Launchpad itself

no matching key exchange method found

Asked by Janis Eisaks

H!

I have a problem updating trunk having ssh with allowed DH key length 2048 and above.

Logging on: bzr launchpad-login USER
Updating trunk...
ssh_dispatch_run_fatal: Connection to 91.189.95.84: no matching key exchange method found
ConnectionReset reading response for 'BzrDir.open_2.1', retrying
ssh_dispatch_run_fatal: Connection to 91.189.95.84: no matching key exchange method found
bzr: ERROR: Connection closed: Unexpected end of message. Please check connectivity and permissions, and report a bug if problems persist.

I think it deserves special attention as ssh v.7.0 will put some limits on the key size: http://www.openssh.com/txt/release-6.9

Janis

Question information

Language:
English Edit question
Status:
Answered
For:
Launchpad itself Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:

This question was reopened

Revision history for this message
Launchpad Janitor (janitor) said : 		#1

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Revision history for this message
Janis Eisaks (jancs) said : 		#2

The problem still exists and no solution is provided

Revision history for this message
Janis Eisaks (jancs) said : 		#3

additional comment:

it is not possible to update trunk if ssh.conf has such setting:
KexAlgorithms <email address hidden>,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256

Revision history for this message
Janis Eisaks (jancs) said : 		#4

additional comment:

it is not possible to update trunk if ssh.conf has such setting:
KexAlgorithms <email address hidden>,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256

Revision history for this message
Amos Ng (amosjyng) said : 		#5

Just got this error too. bzr worked earlier but no longer, no idea why. I'm on Windows.

Revision history for this message
Amos Ng (amosjyng) said : 		#6

It works again after I do

bzr config --remove launchpad_username --scope bazaar

It appears the problem only occurs when I'm logged into launchpad.

Revision history for this message
Janis Eisaks (jancs) said : 		#7

In my case - I have to be logged on as I need to submit changes to the trunk.

Revision history for this message
Colin Watson (cjwatson) said : 		#8

We know about this and are working on it; it's of special concern to me since I maintain the openssh packages as well. It's taking a little while because we need to get changes made in the Twisted project first, and then we need to organise an upgrade at our end which unfortunately brings in its own dependency chain. I've linked to the bug that tracks this.

As far as workarounds go, this comes under: http://www.openssh.com/legacy.html

Revision history for this message
Peter Bienstman (peter-bienstman) said : 		#9

I've put this in my .ssh/config:

Host 91.189.95.84
        KexAlgorithms +diffie-hellman-group1-sha1

No luck... This is using cygwin on Windows 10.

What is the correct workaround? It's not good that I can no longer update our branch...

Revision history for this message
Colin Watson (cjwatson) said : 		#10

Peter, I would expect it to have to be "Host bazaar.launchpad.net", not "Host 91.189.95.84"; Host normally must be the value specified on the ssh command-line, which in this case is going to be bazaar.launchpad.net under the hood.

After making that change, if it still doesn't work then please post the output of "ssh -vvv bazaar.launchpad.net".

To be clear, you need:

  Host bazaar.launchpad.net
          KexAlgorithms +diffie-hellman-group1-sha1

Revision history for this message
Peter Bienstman (peter-bienstman) said : 		#11

Thanks, that helped!

Revision history for this message
Colin Watson (cjwatson) said : 		#12

Per my update in the linked bug, you no longer need "Host bazaar.launchpad.net" "KexAlgorithms +diffie-hellman-group1-sha1" and should remove it from your configuration. Some other Launchpad SSH services still require similar configuration though.

Revision history for this message
Colin Watson (cjwatson) said : 		#13

In case you haven't noticed based on updates to the linked bug: this problem is now fixed and you can simply use the default crypto settings in OpenSSH 7.1 with Launchpad servers.

Can you help with this problem?

Provide an answer of your own, or ask Janis Eisaks for more information if necessary.

To post a message you must log in.