Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » EGit / JGit » Have JGit JschConfigSessionFactory ignore invalid keys
Have JGit JschConfigSessionFactory ignore invalid keys [message #1765698] Tue, 13 June 2017 13:41 Go to next message
Arrika Darkwolfe is currently offline Arrika DarkwolfeFriend
Messages: 4
Registered: June 2017
Junior Member
I an subclassing JschConfigSessionFactory. In it, the overridden method getJSch does something like this:

JSch primary = super.getJSch(hc, fs);

hc being OpenSshConfig.Host and fs being FS. When this application is run on a client's machine who has a malformed key OR a key that JGit does not recognise, the following exception occurs (I changed some identifying information in the stack trace but otherwise the issue is the same):

....
Caused by: com.jcraft.jsch.JSchException: invalid privatekey: C:\Users\person\.ssh\id_rsa_bitbucket.ppk
at com.jcraft.jsch.IdentityFile.<init>(IdentityFile.java:302)
at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:135)
at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:130)
at com.jcraft.jsch.JSch.addIdentity(JSch.java:224)
at com.jcraft.jsch.JSch.addIdentity(JSch.java:210)
at org.eclipse.jgit.transport.JschConfigSessionFactory.getJSch(JschConfigSessionFactory.java:233)
at our.custom.ssh.factory.CustomSSHSessionFactory.getJSch(CustomSSHSessionFactory.java:36)


And that line was effectively the line above.

Is there a way to tell JGit to ignore invalid keys? I don't want a bad key to mess up the session, because in the context of this application, it is okay if the user has keys it cannot read. Is there some way to prevent the exception from occurring, like by ignoring bad keys and just adding any good ones? As of right now, this exception is preventing the system from working properly on any machine that has unreadable keys in the user's ssh folder.

Report message to a moderator

Re: Have JGit JschConfigSessionFactory ignore invalid keys [message #1766064 is a reply to message #1765698] Thu, 15 June 2017 10:10 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 576
Registered: August 2016
Senior Member
Why is an invalid key even added? Probably because it's referenced in ~/.ssh/config. So why do users have invalid keys in their config?

Report message to a moderator

Re: Have JGit JschConfigSessionFactory ignore invalid keys [message #1766075 is a reply to message #1766064] Thu, 15 June 2017 12:46 Go to previous messageGo to next message
Arrika Darkwolfe is currently offline Arrika DarkwolfeFriend
Messages: 4
Registered: June 2017
Junior Member
The keys are needed by other tools to my understanding... is it possible that a key that is an invalid format for JGit may be a valid format for another tool?

I'll ask if the key they are referring to is being used without a problem by another tool.

Report message to a moderator

Re: Have JGit JschConfigSessionFactory ignore invalid keys [message #1766084 is a reply to message #1766075] Thu, 15 June 2017 13:50 Go to previous message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 576
Registered: August 2016
Senior Member
Arrika Darkwolfe wrote on Thu, 15 June 2017 12:46
The keys are needed by other tools to my understanding... is it possible that a key that is an invalid format for JGit may be a valid format for another tool?

I'll ask if the key they are referring to is being used without a problem by another tool.


I think *.ppk files are keys in Putty format. OpenSSH cannot deal with them, and neither can Jsch, the Java ssh library used by JGit. But these keys should end up being added in JGit/Jsch only if referenced from ~/.ssh/config. That file is for OpenSSH only, and AFAIK Putty doesn't read it, so a Putty key should never be referenced there.

There are ways to convert the Putty format to OpenSSH format, for instance Puttygen can load the ppk format and export the OpenSSH format.

Report message to a moderator

Previous Topic:Eclipse egit not working
Next Topic:Authentication failure trying to access a TFS git repo
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Apr 24 19:00:29 GMT 2024

Powered by FUDForum. Page generated in 0.03184 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly