

It turns out there is a hard-coded cipher list in Program Files\Git\etc\ssh\ssh_config. All you have to do is comment that line and everything works again.

I still don't know how it was working before the update, but at least it's working now. We can go ahead and close this.

0 votes
Mike Corsaro Atlassian Team May 29, 2018

Hello! Could you make sure your PATH environment variable is set to the location of your SSH agent? Sourcetree uses that setting to find the SSH agent to use.

Hi Mike, thanks for the helpful response. I tweaked the PATH variable so the Cygwin bin directory came before the Git directory, but unfortunately, even after a restart, I'm seeing the same behavior from SourceTree.

From Windows cmd, I can type in: `ssh git@myserver.com` and connect with no problem. So, the environment variables are correct.

You mentioned the SSH agent. I don't think this is an issue with the agent so much as the SSH binary itself. I'm not sure what ssh client SourceTree is trying to use, but it doesn't support modern ciphers like chacha20-poly1305@openssh.com or aes256-gcm@openssh.com

Mike Corsaro Atlassian Team May 29, 2018

Are you using Embedded Git, or System Git? And are you using OpenSSH, or Putty? Additionally, I would try replacing "ssh-agent.exe" in the current git install with your new one.

Hi Mike, I've tried it with both embedded and system Git, and I get the same results with both. I'm using OpenSSH not Putty.

I replaced the ssh-agent.exe in the Git install, and nothing changed. Then, I tried replacing the ssh.exe in the Git install and I got a new error about cygwin heap mismatch. So, I have at least confirmed that SoureTree is using the ssh binary included in the Git install and not the one that comes first in the PATH environment variable.

It would be nice if SourceTree respected the GIT_SSH environment variable because I could just point it to the binary I want to use without messing with my PATH. In my case, I actually need the Git bin to come before my cygwin bin for interoperability with other apps (namely npm which has some kind of vendetta against cygwin).

Mike Corsaro Atlassian Team May 29, 2018

We don't often see users using a custom SSH agent, but I'll file a ticket to add support. I'd also recommend filing a ticket on the Git for Windows repo to ask and see if they're willing to upgrade the current openssh version.

Ok, now I'm really confused. I starting gathering version information to do what you suggested, and I discovered that the bundled OpenSSH with Git is actually newer than my cygwin version and specifically lists support (via "ssh -Q cipher") for all of the ciphers my server is offering.

But, even though it says it supports those ciphers, I get the same error about no matching cipher found if I try to use it directly from the command line.

I tested it against some other SSH servers, and it seemed to negotiate a cipher without issue. Any ideas at this point? It's almost starting to sounds like an issue with my server although it was working perfectly before the update.

I filed an issue for this on the Git for Windows repo here: https://github.com/git-for-windows/git/issues/1723

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Sourcetree

Tip from the team: configure your repos for hosting goodness!

Supported Platforms macOS Windows We recently introduced support for additional hosting services such as GitHub Enterprise, GitLab (Cloud, Community Edition, Enterprise Edition), and...

3,247 views 4 5
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you