Hello,
after upgrading from STM32CubeIDE 1.9.0 to 2.0.0 (Eclipse 2024‑09), we encountered a critical issue with Git integration when using SSH and Azure DevOps.
In version 1.9.0, Git operations (pull/push) worked correctly because the IDE allowed selecting an external SSH client (e.g., OpenSSH or PuTTY/Pageant). Azure DevOps recently deprecated ssh-rsa (SHA‑1) and now requires rsa-sha2-256 or rsa-sha2-512 for host key algorithms.
In STM32CubeIDE 2.0.0:
- The IDE uses Apache MINA sshd internally for SSH.
- External SSH client configuration (GIT_SSH or core.sshCommand) is ignored.
- Apache MINA does not support RSA-SHA2 host key algorithms, so the handshake fails with:
Unable to negotiate key exchange for server host key algorithms.
Client offered: ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519
Server requires: rsa-sha2-256, rsa-sha2-512
- Switching to JSch also fails because it only supports SHA‑1.
This means SSH with Azure DevOps is currently broken in CubeIDE 2.0.0. The only workarounds are:
- Downgrade to CubeIDE 1.9.0 (where external SSH was supported).
- Use Git Bash for pull/push and refresh in IDE.
- Switch to HTTPS with PAT (Personal Access Token).
Question:
- Is there an official workaround for this issue?
This is a major blocker for teams using Azure DevOps with SSH. Any guidance or roadmap would be appreciated.
Thank you.
