DataGrip 2019.2 RC SSH Tunnelling no longer works

Answered

Hi,

I recently upgraded from 2019.1 to 2019.2 RC and following that upgrade SSH tunnelling to our database servers no longer works.

I get the following error:

Connection to REDACTED@REDACTED failed: SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]. SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]

 

SSH Settings (unchanged):

 

IDEALog:




2019-07-26 11:40:23,786 [2438840] INFO - port.random.BouncyCastleRandom - Generating random seed from SecureRandom.
2019-07-26 11:40:23,795 [2438849] WARN - om.intellij.ssh.impl.sshj.sshj - Unsupported options in config: [HashKnownHosts=no, compression.s2c=zlib,none]
2019-07-26 11:40:23,815 [2438869] INFO - z.sshj.transport.TransportImpl - Client identity string: SSH-2.0-SSHJ_0.27.0
2019-07-26 11:40:23,834 [2438888] INFO - z.sshj.transport.TransportImpl - Server identity string: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
2019-07-26 11:40:23,850 [2438904] WARN - z.sshj.transport.TransportImpl - Dying because - Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
at net.schmizz.sshj.transport.Proposal.firstMatch(Proposal.java:145)
at net.schmizz.sshj.transport.Proposal.negotiate(Proposal.java:130)
at net.schmizz.sshj.transport.KeyExchanger.gotKexInit(KeyExchanger.java:224)
at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:356)
at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:503)
at net.schmizz.sshj.transport.Decoder.decodeMte(Decoder.java:159)
at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:79)
at net.schmizz.sshj.transport.Decoder.received(Decoder.java:231)
at net.schmizz.sshj.transport.Reader.run(Reader.java:59)
2019-07-26 11:40:23,851 [2438905] INFO - z.sshj.transport.TransportImpl - Disconnected - UNKNOWN
2019-07-26 11:40:23,851 [2438905] WARN - net.schmizz.concurrent.Promise - <<kex done>> woke to: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
2019-07-26 11:40:23,852 [2438906] WARN - om.intellij.ssh.impl.sshj.sshj - Failed to connect. Brief info: SSHJ connection to <crc32=yhjtq1>@<crc32=edk33q>:22
compressionFactories from config: none
cipherFactories from config: aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc, with signatureFactories: ssh-rsa, ssh-dss, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-ed25519, with keep alive interval 120 seconds, with keep alive count max 3, with com.intellij.ssh.OpenSshLikeHostKeyVerifier(knownHostsFile=[C:\<crc32=1npnyry>], strictHostKeyChecking=ASK), with identity {C:\<crc32=eaehkq>, without passphrase}, with authentications: publickey by PlatformAuthPublickey, password by AuthPassword, keyboard-interactive by AuthKeyboardInteractive
net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
at net.schmizz.sshj.transport.Proposal.firstMatch(Proposal.java:145)
at net.schmizz.sshj.transport.Proposal.negotiate(Proposal.java:130)
at net.schmizz.sshj.transport.KeyExchanger.gotKexInit(KeyExchanger.java:224)
at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:356)
at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:503)
at net.schmizz.sshj.transport.Decoder.decodeMte(Decoder.java:159)
at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:79)
at net.schmizz.sshj.transport.Decoder.received(Decoder.java:231)
at net.schmizz.sshj.transport.Reader.run(Reader.java:59)
2019-07-26 11:40:23,853 [2438907] WARN - lij.database.util.ErrorHandler - SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
com.intellij.execution.ExecutionException: SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
at com.intellij.execution.rmi.RemoteProcessSupport.acquire(RemoteProcessSupport.java:143)
at com.intellij.database.console.JdbcDriverManagerImpl.getDriver(JdbcDriverManagerImpl.java:133)
at com.intellij.database.dataSource.DatabaseConnectionEstablisher.lambda$establishConnection$1(DatabaseConnectionEstablisher.java:83)
at com.intellij.database.dataSource.AsyncUtil.lambda$null$7(AsyncUtil.java:130)
at com.intellij.database.dataSource.AsyncUtil.lambda$static$0(AsyncUtil.java:40)
