574636 – ssh: make KexAlgorithms configurable in ~/.ssh/config

Bug 574636 - ssh: make KexAlgorithms configurable in ~/.ssh/config

Summary: ssh: make KexAlgorithms configurable in ~/.ssh/config

Status:	RESOLVED FIXED

Alias:	None

Product:	JGit
Classification:	Technology
Component:	JGit (show other bugs)
Version:	5.12
Hardware:	All All

Importance:	P3 enhancement with 1 vote (vote)
Target Milestone:	5.13
Assignee:	Thomas Wolf
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2021-07-03 15:57 EDT by Thomas Wolf
Modified:	2021-07-16 06:08 EDT (History)
CC List:	0 users

See Also:	Gerrit Change Git Commit

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Wolf

2021-07-03 15:57:25 EDT

From https://www.eclipse.org/forums/index.php/t/1108371/ :

Apache MINA sshd 2.6.0 removed a number of SHA1-based algorithms by default. While we re-added the weak signature algorithms, we did not re-add weak key exchange methods.

If a server supports _only_ these older, now deprecated, weak kex methods, connecting to such a server is not possible. Apparently this is the case for some Microsoft TFS instances.

Users should in such cases have the possibility to enable these weak algorithms via the KexAlgorithms ssh config.

Comment 1 Eclipse Genie

2021-07-07 15:47:13 EDT

New Gerrit change created: https://git.eclipse.org/r/c/jgit/jgit/+/182866

Comment 2 Eclipse Genie

2021-07-16 03:26:57 EDT

Gerrit change https://git.eclipse.org/r/c/jgit/jgit/+/182866 was merged to [master].
Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=27a1fa1872da9d0da9147941aa6b372dee48cefb