Experimental Physics and
Industrial Control System

I fixed the problem.  I added a .ssh/config file for the account I use for github:

 

Host *

    MACs hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sha2-256

 

I added all of the MACs that it said github was offering.

 

I am quite sure that nothing changed on my computer, so it seems like Github must have stopped supporting any of the MACs in my /etc/ssh/ssh_config file.  By adding all of the MACs Github says they do support to my .ssh/config file it now works.  Others running older versions of openssh may run into the same issue.

 

Mark

 

 

 

 

Hi Michael,

 

Thanks for the reply.

 

Ø  Maybe an OS upgrade is in order? 

 

I really want to avoid having to upgrade this OS now.  It was working fine last week and nothing has changed on our system that I know of.

 

Ø  Which openssh version is currently installed?

corvette:~>ssh -V

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017

 

Ø  GIT_SSH_COMMAND="ssh -vvv" git push

Ø  will print the gory details of the SSH connection process.

 

I tried that but I don't see any gory details:

 

export (base) [epics@corvette asyn]$ GIT_SSH_COMMAND="ssh -vvv" git push

Unable to negotiate with 140.82.112.3 port 22: no matching MAC found. Their offer: hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sha2-256

fatal: Could not read from remote repository.

 

Please make sure you have the correct access rights

and the repository exists.

 

This is part of my /etc/ssh/ssh_config:

 

# Host *

#   ForwardAgent no

#   ForwardX11 no

#   RhostsRSAAuthentication no

#   RSAAuthentication yes

#   PasswordAuthentication yes

#   HostbasedAuthentication no

#   GSSAPIAuthentication no

#   GSSAPIDelegateCredentials no

#   GSSAPIKeyExchange no

#   GSSAPITrustDNS no

#   BatchMode no

#   CheckHostIP yes

#   AddressFamily any

#   ConnectTimeout 0

#   StrictHostKeyChecking ask

#   IdentityFile ~/.ssh/identity

#   IdentityFile ~/.ssh/id_rsa

#   IdentityFile ~/.ssh/id_dsa

#   IdentityFile ~/.ssh/id_ecdsa

#   IdentityFile ~/.ssh/id_ed25519

#   Port 22

#   Protocol 2

#   Cipher 3des

#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc

    Ciphers aes128-ctr,aes192-ctr,aes256-ctr

#   MACs hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160

    MACs hmac-sha1,umac-64 at openssh.com,hmac-ripemd160

#   EscapeChar ~

#   Tunnel no

#   TunnelDevice any:any

#   PermitLocalCommand no

#   VisualHostKey no

#   ProxyCommand ssh -q -W %h:%p gateway.example.com

#   RekeyLimit 1G 1h

#

 

Does that the only MACs supported are the ones uncommented above, i.e.

hmac-sha1,umac-64 at openssh.com,hmac-ripemd160

 

If so what is the meaning of the ssh –Q mac output:

 

(base) [epics@corvette asyn]$ ssh -Q mac

hmac-sha1

hmac-sha1-96

hmac-sha2-256

hmac-sha2-512

hmac-md5

hmac-md5-96

hmac-ripemd160

hmac-ripemd160 at openssh.com

umac-64 at openssh.com

umac-128 at openssh.com

hmac-sha1-etm at openssh.com

hmac-sha1-96-etm at openssh.com

hmac-sha2-256-etm at openssh.com

hmac-sha2-512-etm at openssh.com

hmac-md5-etm at openssh.com

hmac-md5-96-etm at openssh.com

hmac-ripemd160-etm at openssh.com

umac-64-etm at openssh.com

umac-128-etm at openssh.com

 

Thanks,

Mark

 

 

-----Original Message-----
From: Michael Davidsaver <mdavidsaver at gmail.com>
Sent: Tuesday, January 11, 2022 1:33 PM
To: Mark Rivers <rivers at cars.uchicago.edu>
Cc: core-talk at aps.anl.gov
Subject: Re: Git push problem

 

On 1/11/22 10:32 AM, Mark Rivers via Core-talk wrote:

> Folks,

>

>  

>

> I am trying to push to the Github asyn repository from a Linux system that has worked for many years.

 

Maybe an OS upgrade is in order?  Which openssh version is currently installed?

 

 

> It worked as recently as January 6.  But now I am getting this error:

 

I am able to push successfully.

 

> $ grep Debian /etc/os-release

> PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"> $ ssh -V

> OpenSSH_8.4p1 Debian-5, OpenSSL 1.1.1k  25 Mar 2021

 

 

 

 

> corvette:~/devel/asyn>git push

 

fyi.

 

> GIT_SSH_COMMAND="ssh -vvv" git push

 

will print the gory details of the SSH connection process.

 

 

 

> Unable to negotiate with 140.82.113.4 port 22: no matching MAC found. Their offer: hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sha2-256

>

> fatal: Could not read from remote repository.

>

>  

>

> Please make sure you have the correct access rights

>

> and the repository exists.

>

>  

>

> When I run ssh –Q mac it seems like I have all of their support MAC types:

>

>  

>

> corvette:~/devel/asyn>ssh -Q mac

>

> hmac-sha1

>

> hmac-sha1-96

>

> hmac-sha2-256

>

> hmac-sha2-512

>

> hmac-md5

>

> hmac-md5-96

>

> hmac-ripemd160

>

> hmac-ripemd160 at openssh.com

>

> umac-64 at openssh.com

>

> umac-128 at openssh.com

>

> hmac-sha1-etm at openssh.com

>

> hmac-sha1-96-etm at openssh.com

>

> hmac-sha2-256-etm at openssh.com

>

> hmac-sha2-512-etm at openssh.com

>

> hmac-md5-etm at openssh.com

>

> hmac-md5-96-etm at openssh.com

>

> hmac-ripemd160-etm at openssh.com

>

> umac-64-etm at openssh.com

>

> umac-128-etm at openssh.com <mailto:umac-128-etm at openssh.com>

>

>  

>

> My ssh keys have not changed.  I removed github.com from known_hosts just in case that was the problem.

>

>  

>

> corvette:~/.ssh>ls -l

>

> total 28

>

> -rw------- 1 epics domain users  3243 Nov 18  2019 id_rsa

>

> -rw-r--r-- 1 epics domain users   750 Nov 18  2019 id_rsa.pub

>

> -rw-r--r-- 1 epics domain users 17340 Jan 11 12:30 known_hosts

>

>  

>

> Any idea how to fix this?

>

>  

>

> Thanks,

>

> Mark

>

>  

>