I fixed the problem. I added a .ssh/config file for the account I use for github:
Host *
MACs hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sha2-256
I added all of the MACs that it said github was offering.
I am quite sure that nothing changed on my computer, so it seems like Github must have stopped supporting any of the MACs in my /etc/ssh/ssh_config file. By adding all
of the MACs Github says they do support to my .ssh/config file it now works. Others running older versions of openssh may run into the same issue.
Mark
From: Mark Rivers
Sent: Tuesday, January 11, 2022 2:03 PM
To: Michael Davidsaver <mdavidsaver at gmail.com>
Cc: core-talk at aps.anl.gov
Subject: RE: Git push problem
Hi Michael,
Thanks for the reply.
Ø
Maybe an OS upgrade is in order?
I really want to avoid having to upgrade this OS now. It was working fine last week and nothing has changed on our system that I know of.
Ø
Which openssh version is currently installed?
corvette:~>ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
Ø
GIT_SSH_COMMAND="ssh -vvv" git push
Ø
will print the gory details of the SSH connection process.
I tried that but I don't see any gory details:
export (base) [epics@corvette asyn]$ GIT_SSH_COMMAND="ssh -vvv" git push
Unable to negotiate with 140.82.112.3 port 22: no matching MAC found. Their offer:
hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sha2-256
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
This is part of my /etc/ssh/ssh_config:
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Protocol 2
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
# MACs hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160
MACs hmac-sha1,umac-64 at openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
#
Does that the only MACs supported are the ones uncommented above, i.e.
hmac-sha1,umac-64 at openssh.com,hmac-ripemd160
If so what is the meaning of the ssh –Q mac output:
(base) [epics@corvette asyn]$ ssh -Q mac
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160 at openssh.com
umac-64 at openssh.com
umac-128 at openssh.com
hmac-sha1-etm at openssh.com
hmac-sha1-96-etm at openssh.com
hmac-sha2-256-etm at openssh.com
hmac-sha2-512-etm at openssh.com
hmac-md5-etm at openssh.com
hmac-md5-96-etm at openssh.com
hmac-ripemd160-etm at openssh.com
umac-64-etm at openssh.com
umac-128-etm at openssh.com
Thanks,
Mark
-----Original Message-----
From: Michael Davidsaver <mdavidsaver at gmail.com>
Sent: Tuesday, January 11, 2022 1:33 PM
To: Mark Rivers <rivers at cars.uchicago.edu>
Cc: core-talk at aps.anl.gov
Subject: Re: Git push problem
On 1/11/22 10:32 AM, Mark Rivers via Core-talk wrote:
> Folks,
>
>
>
> I am trying to push to the Github asyn repository from a Linux system that has worked for many years.
Maybe an OS upgrade is in order? Which openssh version is currently installed?
> It worked as recently as January 6. But now I am getting this error:
I am able to push successfully.
> $ grep Debian /etc/os-release
> PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"> $ ssh -V
> OpenSSH_8.4p1 Debian-5, OpenSSL 1.1.1k 25 Mar 2021
> corvette:~/devel/asyn>git push
fyi.
> GIT_SSH_COMMAND="ssh -vvv" git push
will print the gory details of the SSH connection process.
> Unable to negotiate with 140.82.113.4 port 22: no matching MAC found. Their offer:
hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sha2-256
>
> fatal: Could not read from remote repository.
>
>
>
> Please make sure you have the correct access rights
>
> and the repository exists.
>
>
>
> When I run ssh –Q mac it seems like I have all of their support MAC types:
>
>
>
> corvette:~/devel/asyn>ssh -Q mac
>
> hmac-sha1
>
> hmac-sha1-96
>
> hmac-sha2-256
>
> hmac-sha2-512
>
> hmac-md5
>
> hmac-md5-96
>
> hmac-ripemd160
>
> hmac-ripemd160 at openssh.com
>
> umac-64 at openssh.com
>
> umac-128 at openssh.com
>
> hmac-sha1-etm at openssh.com
>
> hmac-sha1-96-etm at openssh.com
>
> hmac-sha2-256-etm at openssh.com
>
> hmac-sha2-512-etm at openssh.com
>
> hmac-md5-etm at openssh.com
>
> hmac-md5-96-etm at openssh.com
>
> hmac-ripemd160-etm at openssh.com
>
> umac-64-etm at openssh.com
>
> umac-128-etm at openssh.com <mailto:umac-128-etm at openssh.com>
>
>
>
> My ssh keys have not changed. I removed github.com from known_hosts just in case that was the problem.
>
>
>
> corvette:~/.ssh>ls -l
>
> total 28
>
> -rw------- 1 epics domain users 3243 Nov 18 2019 id_rsa
>
> -rw-r--r-- 1 epics domain users 750 Nov 18 2019 id_rsa.pub
>
> -rw-r--r-- 1 epics domain users 17340 Jan 11 12:30 known_hosts
>
>
>
> Any idea how to fix this?
>
>
>
> Thanks,
>
> Mark
>
>
>