2

I am following this link to setup ssh codecommit AWS

Aws setup doc

At the step 10

PS C:\Users\mrdar\.ssh> ssh git-codecommit.us-west-2.amazonaws.com
The authenticity of host 'git-codecommit.us-west-2.amazonaws.com (52.119.161.60)' can't be established.
RSA key fingerprint is SHA256:0pJx9SQpkbPUAHwy58UVIq0IHcyo1fwCpOOuVgcAWPo.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

and the result:

Warning: Permanently added 'git-codecommit.us-west-2.amazonaws.com,52.119.161.60' (RSA) to the list of known hosts.
You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.Connection to git-codecommit.us-west-2.amazonaws.com closed by remote host.
Connection to git-codecommit.us-west-2.amazonaws.com closed.

There are four files in .ssh folder:

codecommit_rsa
codecommit_rsa.pub
config
known_hosts(this generated after I ran this command `ssh git-codecommit.us-west-2.amazonaws.com`)

and then I perform this command on git bash:

git clone ssh://git-codecommit.us-west-2.amazonaws.com...

and I got this issue:

Unable to negotiate with 52.94.210.119 port 22: no matching host key type found. Their offer: ssh-rsa
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I can't clone my git repo from AWS codecommit, what will I do next ?, I have tried some solutions on google but none of them work. I do the same with the new lap and it worked, I don't know why my old laptop did not work:@. Thanks for reading.

neyone315
  • 33
  • 5

2 Answers2

0

I was having the same problem, but managed to solve it by setting up a config file, verifying the ssh connection, then git for cloning and committing. I have multiple SSH keys for different SCM platforms (CodeCommit and GitHub), so when git cached my GitHub ssh key, it would not switch back to my AWS one for CodeCommit. The result was the same error.

I solved the problem by these three steps:

  1. Create a fully articulated config file at the ~/.ssh/ path
    • Specify ssh-rsa algorithm tolerance
    • Provide your SSH Key ID as User (looks like APKA████████████████)
  2. Cache the key password using ssh IDENT@git-code-commit.REGION.amazonaws.com format
    • IDENT is your SSH Key ID
    • REGION is the default AWS region
  3. Cloning locally using available CodeCommit schemes
    • HTTPS when using either Git credentials with IAM user or credential helper included with AWS CLI
    • HTTPS (GRC) when using git-remote-codecommit command
    • SSH when using SSH public/private key pair with IAM user

Details on the differences at Step 2: Create a local repo of AWSDocumentationCodeCommitUser Guide.

Cache your ssh key and test ssh

This is not a prerequisite, but it establishes that things are working and locally caches your SSH password for a few minutes.

me@ps ~$ ssh APKA████████████████@git-codecommit.us-east-2.amazonaws.com
You have successfully authenticated over SSH. You can use Git to interact with AWS CodeCommit. Interactive shells are not supported.Connection to git-codecommit.us-east-2.amazonaws.com closed by remote host.
Connection to git-codecommit.us-east-2.amazonaws.com closed.

Strangely, AWS docs do not specify using the SSH Key ID to test, but I found it necessary to get a connection. The SSH Key ID can be found in the IAM console in the profile for your IAM user:

Find your SSH CodeCommit Key Id

As shown in this screenshot, the key ID starts with APKA…. Once you SSH in successfully, CLI navigate to your locally cloned repo and make sure the remotes are correct.

me@ps ~$git remote --verbose
origin  https://git-codecommit.████████████.amazonaws.com/v1/repos/████████████ (fetch)
origin  https://git-codecommit.████████████.amazonaws.com/v1/repos/████████████ (push)

SSH Config File

Make sure your config or config.txt in your ~/.ssh/ path is correctly set up. The Host name pattern should match your AWS git remotes. Depending on your ssh version, you may need to explicitly enable dsa. Here's what mine looks like:

Host git-codecommit.*.amazonaws.com
    HostKeyAlgorithms=+ssh-dsa
    User APKA████████████████
    IdentityFile ~/.ssh/id_rsa.pub
Host github.com
    IdentityFile ~/.ssh/id_ed25519.pub
Host *
    User git
    IdentityFile ~/.ssh/id_ecdsa.pub

This is just one possible solution. I found many of these steps by following the troubleshooting instructions here: AWS ▸ Documentation ▸ CodeCommit ▸ User Guide ▸ Troubleshooting ▸ Troubleshooting SSH connections

Mavaddat Javid
  • 491
  • 4
  • 19
  • I do the command `ssh IDENT@git-commit.us-west-2.amazonaws.com` and add a line to config(not config.txt) file a line `HostKeyAlgorithms=+ssh-rsa` , then I run `git clone ssh://IDENT@my repo link`. Then it shows up the error like this `IDENT@git-codecommit.us-west-2.amazonaws.com: Permission denied (publickey). fatal: Could not read from remote repository.Please make sure you have the correct access rights and the repository exists.`. Thank you for your answer – neyone315 Oct 20 '21 at 12:20
  • I did clean install window 11, then do the first ssh on this lap then this error happens. It used to work normally before. – neyone315 Oct 20 '21 at 12:38
0

I recently had my cygwin git access to AWS Codecommit break.

I needed PubkeyAcceptedAlgorithms=+ssh-rsa in my config file in addition to HashKeyAlgorithms mentioned by Mavaddat Javid.

ahnkle
  • 467
  • 6
  • 17