Insecure and weak SSH algorithms disabled for Git service

Change effective on 17 October 2017

We strengthened the SSH transport for our Git service by disabling the following algorithms:

  • Key exchange algorithms
    • “diffie-hellman-group14-sha1”
    • “diffie-hellman-group1-sha1”
  • Encryption algorithms
    • “arcfour256”
    • “arcfour128”
  • Mac algorithms:
    • “hmac-sha1”
    • “hmac-sha1-96”

If you’re using one of these algorithms, you should expect to see the following error:

$ git push heroku master
Unable to negotiate a key exchange method

You’ll need to upgrade your SSH client or change to HTTP transport to ensure secure transfer.