[asterisk-dev] Usage of weak key algorithm on Gerrit
Matt Fredrickson
creslin at digium.com
Fri Feb 26 15:48:47 CST 2016
Reply below.
On Thu, Feb 25, 2016 at 9:59 AM, Leif Madsen <leif at leifmadsen.com> wrote:
> Apologies if this is a well known issue and I'm just stirring the pot :)
>
> Attempted to check out Asterisk from Gerrit today, and got a message I
> didn't recognize.
>
> > Cloning into 'asterisk'...
> > Unable to negotiate with 76.164.171.232: no matching key exchange
> method found. Their offer: diffie-hellman-group1-sha1
> > fatal: Could not read from remote repository.
> >
> > Please make sure you have the correct access rights
> > and the repository exists.
>
> Quick search turned up the answer though. A weak key implementation on
> Gerrit (which my OpenSSH disables by default):
>
> http://www.openssh.com/legacy.html
>
> Workaround was to add to my ~/.ssh/config:
>
> > Host gerrit.asterisk.org
> > KexAlgorithms +diffie-hellman-group1-sha1
>
> Perhaps this could be modified so that the key exchange is slightly more
> secure? It's all open source stuff here, so the exchange may not be THAT
> necessary, but might not be a bad idea :)
>
Thanks for the heads up on this Leif. We'll see if we can look into this.
--
Matthew Fredrickson
Digium, Inc. | Engineering Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20160226/7fdd86de/attachment.html>
More information about the asterisk-dev
mailing list