SSH connection problem

[Christian Beilschmidt]

Hi there,

I've deployed gitblit (1.6) on a Tomcat 7 server on a Ubuntu 12.04 system.
I used the configuration from the website and only changed the SSH port (does not work with the original port as well).

Unfortunately I can't get a connection to gitblit via SSH and I'm really missing a hint on what is the problem in that case.

Here is the connection log:

OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 9834.
debug1: Connection established.
debug1: identity file /home/mylogin/.ssh/id_rsa type -1
debug1: identity file /home/mylogin/.ssh/id_rsa-cert type -1
debug1: identity file /home/mylogin/.ssh/id_dsa type -1
debug1: identity file /home/mylogin/.ssh/id_dsa-cert type -1
debug1: identity file /home/mylogin/.ssh/id_ecdsa type -1
debug1: identity file /home/mylogin/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version Gitblit_v1.6.0 (SSHD-CORE-0.11.0-NIO2)
debug1: no match: Gitblit_v1.6.0 (SSHD-CORE-0.11.0-NIO2)
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by 127.0.0.1

Maybe you have an idea on what the problem is any how to solve it.


Best regards

[Tamas Papp]

Take a look at gitblit.log.

tamas

[Christian Beilschmidt]

Thank you, I'm seeing indeed an error message here:

2014-08-12 14:20:16 [INFO ] creating ssh session from /127.0.0.1:58734
2014-08-12 14:20:16 [WARN ] Exception caught
java.security.InvalidAlgorithmParameterException: parameter object not a ECParameterSpec
        at org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$EC.initialize(Unknown Source)
        at java.security.KeyPairGenerator.initialize(KeyPairGenerator.java:400)
        at org.apache.sshd.common.kex.ECDH.getE(ECDH.java:58)
        at org.apache.sshd.server.kex.AbstractDHGServer.init(AbstractDHGServer.java:71)
        at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:359)
        at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:295)
        at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:720)
        at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:277)
        at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)
        at org.apache.sshd.common.io.nio2.Nio2Session$1.completed(Nio2Session.java:188)
        at org.apache.sshd.common.io.nio2.Nio2Session$1.completed(Nio2Session.java:174)
        at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
        at sun.nio.ch.Invoker.invokeDirect(Invoker.java:145)
        at sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)
        at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:275)
        at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:296)
        at java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:407)
        at org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:174)
        at org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.completed(Nio2Acceptor.java:130)
        at org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.completed(Nio2Acceptor.java:109)
        at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
        at sun.nio.ch.Invoker$2.run(Invoker.java:206)
        at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:744)
2014-08-12 14:20:16 [INFO ] closed ssh session from /127.0.0.1:58734

Unfortunately it doesn't help me again. I can't find anything useful related to this one.


Best regards

[Tamas Papp]

It's like the server doesn't have proper keys generated.
But James probably will be able to say something smarter.

tamas

--
You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gitblit+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[James Moger]

Gitblit generates and accepts RSA & DSA keys.  It does not (yet) support ECD* keys and it appears you are trying to use one.

-J

[Christian Beilschmidt]

Okay, so how do I disable it using EDCH? I tried setting the HostKeyAlgorithms option on the client-side, but I does not seem to work.

ssh -v -o HostKeyAlgorithms='ssh-rsa-...@openssh.com,ssh-dss-...@openssh.com,ssh-rsa-...@openssh.com,ssh-dss-...@openssh.com,ssh-rsa,ssh-dss' -l <username> -p <port> localhost


Best regards

[Florian Zschocke]

Check the type of your client's key that you stored in Gitblit. It should not be an ECDH key.