EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  <2022 Index 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  <2022
<== Date ==> <== Thread ==>

Subject: RE: Git push problem
From: Mark Rivers via Core-talk <core-talk at aps.anl.gov>
To: Michael Davidsaver <mdavidsaver at gmail.com>
Cc: "core-talk at aps.anl.gov" <core-talk at aps.anl.gov>
Date: Tue, 11 Jan 2022 20:36:01 +0000

I fixed the problem.  I added a .ssh/config file for the account I use for github:

 

Host *

    MACs hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sha2-256

 

I added all of the MACs that it said github was offering.

 

I am quite sure that nothing changed on my computer, so it seems like Github must have stopped supporting any of the MACs in my /etc/ssh/ssh_config file.  By adding all of the MACs Github says they do support to my .ssh/config file it now works.  Others running older versions of openssh may run into the same issue.

 

Mark

 

 

 

From: Mark Rivers
Sent: Tuesday, January 11, 2022 2:03 PM
To: Michael Davidsaver <mdavidsaver at gmail.com>
Cc: core-talk at aps.anl.gov
Subject: RE: Git push problem

 

Hi Michael,

 

Thanks for the reply.

 

Ø  Maybe an OS upgrade is in order? 

 

I really want to avoid having to upgrade this OS now.  It was working fine last week and nothing has changed on our system that I know of.

 

Ø  Which openssh version is currently installed?

corvette:~>ssh -V

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017

 

Ø  GIT_SSH_COMMAND="ssh -vvv" git push

Ø  will print the gory details of the SSH connection process.

 

I tried that but I don't see any gory details:

 

export (base) [[email protected] asyn]$ GIT_SSH_COMMAND="ssh -vvv" git push

Unable to negotiate with 140.82.112.3 port 22: no matching MAC found. Their offer: hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sha2-256

fatal: Could not read from remote repository.

 

Please make sure you have the correct access rights

and the repository exists.

 

This is part of my /etc/ssh/ssh_config:

 

# Host *

#   ForwardAgent no

#   ForwardX11 no

#   RhostsRSAAuthentication no

#   RSAAuthentication yes

#   PasswordAuthentication yes

#   HostbasedAuthentication no

#   GSSAPIAuthentication no

#   GSSAPIDelegateCredentials no

#   GSSAPIKeyExchange no

#   GSSAPITrustDNS no

#   BatchMode no

#   CheckHostIP yes

#   AddressFamily any

#   ConnectTimeout 0

#   StrictHostKeyChecking ask

#   IdentityFile ~/.ssh/identity

#   IdentityFile ~/.ssh/id_rsa

#   IdentityFile ~/.ssh/id_dsa

#   IdentityFile ~/.ssh/id_ecdsa

#   IdentityFile ~/.ssh/id_ed25519

#   Port 22

#   Protocol 2

#   Cipher 3des

#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc

    Ciphers aes128-ctr,aes192-ctr,aes256-ctr

#   MACs hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160

    MACs hmac-sha1,umac-64 at openssh.com,hmac-ripemd160

#   EscapeChar ~

#   Tunnel no

#   TunnelDevice any:any

#   PermitLocalCommand no

#   VisualHostKey no

#   ProxyCommand ssh -q -W %h:%p gateway.example.com

#   RekeyLimit 1G 1h

#

 

Does that the only MACs supported are the ones uncommented above, i.e.

hmac-sha1,umac-64 at openssh.com,hmac-ripemd160

 

If so what is the meaning of the ssh –Q mac output:

 

(base) [[email protected] asyn]$ ssh -Q mac

hmac-sha1

hmac-sha1-96

hmac-sha2-256

hmac-sha2-512

hmac-md5

hmac-md5-96

hmac-ripemd160

hmac-ripemd160 at openssh.com

umac-64 at openssh.com

umac-128 at openssh.com

hmac-sha1-etm at openssh.com

hmac-sha1-96-etm at openssh.com

hmac-sha2-256-etm at openssh.com

hmac-sha2-512-etm at openssh.com

hmac-md5-etm at openssh.com

hmac-md5-96-etm at openssh.com

hmac-ripemd160-etm at openssh.com

umac-64-etm at openssh.com

umac-128-etm at openssh.com

 

