FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32CubeIDE 2.0.0 – Git SSH Pull/Push Fails with Azure DevOps (RSA-SHA2 Support Missing)

los_trpaslikos
Associate

‎2025-12-03 2:35 AM

Hello,

after upgrading from STM32CubeIDE 1.9.0 to 2.0.0 (Eclipse 2024‑09), we encountered a critical issue with Git integration when using SSH and Azure DevOps.

In version 1.9.0, Git operations (pull/push) worked correctly because the IDE allowed selecting an external SSH client (e.g., OpenSSH or PuTTY/Pageant). Azure DevOps recently deprecated ssh-rsa (SHA‑1) and now requires rsa-sha2-256 or rsa-sha2-512 for host key algorithms.

In STM32CubeIDE 2.0.0:

  • The IDE uses Apache MINA sshd internally for SSH.
  • External SSH client configuration (GIT_SSH or core.sshCommand) is ignored.
  • Apache MINA does not support RSA-SHA2 host key algorithms, so the handshake fails with:

                 Unable to negotiate key exchange for server host key algorithms.

                 Client offered: ssh-rsa, ecdsa-sha2-nistp256, ssh-ed25519

                Server requires: rsa-sha2-256, rsa-sha2-512

  • Switching to JSch also fails because it only supports SHA‑1.

This means SSH with Azure DevOps is currently broken in CubeIDE 2.0.0. The only workarounds are:

  • Downgrade to CubeIDE 1.9.0 (where external SSH was supported).
  • Use Git Bash for pull/push and refresh in IDE.
  • Switch to HTTPS with PAT (Personal Access Token).

Question:

  • Is there an official workaround for this issue?

This is a major blocker for teams using Azure DevOps with SSH. Any guidance or roadmap would be appreciated.

Thank you.

Labels:
Preview file
186 KB
0 Kudos
3 REPLIES 3
Ghofrane GSOURI
ST Employee

‎2025-12-04 1:32 AM

Hello @los_trpaslikos 

This is not a limitation specific to STM32CubeIDE, but rather a broader limitation of the Eclipse platform and its bundled SSH library, which STM32CubeIDE inherits.

I recommend raising this question or reporting the problem on the Eclipse platform as this could help bring attention to the issue and potentially lead to a resolution or workaround.

THX

Ghofrane

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

0 Kudos
los_trpaslikos
Associate
In response to Ghofrane GSOURI

‎2025-12-04 3:59 AM

Thank you for your reply.

I understand that the limitation originates from the Eclipse platform and its use of Apache MINA SSHD. However, STM32CubeIDE integrates Eclipse and distributes it as part of your product. For end users, this issue is a critical blocker because SSH with Azure DevOps is broken out of the box.

Since STM32CubeIDE bundles a specific Eclipse version and JGit/SSH libraries, the responsibility for ensuring compatibility with modern security requirements (such as RSA-SHA2 support) falls on the integrator. Users cannot easily update these libraries themselves without risking IDE stability.

Would ST consider:

  • Updating STM32CubeIDE to include a newer Eclipse/JGit version that uses Apache MINA SSHD ≥ 2.3.0 (which supports RSA-SHA2)?
  • Providing an official workaround or roadmap for this?

Simply redirecting users to Eclipse does not solve the problem for STM32CubeIDE customers, because they rely on your packaged environment.

Thank you for considering this. This is a major blocker for teams using Azure DevOps with SSH.

0 Kudos
Ghofrane GSOURI
ST Employee
In response to los_trpaslikos

‎2025-12-04 4:45 AM

Hello @los_trpaslikos 

The migration to a newer Eclipse version within STM32CubeIDE is planned for next year.

In the meantime , use HTTPS for Git operations with Azure DevOps, if possible.

 

THX

Ghofrane

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

0 Kudos
Top