DataGrip 2019.2 RC SSH Tunnelling no longer works
Hi,
I recently upgraded from 2019.1 to 2019.2 RC and following that upgrade SSH tunnelling to our database servers no longer works.
I get the following error:
Connection to REDACTED@REDACTED failed: SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]. SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
SSH Settings (unchanged):
IDEALog:
2019-07-26 11:40:23,786 [2438840] INFO - port.random.BouncyCastleRandom - Generating random seed from SecureRandom.
2019-07-26 11:40:23,795 [2438849] WARN - om.intellij.ssh.impl.sshj.sshj - Unsupported options in config: [HashKnownHosts=no, compression.s2c=zlib,none]
2019-07-26 11:40:23,815 [2438869] INFO - z.sshj.transport.TransportImpl - Client identity string: SSH-2.0-SSHJ_0.27.0
2019-07-26 11:40:23,834 [2438888] INFO - z.sshj.transport.TransportImpl - Server identity string: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
2019-07-26 11:40:23,850 [2438904] WARN - z.sshj.transport.TransportImpl - Dying because - Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
at net.schmizz.sshj.transport.Proposal.firstMatch(Proposal.java:145)
at net.schmizz.sshj.transport.Proposal.negotiate(Proposal.java:130)
at net.schmizz.sshj.transport.KeyExchanger.gotKexInit(KeyExchanger.java:224)
at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:356)
at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:503)
at net.schmizz.sshj.transport.Decoder.decodeMte(Decoder.java:159)
at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:79)
at net.schmizz.sshj.transport.Decoder.received(Decoder.java:231)
at net.schmizz.sshj.transport.Reader.run(Reader.java:59)
2019-07-26 11:40:23,851 [2438905] INFO - z.sshj.transport.TransportImpl - Disconnected - UNKNOWN
2019-07-26 11:40:23,851 [2438905] WARN - net.schmizz.concurrent.Promise - <<kex done>> woke to: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
2019-07-26 11:40:23,852 [2438906] WARN - om.intellij.ssh.impl.sshj.sshj - Failed to connect. Brief info: SSHJ connection to <crc32=yhjtq1>@<crc32=edk33q>:22
compressionFactories from config: none
cipherFactories from config: aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc, with signatureFactories: ssh-rsa, ssh-dss, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-ed25519, with keep alive interval 120 seconds, with keep alive count max 3, with com.intellij.ssh.OpenSshLikeHostKeyVerifier(knownHostsFile=[C:\<crc32=1npnyry>], strictHostKeyChecking=ASK), with identity {C:\<crc32=eaehkq>, without passphrase}, with authentications: publickey by PlatformAuthPublickey, password by AuthPassword, keyboard-interactive by AuthKeyboardInteractive
net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
at net.schmizz.sshj.transport.Proposal.firstMatch(Proposal.java:145)
at net.schmizz.sshj.transport.Proposal.negotiate(Proposal.java:130)
at net.schmizz.sshj.transport.KeyExchanger.gotKexInit(KeyExchanger.java:224)
at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:356)
at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:503)
at net.schmizz.sshj.transport.Decoder.decodeMte(Decoder.java:159)
at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:79)
at net.schmizz.sshj.transport.Decoder.received(Decoder.java:231)
at net.schmizz.sshj.transport.Reader.run(Reader.java:59)
2019-07-26 11:40:23,853 [2438907] WARN - lij.database.util.ErrorHandler - SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
com.intellij.execution.ExecutionException: SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
at com.intellij.execution.rmi.RemoteProcessSupport.acquire(RemoteProcessSupport.java:143)
at com.intellij.database.console.JdbcDriverManagerImpl.getDriver(JdbcDriverManagerImpl.java:133)
at com.intellij.database.dataSource.DatabaseConnectionEstablisher.lambda$establishConnection$1(DatabaseConnectionEstablisher.java:83)
at com.intellij.database.dataSource.AsyncUtil.lambda$null$7(AsyncUtil.java:130)
at com.intellij.database.dataSource.AsyncUtil.lambda$static$0(AsyncUtil.java:40)
