Bitbucket Data Center Repository Creation on Bamboo fails with error "ssh_dispatch_run_fatal: Connection to 127.0.0.1 port XXXXX: error in libcrypto fatal"

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

After installing or upgrading Bamboo on Linux 9 or higher, users are unable to create or use pre-existing Bitbucket repositories on a Bamboo instance and the error "ssh_dispatch_run_fatal: Connection to 127.0.0.1 port XXXXX: error in libcrypto fatal" is seen on Bamboo GUI. 

Environment

  • Tested on Bamboo 7.2.10, 8.2.8, 9.2.7

  • Enterprise Linux 9.3(RHEL, Oracle)

  • OpenSSH_8.7p1

Diagnosis

The following errors can be seen on the Linked repository page on Bamboo:

  • New access key is required but could not be added to Bitbucket.

  • Unable to negotiate with 127.0.0.1 port 46135. no matching host key type found. Their offer: ssh-rsa fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.

Please make a note of the below error message as seen above

1 ssh_dispatch_run_fatal: Connection to 127.0.0.1 port XXXX: error in libcrypto fatal

Error message below can be seen in the <bamboo-home>/logs/atlassian-bamboo.log file

1 2 ssh_dispatch_run_fatal: Connection to 127.0.0.1 port XXXX : error in libcrypto fatal: Could not read from remote repository.

Below warning message can also be seen in the above logs

1 2 WARN [sshd-SshServer[445757bc]-nio2-thread-1] [ServerSessionImpl] exceptionCaught(ServerSessionImpl[null@/127.0.0.1:46008])[state=Opened] IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256 / server: ssh-rsa)

Cause

Enterprise linux 9 server restrict SHA-1 usage in their DEFAULT system-wide cryptographic policy. Most enterprise Linux 9 servers come with OpenSSH upstream which do not support SHA1 algorithm by default.

Solution

As explained earlier, the DEFAULT policy does not include SHA-1 algorithm, so there is a need to add the SHA-1 algorithm to the DEFAULT policy. This can be carried out only using the system administrator privileges on the enterprise Linux 9 server.

1 update-crypto-policies --set DEFAULT:SHA1

Also, add the entries below to the /etc/ssh/ssh_config file on the Bamboo server. This is required if the SSH server is using RSA key sizes less than 2048 bits.

1 2 Host 127.0.0.1 RequiredRSASize 1024

Then, perform a server reboot on the Enterprise Linux 9, hosing the Bamboo instance. Now the repository can be saved successfully.

Updated on February 27, 2025
Platform
Data Center only
Product
Bamboo Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community