Hostkey error when pulling or building from private git repository

Hello,

I get an error message when trying to `guix pull` a channel from a private git repository or when trying to `guix build` a package from a private git repository

Previously it worked great up until a few days ago. I have tested it on multiple machines and get the same error, as well as for private repositories hosted on gitlab and github.

This is the error message I get when I pull (for build it is essentially the same)

atte@beryllium:~$ guix pull

Updating channel 'guix-test' from Git repository at 'git@github.com:Blixodus/guix-test.git'...

guix pull: error: Git error: failed to set hostkey preference: The requested method(s) are not currently supported

And this is how I define channels in .config/guix/channels.scm, with a url to a private git repository by ssh

(list (channel

(name 'guix-test)

(url "git@github.com:Blixodus/guix-test.git")

(branch "main")))

Atte Torri

Hi there,

I have experienced the same problem, and have a little piece of the puzzle. As I looked at the server hosting my own private channel I saw the line

Unable to negotiate with XXX.XXX.XXX.XXX port 45072: no matching host key type found. Their offer: ssh-rsa [preauth]

which means that the guix pull command only uses a Hostkey using an algorithm that is not in the default configuration of the sshd HostKeyAlgorithms (as it is considered too weak for keys of a size <2048 bits?).

The workaround I am using is a line

HostKeyAlgorithms +ssh-rsa

in my server's sshd_config (and using a key of a size of 4096 bits).

Nevertheless, I would like to see guix pull using a host key with a different algorithm - or a larger variety of host keys.

Hoping that helps,

Cheers

Tim

I just ran into this issue as well. I spent some time bisecting last

night and tracked it down to a change in guile-git's dependency on

libgit2:

9f00975f55e569fc3ba204fc34261a942a19b4e5 is the first bad commit

commit 9f00975f55e569fc3ba204fc34261a942a19b4e5

Author: Ludovic Courtès <ludo@gnu.org>

Date: Mon Feb 26 22:15:57 2024 +0100

gnu: guile-git: Depend on libgit2 1.7.

* gnu/packages/guile.scm (guile-git)[inputs]: Replace LIBGIT2-1.3

with

LIBGIT2-1.7.

Change-Id: Ia386f977b0888b7bd9b26443ac6150428fda2155

gnu/packages/guile.scm | 4 +---

1 file changed, 1 insertion(+), 3 deletions(-)

It looks like this is https://github.com/libgit2/libgit2/issues/6612

And one of the comments on that issue from the libgit2 maintainer made

me realize there's a workaround. Using github.com as an example since

the initial report was having trouble with a channel on github, if you

run this:

$ ssh-keyscan github.com >> ~/.ssh/known_hosts

...it seems to fix the issue, because ssh-keyscan fetches host keys of

all types from the remote host, rather than just one (as seems to

happen when you connect to a remote host via SSH normally).

Obviously would prefer a proper fix, but this is a relatively low-

impact workaround for now.

As another data point, I'm encountering this issue as well and

ssh-keyscan didn't resolve it.

I'm not following the code flow to try to help with this (yet?).

I can say that libgit2 doesn't seem to've made any relevant changes

since the release of 1.8.1 in May.