at com.intellij.database.dataSource.AsyncUtil.lambda$thenComposeAsync$8(AsyncUtil.java:128)
at com.intellij.database.dataSource.AsyncUtil.lambda$processWhenComplete$9(AsyncUtil.java:146)
at java.base/java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:859)
at java.base/java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:837)
at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:506)
at java.base/java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:2073)
at com.intellij.database.dataSource.AsyncUtil.lambda$processWhenComplete$9(AsyncUtil.java:146)
at java.base/java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:859)
at java.base/java.util.concurrent.CompletableFuture.uniWhenCompleteStage(CompletableFuture.java:883)
at java.base/java.util.concurrent.CompletableFuture.whenComplete(CompletableFuture.java:2251)
at java.base/java.util.concurrent.CompletableFuture.whenComplete(CompletableFuture.java:143)
at com.intellij.database.dataSource.AsyncUtil.processWhenComplete(AsyncUtil.java:142)
at com.intellij.database.dataSource.AsyncUtil.lambda$null$7(AsyncUtil.java:130)
at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:591)
at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:537)
at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:59)
at com.intellij.database.dataSource.AsyncUtil.underProgress(AsyncUtil.java:167)
at com.intellij.database.dataSource.AsyncUtil.lambda$null$2(AsyncUtil.java:64)
at com.intellij.openapi.application.impl.ApplicationImpl$1.run(ApplicationImpl.java:294)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: com.intellij.execution.ExecutionException: SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
at com.intellij.database.console.JdbcDriverManagerImpl.createTunnel(JdbcDriverManagerImpl.java:184)
at com.intellij.database.console.JdbcDriverManagerImpl.access$000(JdbcDriverManagerImpl.java:39)
at com.intellij.database.console.JdbcDriverManagerImpl$1.getRunProfileState(JdbcDriverManagerImpl.java:82)
at com.intellij.database.console.JdbcDriverManagerImpl$1.getRunProfileState(JdbcDriverManagerImpl.java:48)
at com.intellij.execution.rmi.RemoteProcessSupport.startProcess(RemoteProcessSupport.java:195)
at com.intellij.execution.rmi.RemoteProcessSupport.acquire(RemoteProcessSupport.java:123)
... 28 more
Caused by: com.intellij.ssh.SshTransportException: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
at com.intellij.ssh.impl.sshj.SshjConnectionUtilKt.setUpSessionForSshJ(SshjConnectionUtil.kt:448)
at com.intellij.ssh.impl.SshConnection.a(SshConnection.kt:209)
at com.intellij.ssh.impl.SshConnection.c(SshConnection.kt:205)
at com.intellij.ssh.impl.SshConnection.b(SshConnection.kt:159)
at com.intellij.ssh.impl.SshConnection.getSshSession(SshConnection.kt:113)
at com.intellij.ssh.SshConnectionService.connect(SshConnectionService.kt:151)
at com.intellij.ssh.Ssh.a(ssh.kt:278)
at com.intellij.ssh.Ssh.access$connect(ssh.kt:1)
at com.intellij.ssh.ConnectionBuilder.connect(ssh.kt:122)
at com.intellij.database.dataSource.DatabaseSshTunnelEstablisher.createSshSession(DatabaseSshTunnelEstablisher.java:215)
at com.intellij.database.dataSource.DatabaseSshTunnelEstablisher.createSshSessionWithRetries(DatabaseSshTunnelEstablisher.java:161)
at com.intellij.database.dataSource.DatabaseSshTunnelEstablisher.lambda$createTunnel$0(DatabaseSshTunnelEstablisher.java:103)
... 12 more
Caused by: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
at net.schmizz.sshj.transport.Proposal.firstMatch(Proposal.java:145)
at net.schmizz.sshj.transport.Proposal.negotiate(Proposal.java:130)
at net.schmizz.sshj.transport.KeyExchanger.gotKexInit(KeyExchanger.java:224)
at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:356)
at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:503)
at net.schmizz.sshj.transport.Decoder.decodeMte(Decoder.java:159)
at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:79)
at net.schmizz.sshj.transport.Decoder.received(Decoder.java:231)
at net.schmizz.sshj.transport.Reader.run(Reader.java:59)
15 comments
Comment actions Permalink

@Charles Firth ,

Do you use your own java with IDE?

