Backlog Git-SSH enables new public key and key exchange algorithms
We’re enabling a new public key type and a new key exchange algorithm for Backlog. In addition, we’re disabling an old key exchange algorithm.
Key changes in Backlog
Starting November 1st, 2018, our Git servers will:
– Support the new public key type “Ed25519”
– Support the new key exchange algorithm “curve25519-sha256@libssh.org”
– Disable the key exchange algorithm “diffie-hellman-group-exchange-sha256”
New public key type
After the update, you will be able to register an Edwards-curve Digital Signature Algorithm (EdDSA) public key as your SSH public key on Backlog. You can also continue to use all your SSH public keys that you have already registered.
| Public key type | At present | After update |
|---|---|---|
| DSA (ssh-dss) | X | X |
| RSA (ssh-rsa) | X | X |
| ECDSA (ecdsa-sha2-nistp256) | X | X |
| ECDSA (ecdsa-sha2-nistp384) | X | X |
| ECDSA (ecdsa-sha2-nistp521) | X | X |
| Ed25519 (ssh-ed25519) | X |
Ed25519 is supported by OpenSSH 6.5 and later. It offers a better security with faster performance compared to DSA or ECDSA, so please use it.
New key exchange algorithms
After the update, we will support a new key exchange algorithm “curve25519-sha256@libssh.org” that is more secure than existing ones. Plus, we will disable the key exchange algorithm “diffie-hellman-group-exchange-sha256”.
If your client supports one or more of the following new algorithms, the client will automatically start to use them. However, if your client is set to use “diffie-hellman-group-exchange-sha256” or doesn’t support the new algorithms, the client will not connect to our Git servers.
| Key Exchange Algorithm | At present | After update |
|---|---|---|
| diffie-hellman-group-exchange-sha256 | X | |
| diffie-hellman-group14-sha1 | X | X |
| ecdh-sha2-nistp256 | X | X |
| ecdh-sha2-nistp384 | X | X |
| ecdh-sha2-nistp521 | X | X |
| curve25519-sha256@libssh.org | X |
How to check your client settings
Please check your client settings and its user manual about key exchange algorithms for SSH. If your client does not support the above new key exchange algorithms, please upgrade the client to the latest version. If your client is set to use diffie-hellman-group-exchange-sha256, please change your client setting.
Example: git command
git command uses OpenSSH for its SSH connection. If the following line is in your OpenSSH configuration file (ex. ~/.ssh/config.), your client uses diffie-hellman-group-exchange-sha256 only.
KexAlgorithms diffie-hellman-group-exchange-sha256
You can remove this line or add + just before diffie-hellman-group-exchange-sha256.
Update Plan
This update will happen across all Backlog spaces starting November 1st, 2018. We will notify you of all maintenance information on your Backlog Dashboard.