Bitbucket Server Repository Creation on Bamboo Data Center/ Bamboo Server fails with error "ssh_dispatch_run_fatal: Connection to 127.0.0.1 port XXXXX: error in libcrypto fatal"
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
After installing or upgrading Bamboo on Linux 9 or higher, users are unable to create or use pre-existing Bitbucket repositories on a Bamboo instance and the error "ssh_dispatch_run_fatal: Connection to 127.0.0.1 port XXXXX: error in libcrypto fatal" is seen on Bamboo GUI.
Environment
- Tested on Bamboo Server/ Data Center 7.2.10, 8.2.8, 9.2.7
- Enterprise Linux 9.3(RHEL, Oracle)
- OpenSSH_8.7p1
Diagnosis
The following errors can be seen on the Linked repository page on Bamboo.
Please make a note of the below error message as seen in the above attachment
ssh_dispatch_run_fatal: Connection to 127.0.0.1 port XXXX: error in libcrypto fatalBelow error message can be seen in the <bamboo-home>/logs/atlassian-bamboo.log file
ssh_dispatch_run_fatal: Connection to 127.0.0.1 port XXXX : error in libcrypto
fatal: Could not read from remote repository.Below warning message can also be seen in the above logs
WARN [sshd-SshServer[445757bc]-nio2-thread-1] [ServerSessionImpl] exceptionCaught(ServerSessionImpl[null@/127.0.0.1:46008])[state=Opened] IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 / server: ssh-rsa)
Cause
Enterprise linux 9 server restrict SHA-1 usage in their DEFAULT system-wide cryptographic policy. Most enterprise Linux 9 servers come with OpenSSH upstream which do not support SHA1 algorithm by default.
Solution
As explained earlier, the DEFAULT policy does not include SHA-1 algorithm, so there is a need to add the SHA-1 algorithm to the DEFAULT policy. This can be carried out only using the system administrator privileges on the enterprise Linux 9 server.
update-crypto-policies --set DEFAULT:SHA1Also update the /etc/ssh/ssh_config file on the Bamboo server by adding the entries below. This is required if the SSH server is using RSA key sizes less than 2048 bit.
Host 127.0.0.1
RequiredRSASize 1024Then perform a server reboot on the Enterprise Linux 9 hosing the Bamboo instance. Now the repository can be saved successfully.