It looks like an issue https://youtrack.jetbrains.com/issue/WI-47671 . As a temporary workaround you need to use bundled java.

0
Comment actions Permalink

@vasily

I'm using the bundled java currently:

0
Comment actions Permalink

Hi, @Charles Firth!

Please could you check on your local machine configuration files `/etc/ssh/ssh_config` and `~/.ssh/config`? Looks like you have directive `Ciphers aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc`. If so, please comment that lines.

0
Comment actions Permalink

Hi @Vladimir Lagunox,

I've removed those lines from my ~/.ssh/config and unfortunately I'm still getting the same error.

 

Connection to xx@xx.eu-west-1.rds.amazonaws.com failed: SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com].
SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]

0
Comment actions Permalink

@Charles Firth Lets try investigate the problem deeper.

Please run these commands and send their output on email "vladimir dot lagunov at jetbrains dot com".

$ ssh -G user@host

$ ssh -v user@host date

$ cat /etc/ssh/ssh_config

$ cat ~/.ssh/config

0
Comment actions Permalink

I've created an issue in YouTrack about this problem. https://youtrack.jetbrains.com/issue/IDEA-219538

0
Comment actions Permalink

Solved!

Incorrect ciphers were being defined in the Windows SSH Config, while I thought DataGrip was using WSL SSH Config.

Changed ciphers in Windows to "Ciphers aes256-cbc,aes256-ctr" and it all worked again.

0
Comment actions Permalink

@Charles Firth

I've updated https://youtrack.jetbrains.com/issue/IDEA-219538 Now it describes the real cause of the problem.

Resume for those who has a similar problem and found this post in a web search:

DataGrip 2019.2 (and all other IDEs including PhpStorm, PyCharm, RubyMine, etc.) started reading SSH configuration file even if authentication type is "password" or "key pair". Check `~/.ssh/config` or `C:\Users\you\.ssh\config` for suspicious directives.

0
Comment actions Permalink

I am also running into SSH issues with DataGrip 2019.2. My known_hosts file is generally using ecdsa-sha2-nistp256, and this works with 2019.1. I don't have any ciphers specified in my ~/.ssh/config file (on macOS). I rolled back to 2019.1 and all is good again.

I can't tell from reading this thread if this is the same as my issue, nor if it is intended to be fixed soonish. Is this really just a temporary issue, or will this be how DataGrip works going forward?

0
Comment actions Permalink

I'm getting the same issue with IDEA 2019.2. I don't have any ciphers specified in my ~/.ssh/config file (macOS)

 

Connection to xxxx@yyyyy failed: SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1] and [curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1].
SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1] and [curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1]

0
Comment actions Permalink

Hello, Bárður V. Dam!

Your issue looks similar to https://youtrack.jetbrains.com/issue/WI-47671 . Do you run IDE using Oracle JDK? Could you switch to JetBrains Runtime or to OpenJDK? JetBrains Runtime can be downloaded here https://bintray.com/jetbrains/intellij-jbr

0
Comment actions Permalink

Hi Vladimir,

My issue was resolved by switching to JetBrains Runtime.

Thanks

0
Comment actions Permalink

Updating to PyCharm 2019.2 broke remote deployment for me (macOS 10.14.6). There's nothing in my config file specifying any particular cipher.

net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [ssh-dss] and [ssh-rsa, rsa-sha2-512, rsa-sha2-256, ecdsa-sha2-nistp256, ssh-ed25519]

I tried a few remote deployments and found some of them worked. The ones that work use a 2048 bit key. The ones that don't use a 4096 bit key.

 

0
Comment actions Permalink
@Jonathan Brewer,
Do you run IDE under Oracle Java? Or do you use bundled JBR?
 
It looks like you need to switch to JetBrains Runtime to eliminate the issue.
 
0
Comment actions Permalink

I already switched to JetBrains Runtime to try to solve the problem, and it did not help. I filed a ticket #2224999 and am being helped now, thanks.

0

Please sign in to leave a comment.