The unauthenticated git protocol on port 9418 is no longer supported

monofal
January 11, 2022
147 views
3 votes
10 Answers

I have been using github actions for quite sometime but today my deployments started failing. Below is the error from github action logs

Command: git
Arguments: ls-remote --tags --heads git://github.com/adobe-webplatform/eve.git
Directory: /home/runner/work/stackstream-fe/stackstream-fe
Output:
fatal: remote error: 
  The unauthenticated git protocol on port 9418 is no longer supported.

Upon investigation, it appears that below section in my yml file is causing the issue.

    - name: Installing modules
      run: yarn install

I have looked into this change log but can’t seem to comprehend the issue.

Additional Details:
Server: EC2 Instance
Github actions steps:

  steps:
  - name: Checkout
    uses: actions/checkout@v2

  - id: vars
    run: |
      if [ '${{ github.ref }}' == 'refs/heads/master' ]; then echo "::set-output name=environment::prod_stackstream" ; echo "::set-output name=api-url::api" ; elif [ '${{ github.ref }}' == 'refs/heads/staging' ]; then echo "::set-output name=environment::staging_stackstream"  ; echo "::set-output name=api-url::stagingapi" ; else echo "::set-output name=environment::dev_stackstream" ; echo "::set-output name=api-url::devapi" ; fi

  - uses: pCYSl5EDgo/cat@master
    id: slack
    with:
      path: .github/workflows/slack.txt

  - name: Slack Start Notification
    uses: 8398a7/action-slack@v3
    env:
      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
      ENVIRONMENT: '`${{ steps.vars.outputs.environment }}`'
      COLOR: good
      STATUS: '`Started`'
    with:
      status: custom
      fields: workflow,job,commit,repo,ref,author,took
      custom_payload: |
        ${{ steps.slack.outputs.text }}

  - name: Installing modules
    env:
      REACT_APP_API_URL: 'https://${{ steps.vars.outputs.api-url }}mergestack.com/api/v1'
    run: yarn install

  - name: Create Frontend Build
    env:
      REACT_APP_API_URL: 'https://${{ steps.vars.outputs.api-url }}mergestack.com/api/v1'
    run: yarn build

  - name: Deploy to Frontend Server DEV
    if: ${{ contains(github.ref, 'dev') }}
    uses: easingthemes/[email protected]
    env:
      SSH_PRIVATE_KEY: ${{ secrets.DEV_KEY }}
      ARGS: '-rltgoDzvO --delete'
      SOURCE: 'deploy/'
      REMOTE_HOST: ${{ secrets.DEV_HOST }}
      REMOTE_USER: plyfolio-dev
      TARGET: '/home/plyfolio-dev/${{ steps.vars.outputs.environment }}/fe/deploy'

