SSH with Azure DevOps fails due to missing RSA-SHA2 support in Apache MINA SSHD (Eclipse Git integration) #19
Description
Hello,
After upgrading to STM32CubeIDE 2.0.0 (based on Eclipse 2024‑09), we encountered a critical issue with Git SSH integration when connecting to Azure DevOps.
Azure DevOps recently deprecated ssh-rsa (SHA‑1) and now requires rsa-sha2-256 or rsa-sha2-512 for host key algorithms. However, Eclipse Git (JGit) uses Apache MINA SSHD internally, and the version bundled with Eclipse is 2.2.0, which does not support RSA-SHA2 algorithms.
Handshake fails with:
Unable to negotiate key exchange for server host key algorithms.
Client offered: ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519
Server requires: rsa-sha2-256, rsa-sha2-512
Details:
Apache MINA SSHD version in Eclipse: 2.2.0.v20190425-2127
JGit SSH plugin: 5.5.0.201909110433-r
RSA-SHA2 support was added in Apache MINA SSHD 2.3.0 and is available in all newer releases (current is 2.16.0).
This means SSH with Azure DevOps is broken in Eclipse-based IDEs using these versions. Previously, external SSH clients could be configured, but this option is no longer available.
Questions / Suggestions:
I have already opened a topic on the ST forum regarding this issue, but they redirected me to Eclipse maintainers. However, STM32CubeIDE integrates Eclipse and distributes it as part of its product, so from an end-user perspective, this is a major blocker that ST should address in their packaged environment.
Questions / Suggestions:
Is there a plan to update JGit and Apache MINA SSHD to a version that supports RSA-SHA2?
Could this be prioritized? It is a major blocker for teams using Azure DevOps with SSH.
Workarounds are limited to HTTPS + PAT or using external Git clients outside Eclipse.
Thank you for your support!