at com.intellij.database.dataSource.AsyncUtil.lambda$thenComposeAsync$8(AsyncUtil.java:128)
at com.intellij.database.dataSource.AsyncUtil.lambda$processWhenComplete$9(AsyncUtil.java:146)
at java.base/java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:859)
at java.base/java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:837)
at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:506)
at java.base/java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:2073)
at com.intellij.database.dataSource.AsyncUtil.lambda$processWhenComplete$9(AsyncUtil.java:146)
at java.base/java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:859)
at java.base/java.util.concurrent.CompletableFuture.uniWhenCompleteStage(CompletableFuture.java:883)
at java.base/java.util.concurrent.CompletableFuture.whenComplete(CompletableFuture.java:2251)
at java.base/java.util.concurrent.CompletableFuture.whenComplete(CompletableFuture.java:143)
at com.intellij.database.dataSource.AsyncUtil.processWhenComplete(AsyncUtil.java:142)
at com.intellij.database.dataSource.AsyncUtil.lambda$null$7(AsyncUtil.java:130)
at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:591)
at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:537)
at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:59)
at com.intellij.database.dataSource.AsyncUtil.underProgress(AsyncUtil.java:167)
at com.intellij.database.dataSource.AsyncUtil.lambda$null$2(AsyncUtil.java:64)
at com.intellij.openapi.application.impl.ApplicationImpl$1.run(ApplicationImpl.java:294)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: com.intellij.execution.ExecutionException: SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
at com.intellij.database.console.JdbcDriverManagerImpl.createTunnel(JdbcDriverManagerImpl.java:184)
at com.intellij.database.console.JdbcDriverManagerImpl.access$000(JdbcDriverManagerImpl.java:39)
at com.intellij.database.console.JdbcDriverManagerImpl$1.getRunProfileState(JdbcDriverManagerImpl.java:82)
at com.intellij.database.console.JdbcDriverManagerImpl$1.getRunProfileState(JdbcDriverManagerImpl.java:48)
at com.intellij.execution.rmi.RemoteProcessSupport.startProcess(RemoteProcessSupport.java:195)
at com.intellij.execution.rmi.RemoteProcessSupport.acquire(RemoteProcessSupport.java:123)
... 28 more
Caused by: com.intellij.ssh.SshTransportException: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
at com.intellij.ssh.impl.sshj.SshjConnectionUtilKt.setUpSessionForSshJ(SshjConnectionUtil.kt:448)
at com.intellij.ssh.impl.SshConnection.a(SshConnection.kt:209)
at com.intellij.ssh.impl.SshConnection.c(SshConnection.kt:205)
at com.intellij.ssh.impl.SshConnection.b(SshConnection.kt:159)
at com.intellij.ssh.impl.SshConnection.getSshSession(SshConnection.kt:113)
at com.intellij.ssh.SshConnectionService.connect(SshConnectionService.kt:151)
at com.intellij.ssh.Ssh.a(ssh.kt:278)
at com.intellij.ssh.Ssh.access$connect(ssh.kt:1)
at com.intellij.ssh.ConnectionBuilder.connect(ssh.kt:122)
at com.intellij.database.dataSource.DatabaseSshTunnelEstablisher.createSshSession(DatabaseSshTunnelEstablisher.java:215)
at com.intellij.database.dataSource.DatabaseSshTunnelEstablisher.createSshSessionWithRetries(DatabaseSshTunnelEstablisher.java:161)
at com.intellij.database.dataSource.DatabaseSshTunnelEstablisher.lambda$createTunnel$0(DatabaseSshTunnelEstablisher.java:103)
... 12 more
Caused by: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
at net.schmizz.sshj.transport.Proposal.firstMatch(Proposal.java:145)
at net.schmizz.sshj.transport.Proposal.negotiate(Proposal.java:130)
at net.schmizz.sshj.transport.KeyExchanger.gotKexInit(KeyExchanger.java:224)
at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:356)
at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:503)
at net.schmizz.sshj.transport.Decoder.decodeMte(Decoder.java:159)
at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:79)
at net.schmizz.sshj.transport.Decoder.received(Decoder.java:231)
at net.schmizz.sshj.transport.Reader.run(Reader.java:59)
Please sign in to leave a comment.