package.json file

   {
  "name": "stackstream-fe",
  "version": "1.0.0",
  "authors": [
    "[email protected]"
  ],
  "private": true,
  "dependencies": {
    "@fortawesome/fontawesome-svg-core": "^1.2.34",
    "@fortawesome/free-solid-svg-icons": "^5.15.2",
    "@fortawesome/react-fontawesome": "^0.1.14",
    "@fullcalendar/bootstrap": "^5.5.0",
    "@fullcalendar/core": "^5.5.0",
    "@fullcalendar/daygrid": "^5.5.0",
    "@fullcalendar/interaction": "^5.5.0",
    "@fullcalendar/react": "^5.5.0",
    "@lourenci/react-kanban": "^2.1.0",
    "@redux-saga/simple-saga-monitor": "^1.1.2",
    "@testing-library/jest-dom": "^5.11.9",
    "@testing-library/react": "^11.2.3",
    "@testing-library/user-event": "^12.6.0",
    "@toast-ui/react-chart": "^1.0.2",
    "@types/jest": "^26.0.14",
    "@types/node": "^14.10.3",
    "@types/react": "^16.9.49",
    "@types/react-dom": "^16.9.8",
    "@vtaits/react-color-picker": "^0.1.1",
    "apexcharts": "^3.23.1",
    "availity-reactstrap-validation": "^2.7.0",
    "axios": "^0.21.1",
    "axios-mock-adapter": "^1.19.0",
    "axios-progress-bar": "^1.2.0",
    "bootstrap": "^5.0.0-beta2",
    "chart.js": "^2.9.4",
    "chartist": "^0.11.4",
    "classnames": "^2.2.6",
    "components": "^0.1.0",
    "dotenv": "^8.2.0",
    "draft-js": "^0.11.7",
    "echarts": "^4.9.0",
    "echarts-for-react": "^2.0.16",
    "firebase": "^8.2.3",
    "google-maps-react": "^2.0.6",
    "history": "^4.10.1",
    "i": "^0.3.6",
    "i18next": "^19.8.4",
    "i18next-browser-languagedetector": "^6.0.1",
    "jsonwebtoken": "^8.5.1",
    "leaflet": "^1.7.1",
    "lodash": "^4.17.21",
    "lodash.clonedeep": "^4.5.0",
    "lodash.get": "^4.4.2",
    "metismenujs": "^1.2.1",
    "mkdirp": "^1.0.4",
    "moment": "2.29.1",
    "moment-timezone": "^0.5.32",
    "nouislider-react": "^3.3.9",
    "npm": "^7.6.3",
    "prop-types": "^15.7.2",
    "query-string": "^6.14.0",
    "react": "^16.13.1",
    "react-apexcharts": "^1.3.7",
    "react-auth-code-input": "^1.0.0",
    "react-avatar": "^3.10.0",
    "react-bootstrap": "^1.5.0",
    "react-bootstrap-editable": "^0.8.2",
    "react-bootstrap-sweetalert": "^5.2.0",
    "react-bootstrap-table-next": "^4.0.3",
    "react-bootstrap-table2-editor": "^1.4.0",
    "react-bootstrap-table2-paginator": "^2.1.2",
    "react-bootstrap-table2-toolkit": "^2.1.3",
    "react-chartist": "^0.14.3",
    "react-chartjs-2": "^2.11.1",
    "react-color": "^2.19.3",
    "react-confirm-alert": "^2.7.0",
    "react-content-loader": "^6.0.1",
    "react-countdown": "^2.3.1",
    "react-countup": "^4.3.3",
    "react-cropper": "^2.1.4",
    "react-data-table-component": "^6.11.8",
    "react-date-picker": "^8.0.6",
    "react-datepicker": "^3.4.1",
    "react-dom": "^16.13.1",
    "react-draft-wysiwyg": "^1.14.5",
    "react-drag-listview": "^0.1.8",
    "react-drawer": "^1.3.4",
    "react-dropzone": "^11.2.4",
    "react-dual-listbox": "^2.0.0",
    "react-facebook-login": "^4.1.1",
    "react-flatpickr": "^3.10.6",
    "react-google-login": "^5.2.2",
    "react-hook-form": "^7.15.2",
    "react-i18next": "^11.8.5",
    "react-icons": "^4.2.0",
    "react-image-lightbox": "^5.1.1",
    "react-input-mask": "^2.0.4",
    "react-jvectormap": "^0.0.16",
    "react-leaflet": "^3.0.5",
    "react-meta-tags": "^1.0.1",
    "react-modal-video": "^1.2.6",
    "react-notifications": "^1.7.2",
    "react-number-format": "^4.7.3",
    "react-perfect-scrollbar": "^1.5.8",
    "react-rangeslider": "^2.2.0",
    "react-rating": "^2.0.5",
    "react-rating-tooltip": "^1.1.6",
    "react-redux": "^7.2.1",
    "react-responsive-carousel": "^3.2.11",
    "react-router-dom": "^5.2.0",
    "react-script": "^2.0.5",
    "react-scripts": "3.4.3",
    "react-select": "^4.3.1",
    "react-sparklines": "^1.7.0",
    "react-star-ratings": "^2.3.0",
    "react-super-responsive-table": "^5.2.0",
    "react-switch": "^6.0.0",
    "react-table": "^7.6.3",
    "react-toastify": "^7.0.3",
    "react-toastr": "^3.0.0",
    "react-twitter-auth": "0.0.13",
    "reactstrap": "^8.8.1",
    "recharts": "^2.0.8",
    "redux": "^4.0.5",
    "redux-saga": "^1.1.3",
    "reselect": "^4.0.0",
    "sass": "^1.37.5",
    "simplebar-react": "^2.3.0",
    "styled": "^1.0.0",
    "styled-components": "^5.2.1",
    "toastr": "^2.1.4",
    "typescript": "^4.0.2",
    "universal-cookie": "^4.0.4"
  },
  "devDependencies": {
    "@typescript-eslint/eslint-plugin": "^2.27.0",
    "@typescript-eslint/parser": "^2.27.0",
    "@typescript-eslint/typescript-estree": "^4.15.2",
    "eslint-config-prettier": "^6.10.1",
    "eslint-plugin-prettier": "^3.1.2",
    "husky": "^4.2.5",
    "lint-staged": "^10.1.3",
    "prettier": "^1.19.1",
    "react-test-renderer": "^16.13.1",
    "redux-devtools-extension": "^2.13.8",
    "redux-mock-store": "^1.5.4"
  },
  "scripts": {
    "start": "react-scripts start",
    "build": "react-scripts build && mv build ./deploy/build",
    "build-local": "react-scripts build",
    "test": "react-scripts test",
    "eject": "react-scripts eject"
  },
  "eslintConfig": {
    "extends": "react-app"
  },
  "husky": {
    "hooks": {
      "pre-commit": "lint-staged"
    }
  },
  "lint-staged": {
    "*.{js,ts,tsx}": [
      "eslint --fix"
    ]
  },
  "browserslist": {
    "production": [
      ">0.2%",
      "not dead",
      "not op_mini all"
    ],
    "development": [
      "last 1 chrome version",
      "last 1 firefox version",
      "last 1 safari version"
    ]
  }
}

package-lock.json

Answers

- VonC
- January 11, 2022 at 9:26 am
- 0 votes
0
First, this error message is indeed expected on Jan. 11th, 2022.
See "Improving Git protocol security on GitHub".

January 11, 2022 Final brownout.

This is the full brownout period where we’ll temporarily stop accepting the deprecated key and signature types, ciphers, and MACs, and the unencrypted Git protocol.
This will help clients discover any lingering use of older keys or old URLs.

Second, check your package.json dependencies for any git:// URL, as in this example, fixed in this PR.

As noted by Jörg W Mittag:

There was a 4-month warning.
The entire Internet has been moving away from unauthenticated, unencrypted protocols for a decade, it’s not like this is a huge surprise.

Personally, I consider it less an "issue" and more "detecting unmaintained dependencies".

Plus, this is still only the brownout period, so the protocol will only be disabled for a short period of time, allowing developers to discover the problem.

The permanent shutdown is not until March 15th.

For GitHub Actions:

As in actions/checkout issue 14, you can add as a first step:
```
    - name: Fix up git URLs
      run: echo -e '[url "https://github.com/"]n  insteadOf = "git://github.com/"' >> ~/.gitconfig
```
That will change any git://github.com/ into https://github.com/.

For local projects

For all your repositories, you can set:
```
git config --global url."https://github.com/".insteadOf git://github.com/
```
You can also use SSH, but GitHub Security reminds us that, as of March 15th, 2022, GitHub stopped accepting DSA keys. RSA keys uploaded after Nov 2, 2021 will work only with SHA-2 signatures.
The deprecated MACs, ciphers, and unencrypted Git protocol are permanently disabled.

So this (with the right key) would work:
```
git config --global url."[email protected]:".insteadOf git://github.com/
```
That will change any git://github.com/ (unencrypted Git protocol) into [email protected]: (SSH URL).
Login or Signup to reply.

- ahmadfaraz
- January 11, 2022 at 9:54 am
- 0 votes
0
@toast-ui/react-chart dependency is causing issue for you here.

If you look closely inside your package-lock.json you can backtrack eve to @toast-ui/react-chart

eve –> raphael –> tui-chart –> @toast-ui/react-chart

You can follow this same technique to find any more issues inside your project.

Login or Signup to reply.

- rscherer
- January 11, 2022 at 1:10 pm
- 0 votes
0
Try using the following command before install:
```
git config --global url."https://".insteadOf git://
```
P.S. or better ( thanks @bgraves )
```
git config --global url."https://github.com/".insteadOf git://github.com/
```
Login or Signup to reply.

- jharding
- January 11, 2022 at 2:31 pm
- 0 votes
0
Try using https://github.com instead of git://github.com

Login or Signup to reply.

