Failed to clone repository .... Underlying error: Failed to start SSH session [Especially Github repo] #153
Comments
|
Which key algorithm are you using? |
|
hi, thanks for your help. My key is 2048 SHA256 RSA |
|
Getting the same error here, same key type (which is the default for I get the following error from sshd: |
|
I dont use a password with the key, maybe this is a problem?! |
|
Well I know what's the problem and it might be a serious security concern. According to Mozilla's security guidelines, these are the recommended sshd options: And everything else should be considered insecure. Apparently the ssh library used in passforios doesn't support any of those! Especially SHA1 is considered broken. My distro (NixOS) has set these options as default, that's why it didn't work. The problem ultimately lies in the libssh2 version being too old since the latest one supports the necessary algorithms (libssh2 is used by libgit2 which is used by objective-git which is used to clone the repository). @mssun I suggest you to update some versions in hoping to get a more recent libssh2 @snakelab To fix this for now, you need to have access to the git server and add the following to your sshd_config: Edit: Actually this doesn't seem to work for me (the + syntax i mean), I have to change the declaration of |
|
@infinisil Thanks. I didn't notice this cause before. I found that objective-git points to the libssh2 (libssh2 @ f1cfa55) which is five years old. |
|
great work. As adding this algos is not an option for me, could it be fixed in passforios?! |
|
Is there a workaround for this? My host discontinued support for some of these key exchange methods, making passforios useless as-is. |
|
Same github just broke me |
|
No doubt this: https://githubengineering.com/crypto-deprecation-notice/ |
|
I just had to switch to gitlab |
|
Looks like libssh2 version got bumped in objective-git on Feb 15: libgit2/objective-git@17112f5 But no objective-git release since then... |
|
See also #164 |
|
This issue seems to have quite an impact to the project here, so i also opened an issue at the objective-git project and got good news: libgit2/objective-git#641 (comment) So it seems that passforios just need to update the objective-git libs and we all would be happy!!!! |
|
I will work on this weekend. Thanks.
… On Mar 2, 2018, at 2:36 AM, Hartmut König ***@***.***> wrote:
This issue seems to have quite an impact to the project here, so i also opened an issue at the objective-git project and got good news:
libgit2/objective-git#641 (comment) <libgit2/objective-git#641 (comment)>
So it seems that passforios just need to update the objective-git libs and we all would be happy!!!!
Please just do it.... thanks @mssun <https://github.com/mssun>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#153 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABNieKDdvbN0vUV2XmpsnNF11lh5MNpsks5taSCzgaJpZM4Rc8rJ>.
|
|
Just for the record: this will most likely not add |
|
any updates on this? |
|
Hi all, I'm trying to close this issue today. The only thing I can do is to use the master branch of objective-git. I don't know why I cannot use it via carthage. (libgit2/objective-git#646) Do you guys know why this could happen? |
|
Please send me a invite to testflight: h.koenig@snakelab.de |
|
Hi @mssun, it is so sad, but it is not working for me ... i got the same error at using ssh-key for my repo ... :-/ |
|
Has there been any progress on this? Using pass with bad encryption is worse than not using it at all. :/ |
|
@savyajha We are still waiting for a new ObjectivePGP release. Someone guy has been working on it. |
|
Oh wow. This is going to take a while, then. No worries, and thanks for letting me know. :) |
|
Major bummer. So if my repo is on github is there a (temporary) workaround? eg: If I put it somewhere that is not github (my own server) and loosen the permitted algorithms, will that let me push passwords from the phone again? |
|
A temporary workaround suggested by @raxod502 in #170
GitLab Documentation - Repository mirroring: https://docs.gitlab.com/ee/workflow/repository_mirroring.html |
yishilin14
changed the title
|
@mssun Hi bob, why don't you try this version with a newer openssl bib: |
|
@snakelab Did you mean this: https://github.com/tiennou/objective-git/commits/update/libgit2-0.27? It seems that supporting latest openssl lib is still work-in-progress. |
|
Well, i mean this issue: |
|
@snakelab Thanks. I tried to build with the master branch and got an error. I have reported to the upstream: libgit2/objective-git#654 |
|
@mssun Let me know if libgit2/objective-git#655 resolved your issues building |
|
@phatblat it works. Thanks. |
|
@mssun is a new release coming?? |
|
@snakelab Due to an issue of objective-git, we still cannot use the latest release for now. Thanks. |
|
Adding link for convenience. It looks like it will get merged soon: libgit2/objective-git#645 |
|
@snakelab Thanks, I'm following this PR. |
|
Asked for the linked PR to get merged, seeing as their holdup seems to have been fixed. Hopefully we'll get a fix to that issue that's blocking the upgrade of objective-git here. |
|
Hi all, I'm releasing a test flight because of the merged PR "Update libgit2 to 0.27" (libgit2/objective-git#645). Please help me test if everything works well. Thank you! |
|
I can now clone repositories from GitHub with the latest update. Thanks! |
|
Using it on a private server, it works with the Mozilla OpenSSH guidelines. Thank you! |
|
@mssun thanks for releasing this issue - it is also working for me now! |
|
Checked that the latest test flight app can synchronize with my GitHub repo now! |
|
Do we have any info on when we can expect this change to be pushed to production? Is there something we can do to help? Thank you for your hard work @mssun! |
|
I'm having the same error... is this being pushed to the App Store? If not, can you add me to testflight? |
|
Any ETA on app store release ? |
|
Version 0.5.0 (commits: 824b959) should have fixed the problem in this issue.
If you guys are unable to clone via SSH, I think it is because of some other reasons (e.g., problematic setup, unsupported key algorithms, unsupported key format). Please fire a new issue with more detailed information for further discussion/suggestions/debugging purposes. |
Hi folks,
i am getting this error at trying to clone a git repo via ssh-key which i had uploaded:
Failed to clone repository .... Underlying error: Failed to start SSH session: Unable to exchange encryption keys
Does anyone here have a tip for me?
thanks
hartmut
The text was updated successfully, but these errors were encountered: