Can't access git via ssh with Drools workbench showcase docker image

[Tony Gemoll]

I am running the Drools docker image following the run command that is in the docs.

docker run -p 8080:8080 -p 8001:8001 -d --name drools-workbench jboss/drools-workbench-showcase:latest

I setup SSH to accept +ssh-dss connections. This is my ~/.ssh/config file

host localhost

        HostKeyAlgorithms=+ssh-dss

But when I try to clone from workbench I am getting the following error. I have the same problem on 7.7.0 and 7.6.0. Things work find is I dropped all the way down to 7.2.0. 

tony:~/dev/drools/sigh]$ git clone ssh://admin@localhost:8001/test/rawr

Cloning into 'rawr'...

Connection closed by ::1 port 8001

fatal: Could not read from remote repository.

Please make sure you have the correct access rights

and the repository exists.

The server.log file has this in it every time I try to connect:

2018-04-09 18:53:28,322 WARN  [org.apache.sshd.server.session.ServerSessionImpl] (sshd-SshServer[7aa7584e]-nio2-thread-1) exceptionCaught(ServerSessionImpl[null@/172.17.0.1:36554])[state=Opened] InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size

I am at my wits end. here. I am not sure what is going any more. Any help would be great and appreciated.

[Tony Gemoll]

Just wanted to be clear. /test/rawr is a team and project I created. I have deleted the container, started fresh, and used the default project `myteam` and imported one of the samples and still have the issue. As seen here:

[tony:~/dev/drools/sigh]$ git clone ssh://admin@localhost:8001/myteam/mortgages

Cloning into 'mortgages'...

Connection closed by ::1 port 8001

fatal: Could not read from remote repository.

Please make sure you have the correct access rights

and the repository exists.

[Roger Martinez]

Hello,

Well I guess the docker container has not much to do here, I mean once you "export" the internal git port to the host machine, the ssh connection is not affected... not sure yet if it's something related to the ssh protocol itself, although seems so, but a good initial step for discarding, the environment (docker) from the picture, is about doing the same operation in a non-docker environment, I mean running the application in a standalone Widfly instance on your host and trying to perform the checkout... if you get same error we can then focus on the ssh client/server side and see next steps, does that makes sense?

Thx

[Tony Gemoll]

This is the docker image I am using: https://hub.docker.com/r/jboss/drools-workbench-showcase/ 

I have tried it on 3 different computers. Win 10 and OSX (High Sierra). On all 3 systems, I get the same outcomes. I am using the docker images because that is how it is going to be developed against and ultimately deployed...

I can see if I can get the non-docker install working but am confused as to why it would matter. The directions of the docker image says it should work. It worked in 7.2.0.

Related question: SSH-DSS is have deemed insecure. Is it on the backlog to move drools to something less legacy? (source: https://www.openssh.com/legacy.html )

[Roger Martinez]

Yeah I mean I'm pretty sure as well it's not related to the docker container itself, it just should do the "bridge" between container and hosts ports... but was just for double checking and isolating in small steps the root issue. 

It looks like not a bug, just a configuration thing, but I'm no an expert on the workbench's git integration side. Anyway as far as I remember there exist several system properties you can configure about the workbench's git integration, not just the default "host" one that docker images provide, so another option is trying to set here the right secure connection settings if those are different than the default ones