- BorisVerkhovskiy
- March 16, 2022 at 6:59 am
- 0 votes
0
Change git://github.com/<blah> to [email protected]:<blah> (note the / → : at the end) in your repository’s .git/config file.

In my repository’s .git/config file I had this line
```
[remote "upstream"]
    url = git://github.com/curlconverter/curlconverter.git
    fetch = +refs/heads/*:refs/remotes/upstream/*
```
which I changed to
```
[remote "upstream"]
    url = [email protected]:curlconverter/curlconverter.git
    fetch = +refs/heads/*:refs/remotes/upstream/*
```
and stopped getting this error.
Login or Signup to reply.

- d4nyll
- March 16, 2022 at 8:45 pm
- 0 votes
0
I hope this answer would provide more context omitted in the other answers.

Git can use four protocols to transfer data:
- Local (not relevant here)
- (Smart) HTTP – runs over standard HTTPS ports, and can use various HTTP authentication mechanisms (e.g. username/password) if authentication is required. This protocol allows you to provide both read and write access using the same URL; if authentication is required, the server will prompt the client.
- Secure Shell (SSH) – authenticated workflow where both reads and writes are authenticated. It does not support unauthenticated (i.e. anonymous) access. Users need to generate an SSH key pair (containing a private and public key) locally and upload their public key to the server.
- Git protocol – unencrypted and unauthenticated. There is a Git Daemon that runs on the Git server that listens on port 9418 and services requests.
Each of the protocols uses different URLs:
- Local:
  - Absolute path (e.g. /srv/git/project.git)
  - Absolute path prefixed with file:// protocol (e.g. file:///srv/git/project.git)
- HTTP: https://example.com/gitproject.git
- SSH
  - ssh://[user@]server/project.git
  - Shorter SCP-like syntax – [user@]server:project.git
- Git protocol – Starts with git://
GitHub has dropped support for all unencrypted protocols, which only includes the Git protocol (those that uses the git:// prefix). Thus, the The unauthenticated git protocol on port 9418 is no longer supported. error confirms this.

The way to mitigate this is by searching for the string git:// within your package.json and lockfiles (e.g. yarn.lock or package-lock.json) to identify the offending package(s), and upgrade them to a version that does not use dependencies that resolves to a URL with the git:// prefix. If the offending package is not in your package.json, you may find it helpful to run a command like yarn why to understand why the package is installed.

If that’s not possible, and the repository is public, a temporary solution would be to manually replace git:// with https://. But this solution is not permanent and may get overwritten the next time the lockfile is written to.
Login or Signup to reply.

- AdamKnights
- March 21, 2022 at 3:52 pm
- 0 votes
0
If you are getting this issue while running something like pip install git+git://github.com/SomeCompany/somerepo.git@sometag, then only the second part of git+git needs to change, i.e. it becomes pip install git+https://github.com/SomeCompany/somerepo.git@sometag

Login or Signup to reply.

- truefusion
- March 21, 2022 at 8:33 pm
- 0 votes
0
When all of the other solutions don’t help, try editing your global config and removing all instead of declarations.

git config --global --edit

Login or Signup to reply.

Hello try the below options – this one worked for me

git config --global url."https://github".insteadOf git://github

Now git hubwont support unauthenticated git protocol
https://github.blog/2021-09-01-improving-git-protocol-security-github/

I was getting the bellow error

Unhandled rejection Error: Command failed: /usr/bin/git submodule update -q --init --recursive
warning: templates not found /tmp/pacote-git-template-tmp/git-clone-a001527f
fatal: remote error:
  The unauthenticated git protocol on port 9418 is no longer supported.
Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/ for more information.
fatal: clone of 'git://github.com/jquery/sizzle.git' into submodule path '/root/.npm/_cacache/tmp/git-clone-19674e32/src/sizzle' failed
Failed to clone 'src/sizzle'. Retry scheduled
warning: templates not found /tmp/pacote-git-template-tmp/git-clone-a001527f

- bnPYSse
- March 27, 2022 at 3:23 pm
- 0 votes
0
Add the code into ~/.gitconfig:

[url "https://"]
```
    insteadOf = ssh://
```
[url "https://"]
```
    insteadOf = git://
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

The unauthenticated git protocol on port 9418 is no longer supported

Answers

For GitHub Actions:

For local projects