@Charles Firth ,
Do you use your own java with IDE?
It looks like an issue https://youtrack.jetbrains.com/issue/WI-47671 . As a temporary workaround you need to use bundled java.
@vasily
I'm using the bundled java currently:
Hi, @Charles Firth!
Please could you check on your local machine configuration files `/etc/ssh/ssh_config` and `~/.ssh/config`? Looks like you have directive `Ciphers aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc`. If so, please comment that lines.
Hi @Vladimir Lagunox,
I've removed those lines from my ~/.ssh/config and unfortunately I'm still getting the same error.
Connection to xx@xx.eu-west-1.rds.amazonaws.com failed: SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com].
SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [aes128-cbc, 3des-cbc, aes256-cbc, aes192-cbc] and [chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com]
@Charles Firth Lets try investigate the problem deeper.
Please run these commands and send their output on email "vladimir dot lagunov at jetbrains dot com".
$ ssh -G user@host
$ ssh -v user@host date
$ cat /etc/ssh/ssh_config
$ cat ~/.ssh/config
I've created an issue in YouTrack about this problem. https://youtrack.jetbrains.com/issue/IDEA-219538
Solved!
Incorrect ciphers were being defined in the Windows SSH Config, while I thought DataGrip was using WSL SSH Config.
Changed ciphers in Windows to "Ciphers aes256-cbc,aes256-ctr" and it all worked again.
@Charles Firth
I've updated https://youtrack.jetbrains.com/issue/IDEA-219538 Now it describes the real cause of the problem.
Resume for those who has a similar problem and found this post in a web search:
DataGrip 2019.2 (and all other IDEs including PhpStorm, PyCharm, RubyMine, etc.) started reading SSH configuration file even if authentication type is "password" or "key pair". Check `~/.ssh/config` or `C:\Users\you\.ssh\config` for suspicious directives.
I am also running into SSH issues with DataGrip 2019.2. My known_hosts file is generally using ecdsa-sha2-nistp256, and this works with 2019.1. I don't have any ciphers specified in my ~/.ssh/config file (on macOS). I rolled back to 2019.1 and all is good again.
I can't tell from reading this thread if this is the same as my issue, nor if it is intended to be fixed soonish. Is this really just a temporary issue, or will this be how DataGrip works going forward?
I'm getting the same issue with IDEA 2019.2. I don't have any ciphers specified in my ~/.ssh/config file (macOS)
Connection to xxxx@yyyyy failed: SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1] and [curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1].
SSH: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha1] and [curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1]
Hello, Bárður V. Dam!
Your issue looks similar to https://youtrack.jetbrains.com/issue/WI-47671 . Do you run IDE using Oracle JDK? Could you switch to JetBrains Runtime or to OpenJDK? JetBrains Runtime can be downloaded here https://bintray.com/jetbrains/intellij-jbr
Hi Vladimir,
My issue was resolved by switching to JetBrains Runtime.
Thanks
Updating to PyCharm 2019.2 broke remote deployment for me (macOS 10.14.6). There's nothing in my config file specifying any particular cipher.
net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [ssh-dss] and [ssh-rsa, rsa-sha2-512, rsa-sha2-256, ecdsa-sha2-nistp256, ssh-ed25519]
I tried a few remote deployments and found some of them worked. The ones that work use a 2048 bit key. The ones that don't use a 4096 bit key.
I already switched to JetBrains Runtime to try to solve the problem, and it did not help. I filed a ticket #2224999 and am being helped now, thanks.