Wednesday, December 13, 2017

No Matching Cipher Found

Today I tried to pull latest from the develop branch in a git repository in TFS 2015. I use SSH for authentication to tfs git repositories, and when I ran the git pull command, I was presented with the following error:

no matching cipher found. their offer: aes256-cbc,aes192-cbc,aes128-cbc

There were some other lines about making sure the repository existed, and that I had permission, etc. But this line was the one that sort of stood out to me. It is not an error that I have come across before. It took me a little while to track down the issue, which is why I am writing this.

The error is not a TFS issue, nor is it a git issue. The error is coming from SSH. I think it started after I updated my version of openSSH on my mac to version 7.6p1.

To fix the issue, I opened up /etc/ssh/ssh_config and added the lines:

Match Host my-tfs-server.company-domain.com
    Ciphers +aes128-cbc,aes192-cbc,aes256-cbc

You could make it less restrictive and omit Match Host line altogether, but I would rather add the exception for the specific servers that require it. After adding those lines, I was able to pull latest again.

No Matching Cipher Found

Today I tried to pull latest from the develop branch in a git repository in TFS 2015. I use SSH for authentication to tfs git repositories, and when I ran the git pull command, I was presented with the following error:

no matching cipher found. their offer: aes256-cbc,aes192-cbc,aes128-cbc

There were some other lines about making sure the repository existed, and that I had permission, etc. But this line was the one that sort of stood out to me. It is not an error that I have come across before. It took me a little while to track down the issue, which is why I am writing this.

The error is not a TFS issue, nor is it a git issue. The error is coming from SSH. I think it started after I updated my version of openSSH on my mac to version 7.6p1.

To fix the issue, I opened up /etc/ssh/ssh_config and added the lines:

Match Host my-tfs-server.company-domain.com
    Ciphers +aes128-cbc,aes192-cbc,aes256-cbc

You could make it less restrictive and omit Match Host line altogether, but I would rather add the exception for the specific servers that require it. After adding those lines, I was able to pull latest again.