Subject: RE: Git push problem
From: Mark Rivers via Core-talk <core-talk at aps.anl.gov>
To: Michael Davidsaver <mdavidsaver at gmail.com>
Cc: "core-talk at aps.anl.gov" <core-talk at aps.anl.gov>
Date: Tue, 11 Jan 2022 20:36:01 +0000

I fixed the problem.  I added a .ssh/config file for the account I use for github:


Host *

    MACs hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sha2-256


I added all of the MACs that it said github was offering.


I am quite sure that nothing changed on my computer, so it seems like Github must have stopped supporting any of the MACs in my /etc/ssh/ssh_config file.  By adding all of the MACs Github says they do support to my .ssh/config file it now works.  Others running older versions of openssh may run into the same issue.






From: Mark Rivers
Sent: Tuesday, January 11, 2022 2:03 PM
To: Michael Davidsaver <mdavidsaver at gmail.com>
Cc: core-talk at aps.anl.gov
Subject: RE: Git push problem


Hi Michael,


Thanks for the reply.


Ø  Maybe an OS upgrade is in order? 


I really want to avoid having to upgrade this OS now.  It was working fine last week and nothing has changed on our system that I know of.


Ø  Which openssh version is currently installed?

corvette:~>ssh -V

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017


Ø  GIT_SSH_COMMAND="ssh -vvv" git push

Ø  will print the gory details of the SSH connection process.


I tried that but I don't see any gory details:


export (base) [epics@corvette asyn]$ GIT_SSH_COMMAND="ssh -vvv" git push

Unable to negotiate with port 22: no matching MAC found. Their offer: hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sha2-256

fatal: Could not read from remote repository.


Please make sure you have the correct access rights

and the repository exists.


This is part of my /etc/ssh/ssh_config:


# Host *

#   ForwardAgent no

#   ForwardX11 no

#   RhostsRSAAuthentication no

#   RSAAuthentication yes

#   PasswordAuthentication yes

#   HostbasedAuthentication no

#   GSSAPIAuthentication no

#   GSSAPIDelegateCredentials no

#   GSSAPIKeyExchange no

#   GSSAPITrustDNS no

#   BatchMode no

#   CheckHostIP yes

#   AddressFamily any

#   ConnectTimeout 0

#   StrictHostKeyChecking ask

#   IdentityFile ~/.ssh/identity

#   IdentityFile ~/.ssh/id_rsa

#   IdentityFile ~/.ssh/id_dsa

#   IdentityFile ~/.ssh/id_ecdsa

#   IdentityFile ~/.ssh/id_ed25519

#   Port 22

#   Protocol 2

#   Cipher 3des

#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc

    Ciphers aes128-ctr,aes192-ctr,aes256-ctr

#   MACs hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160

    MACs hmac-sha1,umac-64 at openssh.com,hmac-ripemd160

#   EscapeChar ~

#   Tunnel no

#   TunnelDevice any:any

#   PermitLocalCommand no

#   VisualHostKey no

#   ProxyCommand ssh -q -W %h:%p gateway.example.com

#   RekeyLimit 1G 1h



Does that the only MACs supported are the ones uncommented above, i.e.

hmac-sha1,umac-64 at openssh.com,hmac-ripemd160


If so what is the meaning of the ssh –Q mac output:


(base) [epics@corvette asyn]$ ssh -Q mac








hmac-ripemd160 at openssh.com

umac-64 at openssh.com

umac-128 at openssh.com

hmac-sha1-etm at openssh.com

hmac-sha1-96-etm at openssh.com

hmac-sha2-256-etm at openssh.com

hmac-sha2-512-etm at openssh.com

hmac-md5-etm at openssh.com

hmac-md5-96-etm at openssh.com

hmac-ripemd160-etm at openssh.com

umac-64-etm at openssh.com

umac-128-etm at openssh.com






-----Original Message-----
From: Michael Davidsaver <mdavidsaver at gmail.com>
Sent: Tuesday, January 11, 2022 1:33 PM
To: Mark Rivers <rivers at cars.uchicago.edu>
Cc: core-talk at aps.anl.gov
Subject: Re: Git push problem


On 1/11/22 10:32 AM, Mark Rivers via Core-talk wrote:

> Folks,




> I am trying to push to the Github asyn repository from a Linux system that has worked for many years.


Maybe an OS upgrade is in order?  Which openssh version is currently installed?



> It worked as recently as January 6.  But now I am getting this error:


I am able to push successfully.


> $ grep Debian /etc/os-release

> PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"> $ ssh -V

> OpenSSH_8.4p1 Debian-5, OpenSSL 1.1.1k  25 Mar 2021





> corvette:~/devel/asyn>git push




> GIT_SSH_COMMAND="ssh -vvv" git push


will print the gory details of the SSH connection process.




> Unable to negotiate with port 22: no matching MAC found. Their offer: hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512,hmac-sha2-256


> fatal: Could not read from remote repository.




> Please make sure you have the correct access rights


> and the repository exists.




> When I run ssh –Q mac it seems like I have all of their support MAC types:




> corvette:~/devel/asyn>ssh -Q mac


> hmac-sha1


> hmac-sha1-96


> hmac-sha2-256


> hmac-sha2-512


> hmac-md5


> hmac-md5-96


> hmac-ripemd160


> hmac-ripemd160 at openssh.com


> umac-64 at openssh.com


> umac-128 at openssh.com


> hmac-sha1-etm at openssh.com


> hmac-sha1-96-etm at openssh.com


> hmac-sha2-256-etm at openssh.com


> hmac-sha2-512-etm at openssh.com


> hmac-md5-etm at openssh.com


> hmac-md5-96-etm at openssh.com


> hmac-ripemd160-etm at openssh.com


> umac-64-etm at openssh.com


> umac-128-etm at openssh.com <mailto:umac-128-etm at openssh.com>




> My ssh keys have not changed.  I removed github.com from known_hosts just in case that was the problem.




> corvette:~/.ssh>ls -l


> total 28


> -rw------- 1 epics domain users  3243 Nov 18  2019 id_rsa


> -rw-r--r-- 1 epics domain users   750 Nov 18  2019 id_rsa.pub


> -rw-r--r-- 1 epics domain users 17340 Jan 11 12:30 known_hosts




> Any idea how to fix this?




> Thanks,


> Mark





