Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » EGit / JGit » EGit 5.13 clone TFS repository with SSH fail((Unable to negotiate key exchange for kex algorithms))
EGit 5.13 clone TFS repository with SSH fail [message #1842725] Tue, 29 June 2021 17:52 Go to next message
Sylvert THIVANT is currently offline Sylvert THIVANTFriend
Messages: 1
Registered: June 2021
Junior Member
I'm posting here because I can't find a solution anywhere esle.

Since my Eclipse (on Windows) updated and is using the last version of EGit I get an error when tring to clone, pull or push from a TFS-Git repository.
It still works with Git Bash and TortoiseGit.

The error is :
Unable to negotiate key exchange for kex algorithms (client: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,ext-info-c / server: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1)


Wich, if I understand correctly, tells me that the server only accept old (and weak) algorithms.
I edited my ".SSH/config" file to add
KexAlgorithms +diffie-hellman-group1-sha1
but to no avail
I also tried to configure theese algorithms in Eclpses Preferences in "General > Network Connections > SSH2" but to no avail either
Re: EGit 5.13 clone TFS repository with SSH fail [message #1842726 is a reply to message #1842725] Tue, 29 June 2021 19:12 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 406
Registered: August 2016
Senior Member
I think that would occur also with EGit 5.12 and probably also with 5.11. Maybe it's time to upgrade this TFS instance to a newer version that does support modern algorithms, or to switch to some other git server altogether.

The KEX Methods and Mac algorithms preferences from Eclipse are ignored by the SSH support in JGit., and yes, JGit doesn't implement the KexAlgorithms ssh config. It just uses its built-in set. We could try to improve that.
Re: EGit 5.13 clone TFS repository with SSH fail [message #1842757 is a reply to message #1842726] Wed, 30 June 2021 15:37 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 406
Registered: August 2016
Senior Member
See https://developercommunity.visualstudio.com/t/git-ssh-access-offers-weak-algorithms/921226 .
Re: EGit 5.13 clone TFS repository with SSH fail [message #1842864 is a reply to message #1842757] Sat, 03 July 2021 19:58 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 406
Registered: August 2016
Senior Member
I've created bug 574636 for this.
Re: EGit 5.13 clone TFS repository with SSH fail [message #1843152 is a reply to message #1842864] Fri, 16 July 2021 15:19 Go to previous message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 406
Registered: August 2016
Senior Member
"KexAlgorithms +diffie-hellman-group14-sha1" should work with EGit nightly now. "diffie-hellman-group14-sha1" is slightly stronger than "diffie-hellman-group1-sha1". But of course you could also enable both via "KexAlgorithms +diffie-hellman-group14-sha1,diffie-hellman-group1-sha1".
Previous Topic:EGit 5.12 SSH clone failing due to Signature encoding error
Next Topic:EGit cannot find the signing key
Goto Forum:
  


Current Time: Tue Oct 19 04:55:48 GMT 2021

Powered by FUDForum. Page generated in 0.01924 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top