Description
After I upgraded to Redmine 5.1.2, redmine_git_hosting 6.0.0 and Debian 12, ssh key updates started not working.
The messages in the log were like:
2025-02-04 17:33:09 +0100 [ERROR] Invalid Gitolite Admin SSH Keys
2025-02-04 17:33:09 +0100 [ERROR] failed to start SSH session: Unable to exchange encryption keys
In contrast to #747, the key was in PEM format.
It turned out that the redmine_git_hosting plugin (and maybe the Rugged 1.5.1 gem inside? Or the libssh2 1.10.0 lib inside that?) could not verify the ssh host keys, because it did not support the host key types accepted by sshd (this was due to a security restriction in the new sshd in Debian 12).
A working workaround is to allow the outdated host key algorithms in /etc/ssh/sshd_config:
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
This would be OK for localhost, but not ideal as sshd must also be allowed to be accessed remotely for git checkouts, and it seems not possible to only allow for localhost.
So overall, the ssh algorithm list should be investigated and maybe the used lib/gem versions should be updated.