Thanks,

Mark

 

 

-----Original Message-----
From: Michael Davidsaver <mdavidsaver at gmail.com>
Sent: Tuesday, January 11, 2022 1:33 PM
To: Mark Rivers <rivers at cars.uchicago.edu>
Cc: core-talk at aps.anl.gov
Subject: Re: Git push problem

 

On 1/11/22 10:32 AM, Mark Rivers via Core-talk wrote:

> Folks,

>

>  

>

> I am trying to push to the Github asyn repository from a Linux system that has worked for many years.

 

Maybe an OS upgrade is in order?  Which openssh version is currently installed?

 

 

> It worked as recently as January 6.  But now I am getting this error:

 

I am able to push successfully.

 

> $ grep Debian /etc/os-release

> PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"> $ ssh -V

> OpenSSH_8.4p1 Debian-5, OpenSSL 1.1.1k  25 Mar 2021

 

 

 

 

> corvette:~/devel/asyn>git push

 

fyi.

 

> GIT_SSH_COMMAND="ssh -vvv" git push

 

will print the gory details of the SSH connection process.

 

 

 

> Unable to negotiate with 140.82.113.4 port 22: no matching MAC found. Their offer: hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sha2-256

>

> fatal: Could not read from remote repository.

>

>  

>

> Please make sure you have the correct access rights

>

> and the repository exists.

>

>  

>

> When I run ssh –Q mac it seems like I have all of their support MAC types:

>

>  

>

> corvette:~/devel/asyn>ssh -Q mac

>

> hmac-sha1

>

> hmac-sha1-96

>

> hmac-sha2-256

>

> hmac-sha2-512

>

> hmac-md5

>

> hmac-md5-96

>

> hmac-ripemd160

>

> hmac-ripemd160 at openssh.com

>

> umac-64 at openssh.com

>

> umac-128 at openssh.com

>

> hmac-sha1-etm at openssh.com

>

> hmac-sha1-96-etm at openssh.com

>

> hmac-sha2-256-etm at openssh.com

>

> hmac-sha2-512-etm at openssh.com

>

> hmac-md5-etm at openssh.com

>

> hmac-md5-96-etm at openssh.com

>

> hmac-ripemd160-etm at openssh.com

>

> umac-64-etm at openssh.com

>

> umac-128-etm at openssh.com <mailto:umac-128-etm at openssh.com>

>

>  

>

> My ssh keys have not changed.  I removed github.com from known_hosts just in case that was the problem.

>

>  

>

> corvette:~/.ssh>ls -l

>

> total 28

>

> -rw------- 1 epics domain users  3243 Nov 18  2019 id_rsa

>

> -rw-r--r-- 1 epics domain users   750 Nov 18  2019 id_rsa.pub

>

> -rw-r--r-- 1 epics domain users 17340 Jan 11 12:30 known_hosts

>

>  

>

> Any idea how to fix this?

>

>  

>

> Thanks,

>

> Mark

>

>  

>

 


Replies:
Re: Git push problem Ralph Lange via Core-talk
References:
Git push problem Mark Rivers via Core-talk
Re: Git push problem Michael Davidsaver via Core-talk
RE: Git push problem Mark Rivers via Core-talk

Navigate by Date:
Prev: RE: Git push problem Mark Rivers via Core-talk
Next: Re: Git push problem Ralph Lange via Core-talk
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  <2022
Navigate by Thread:
Prev: RE: Git push problem Mark Rivers via Core-talk
Next: Re: Git push problem Ralph Lange via Core-talk
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  <2022
ANJ, 14 Sep 2022 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·