Configuring SSH in GitBlit (ssh-dss issue)

[ryan.ke...@gmail.com]

Hello. I'm jumping in on maintenance of an existing GitBlit server (v1.6.2) that uses the servlet-based ssh server. We're having clients hit this problem:

$ git fetch
Unable to negotiate with x.x.x.x: no matching host key type found. Their offer: ssh-dss

What's initially confusing to me is that there's no obvious way to configure the ssh server. I see the following two files in the base-dir that are apparently the SSH keys, but nothing else seems to let me specify algorithms, trusted hosts, etc. Does it read from the system ssh directory (/etc/ssh)? I haven't been able to find any related docs.

ssh-dsa-hostkey.pem
ssh-rsa-hostkey.pem

Those .pem files seem like a strange format (versus standard pub/private ssh key pairs). I was expecting a doc to suggest their specific format.

[ryan.ke...@gmail.com]

Ah. According to this:

https://groups.google.com/forum/#!topic/gitblit/hWpmeFplbks 

You can't without hacking on the code.

 

That's probably still true, but I don't know if that applies to ssh-rsa. (Be aware that the ssh client v7 doesn't work with ssh-dss without forcing backwards compatibility.)

[James Moger]

Gitblit does not use the system SSH, it uses a portable, pure-Java SSH implementation.  Gitblit 1.6 supports DSA & RSA.  Gitblit 1.7 adds Kerberos5/GSS.  The host keys are automatically generated on first startup and are not configurable.  Users upload their public keys and they are stored in ${baseFolder}/ssh/${username}.  There are just a handful of SSH daemon settings, mostly with the "git.ssh" prefix on the setting name.

HTH,

-J

--
You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gitblit+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ryan.ke...@gmail.com]

For those listening at home, here's my current workaround for connecting to myserver.example.com from a system that uses a v7 ssh client...

Edit:

~/.ssh/config

Adding:

Host myserver.example.com
    HostName myserver.example.com
    User myusername
    HostKeyAlgorithms +ssh-dss