Spring Cloud Config Git backend, SSH authentication throws 'Algorithm negotiation fail'

Git backend, SSH authentication throws 'Algorithm negotiation fail'

Git backand is GitLab. Both ways of ssh authentication (using the local setup in ~/.ssh and providing privateKey in config) don't work.

Exception: com.jcraft.jsch.JSchException: Algorithm negotiation fail
        at com.jcraft.jsch.Session.receive_kexinit(Session.java:590) ~[jsch-0.1.55.jar:na]

Environment: macOS Big Sur/ Ubuntu 20.04 OpenJDK 18/ OpenJDK 11.0.2

springCloudVersion: 2020.0.4 springBoot: 2.5.4 GitLab v14.4.1

Sample example.zip

Comment From: ryanjbaxter

This seems like a configuration issue in your environment. Is there a specific reason you think there is a problem with the config server?

Comment From: olgakorichkovskaya

Locally (via CLI) same key and configuration work well. Also, the same error when using "spring.cloud.config.server.git.privateKey"

Comment From: ryanjbaxter

Can you provide the entire stacktrace?

Comment From: olgakorichkovskaya

Sure, in this file stackTrace.txt

Comment From: ryanjbaxter

We are using JGit which is using JSCH so this is different than what happens on the command line. There is some kind of negotiation failure between JSCH and the GitLab server. I am not sure what else we can do.

Comment From: olgakorichkovskaya

Maybe negotiation trace could help

Connecting to gitlab-instance.com
Connection established
Remote version string: SSH-2.0-OpenSSH_7.9p1
Local version string: SSH-2.0-JSCH-0.1.54
CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
SSH_MSG_KEXINIT sent
SSH_MSG_KEXINIT received
kex: server: curve25519-sha256,curve25519-sha256@libssh.org
kex: server: ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
kex: server: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
kex: server: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
kex: server: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
kex: server: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
kex: server: none,zlib@openssh.com
kex: server: none,zlib@openssh.com
kex: server: 
kex: server: 
kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
kex: client: none,zlib@openssh.com,zlib
kex: client: none,zlib@openssh.com,zlib
kex: client: 
kex: client: 
Disconnecting from gitlab-instance.com

Comment From: hpoettker

Is it the same problem as in #1881? Then you could try to exchange jsch with an actively maintained fork.

Comment From: ryanjbaxter

@hpoettker maybe, @olgakorichkovskaya can you try Spring Cloud 2021.0.0-M2?

Comment From: olgakorichkovskaya

@ryanjbaxter Sure. Version of JGit was update to org.eclipse.jgit:5.12.0.202106070339-r, but exception stack trace is the same, negotiation is the same.

Comment From: spencergibb

Related #1901.

Comment From: ryanjbaxter

The only thing I can think of is trying another Git server. I have a feeling it might be the ssh configuration of the gitlab server you are using, it might be incompatible with JSCH.

As @spencergibb mentioned above we have an open issue to replace JSCH.

Comment From: olgakorichkovskaya

Works well with GitHub, but I can just change Git server :) Using GitLab v14.4.1

Comment From: ryanjbaxter

So it seems to be something with the version of GitLab you are using? What version didn't work?

Comment From: olgakorichkovskaya

Don't know, if it works with some GitLab, I've tested only with my GitLab server v14.4.1, current latest GitLab is 14.4.2.

Comment From: ryanjbaxter

So its working now?

Comment From: olgakorichkovskaya

No :) As you suggested, I've tried another git server, it works with gitHub, but still doesn't work with GitLab.

The only thing I can think of is trying another Git server.

Comment From: olgakorichkovskaya

Is it the same issue https://stackoverflow.com/questions/62796891/jsch-connection-issue-jschexception-algorithm-negotiation-fail-even-with-jce and JSch is not compatible with modern git services like GitLab?

Comment From: ryanjbaxter

Maybe, I am not sure. Its JGit thats using JSCH not Spring Cloud Config directly, so there is not much we can do about it at the moment if it is not supported