*************************************************************************
*** !!!! THIS BUG TRACKER IS FOR GERRIT CODE REVIEW !!!!
*** Do not submit bugs for chrome/android and issues with your company's
*** Gerrit setup here. Those issues belong in different issue trackers.
*************************************************************************
Affected Version: 3.4.0
What steps will reproduce the problem?
1. Attempt to access gerrit sshd using a JSch client.
2.
3.
What is the expected output?
[sshd-SshDaemon[61186191](port=22)-nio2-thread-4] jira a/1000185 LOGIN FROM x.x.x.x
What do you see instead?
From Wireshark..
Key Exchange Init from Gerrit with ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256
Key Exchange Init from JSCH with diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
Disconnect from Gerrit
Disconnect from JSch
Please provide any additional information below.
Basically JSch clients are no longer supported. This would have been fine with a little notice but the release notes for 3.4.0 just said...
"Deprecated JCraft JSch client library is replaced with MINA SSHD client library per default. There is still option to switch to using JCraft JSch client library. Support for JCraft JSch will be removed in the next gerrit release."
...without any mention of the implications. Also, the option to switch back to JSch seems to be non-functional. Setting ssh.clientImplementation to JSCH seems to do nothing and there's doesn't seem to be a similar option for sshd.
ERROR com.google.gerrit.sshd.SshDaemon : sshd.kex = diffie-hellman-group1-sha1 unsupported; only ecdh-sha2-nistp521, ecdh-sha2-nistp384, ecdh-sha2-nistp256, diffie-hellman-group-exchange-sha256, diffie-hellman-group18-sha512, diffie-hellman-group17-sha512, diffie-hellman-group16-sha512, diffie-hellman-group15-sha512, diffie-hellman-group14-sha256 is supported