Repository checkout fails with "Bad server host key: Invalid key length"

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

After updating the Linux operating system, its security policies or the OpenSSH package, Bamboo Server and Agents start failing Git checkouts with the following message:

Bad server host key: Invalid key length
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
	at com.atlassian.bamboo.plugins.git.NativeGitOperationHelper.fetch(NativeGitOperationHelper.java:554)
	at com.atlassian.bamboo.plugins.git.NativeGitOperationHelper.fetch(NativeGitOperationHelper.java:524)
	at com.atlassian.bamboo.plugins.git.v2.AbstractGitExecutor.fetchCacheWithRetry(AbstractGitExecutor.java:240)
	at com.atlassian.bamboo.plugins.git.v2.GitWorkingCopyManager.lambda$checkout$1(GitWorkingCopyManager.java:236)
	at io.atlassian.util.concurrent.ManagedLocks$ManagedLockImpl.withLock(ManagedLocks.java:293)
	at com.atlassian.bamboo.plugins.git.GitCacheDirectory$LoggingManagedLock.withLock(GitCacheDirectory.java:44)
	at com.atlassian.bamboo.plugins.git.v2.GitWorkingCopyManager.checkout(GitWorkingCopyManager.java:234)
	at com.atlassian.bamboo.plugins.git.v2.GitWorkingCopyManager.retrieveSourceCode(GitWorkingCopyManager.java:122)
	at com.atlassian.bamboo.plugins.stash.v2.BitbucketServerWorkingCopyManager.retrieveSourceCode(BitbucketServerWorkingCopyManager.java:91)
	... 25 more

Environment

  • Bamboo 8, 9
  • Enterprise Linux 9.1 and later (RHEL, Rocky, Alma, Oracle, etc)
  • OpenSSH

Issue

The crypto-policy that comes with some Enterprise Linux distributions 9.1 and later does not allow RSA key sizes < 2048 bit. Some SSH servers are configured with 1024-bit key sizes that can lead to connection failures.

Solution

Some Enterprise Linux 9.1 releases introduce a new /etc/ssh/ssh_config option called RequiredRSASize that can be used to override the default setting from crypto-policy. To workaround the problem with smaller RSA keys, an entry for the specific host using this option can be added to the ssh_config file:

If you have only Bitbucket Server repositories and use a Bitbucket-type connection, add the following entries to your SSH configuration file /etc/ssh/ssh_config:

Host 127.0.0.1
  RequiredRSASize 1024

If you have other VCS systems that use SSH but are not controlled by the Bamboo SSH Proxy, you may have to set the RequiredRSASize option globally by adding the following line to /etc/ssh/ssh_config:

RequiredRSASize 1024

Reference:


Last modified on Jan 20, 2023

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.