Failed replication after upgrading from 2.14 -> 3.4

[Nguyen Tuan Khang Phan]

When creating new changes on existing projects replication succeeds (its done through http). However, when creating a new project we are getting this error:

Error creating remote repository at <gerritUser>@<gerrit_site>:/opt/gerrit/repos/smokeTestsParent/test_project_replication.git:
  Exception: org.eclipse.jgit.errors.TransportException: <gerritUser>@<gerrit_site>:/opt/gerrit/parentProject/test_project_replication.git: KeyExchange signature verification failed for key type=ssh-rsa
  Command: mkdir -p '/opt/gerrit/parentProject/test_project_replication.git' && cd '/opt/gerrit/parentProject/test_project_replication.git' && git init --bare && git symbolic-ref HEAD 'refs/heads/master'

We didn't change anything in the ~/.ssh/config and ~/.ssh/id_rsa.pub.

[David Ostrovsky]

Since Gerrit 3.4 Apache MINA SSHD was updated to 2.6.0, that includes this

change: [1]. See this related issue: [2] and this release notes entry: [3]:

• Issue 14644: Weak security settings accidentally removed in SSH transport

[1] https://issues.apache.org/jira/browse/SSHD-1004

[2] https://crbug.com/gerrit/14644

[3] https://www.gerritcodereview.com/3.4.html#341

[Nguyen Tuan Khang Phan]

We are unable to fix it. Can you show us how to do so? Currently we are working around it with pull-replication plugin.

[Matthias Sohn]

On Fri, Sep 2, 2022 at 12:39 PM Nguyen Tuan Khang Phan <phan....@gmail.com> wrote:

We are unable to fix it. Can you show us how to do so? Currently we are working around it with pull-replication plugin. 

AFAICS upgrading to 3.4.1 should fix this problem since it contains the bugfix mentioned by David

-Matthias

[Nguyen Tuan Khang Phan]

AFAICS upgrading to 3.4.1 should fix this problem since it contains the bugfix mentioned by David

-Matthias

 We are on 3.4.5 the issue still persists. Should we regenerate our id_rsa? If yes, which algorithm should we use?