[asterisk-dev] Usage of weak key algorithm on Gerrit
Joshua Colp
jcolp at digium.com
Fri Feb 26 16:43:06 CST 2016
Leif Madsen wrote:
> Apologies if this is a well known issue and I'm just stirring the pot :)
>
> Attempted to check out Asterisk from Gerrit today, and got a message I
> didn't recognize.
>
> > Cloning into 'asterisk'...
> > Unable to negotiate with 76.164.171.232 <http://76.164.171.232/>:
> no matching key exchange method found. Their offer:
> diffie-hellman-group1-sha1
> > fatal: Could not read from remote repository.
> >
> > Please make sure you have the correct access rights
> > and the repository exists.
>
> Quick search turned up the answer though. A weak key implementation on
> Gerrit (which my OpenSSH disables by default):
>
> http://www.openssh.com/legacy.html
>
> Workaround was to add to my ~/.ssh/config:
>
> > Host gerrit.asterisk.org <http://gerrit.asterisk.org/>
> > KexAlgorithms +diffie-hellman-group1-sha1
>
> Perhaps this could be modified so that the key exchange is slightly more
> secure? It's all open source stuff here, so the exchange may not be THAT
> necessary, but might not be a bad idea :)
This has been fixed.
Cheers,
--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
Check us out at: www.digium.com & www.asterisk.org
More information about the asterisk-dev
mailing list