Reputation: 917
ssh_dispatch_run_fatal when trying to ssh repos to gitlab
I'm trying to access repositories from the official gitlab server. Now, I'm getting the error
ssh_dispatch_run_fatal: Connection to 104.210.2.228: no matching cipher found
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
if I try to pull, clone, or even ssh [email protected].
I created a new key and tested to check if the key was the problem but the same error persists.
Some info of my system:
$ lsb_release -a
Distributor ID: Ubuntu
Description: Ubuntu 15.10
Release: 15.10
Codename: wily
$ git --version
git version 2.5.0
$ ssh -vvvT [email protected]
OpenSSH_6.9p1 Ubuntu-2ubuntu0.2, OpenSSL 1.0.2d 9 Jul 2015
debug1: Reuserg configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to gitlab.com [104.210.2.228] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9p1 Ubuntu-2ubuntu0.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu1
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to gitlab.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: blowfish-cbc,arcfour
debug2: kex_parse_kexinit: blowfish-cbc,arcfour
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],zlib,none
debug2: kex_parse_kexinit: [email protected],zlib,none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
ssh_dispatch_run_fatal: Connection to 104.210.2.228: no matching cipher found
It seems that I have some error or difference with the versions of OpenSSH, but I'm not sure. Any pointers to what is going on, and how to fix it will be appreciated.
Upvotes: 2
Views: 8666
Answers (3)
Reputation: 1558
You can configure your client ssh to use one of the allowed ciphers on the server. One way to do it is to modify ~/.ssh/config with this:
Host gitlab.com
Ciphers aes256-ctc
Upvotes: 0
Reputation: 1498
I was getting similar issue like this while trying to connect with remote in git lab after upgrading my Macbook to HighSierra.
Unable to negotiate with xx.xx.xx.xx port xx: no matching cipher found. Their offer: aes256-cbc,aes128-cbc fatal: Could not read from remote repository.
To solve this issue, just edit the /etc/ssh/ssh_config file to add the ciphers that support server configuration.
This can be simply done by uncommenting the line # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc by removing the # charactor in front.
As the ssh folder has access restrictions, use vim editor or make a copy of the file in somewhere like desktop and make changes and then replace at the /etc/ssh/ folder.
Upvotes: 0
Reputation: 25986
no matching cipher found
means that your sever and client offers different ciphers.
Client side:
debug2: kex_parse_kexinit: blowfish-cbc,arcfour
Server side:
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
The client side proposal are certainly not default values, because they are unsafe ciphers (disabled on any sane server). You should check your /etc/ssh/ssh_config and remove the line
Ciphers blowfish-cbc,arcfour
or similar (regardless how and why it get there). If you need legacy ciphers to connect to legacy systems, there is always match block, which you can use
Match legacy.hostmane
Ciphers blowfish-cbc,arcfour
Upvotes: 2
Related Questions
- Message 'src refspec master does not match any' when pushing commits in Git
- How to specify the private SSH-key to use when executing shell command on Git?
- ssh "permissions are too open"
- How can I ssh into a server that requires two password authentication using Python's Paramiko module?
- Permission denied (publickey) Bitbucket
- Jenkins SSH server showing error Algorithm negotiation fail while trying to setup with over the SSH plugin
- Amazon ec2 show "Permission denied (publickey)"
- Amazon instance no longer allowing login with private key