Have JGit JschConfigSessionFactory ignore invalid keys [message #1765698] |
Tue, 13 June 2017 09:41  |
Eclipse User |
|
|
|
I an subclassing JschConfigSessionFactory. In it, the overridden method getJSch does something like this:
JSch primary = super.getJSch(hc, fs);
hc being OpenSshConfig.Host and fs being FS. When this application is run on a client's machine who has a malformed key OR a key that JGit does not recognise, the following exception occurs (I changed some identifying information in the stack trace but otherwise the issue is the same):
....
Caused by: com.jcraft.jsch.JSchException: invalid privatekey: C:\Users\person\.ssh\id_rsa_bitbucket.ppk
at com.jcraft.jsch.IdentityFile.<init>(IdentityFile.java:302)
at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:135)
at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:130)
at com.jcraft.jsch.JSch.addIdentity(JSch.java:224)
at com.jcraft.jsch.JSch.addIdentity(JSch.java:210)
at org.eclipse.jgit.transport.JschConfigSessionFactory.getJSch(JschConfigSessionFactory.java:233)
at our.custom.ssh.factory.CustomSSHSessionFactory.getJSch(CustomSSHSessionFactory.java:36)
And that line was effectively the line above.
Is there a way to tell JGit to ignore invalid keys? I don't want a bad key to mess up the session, because in the context of this application, it is okay if the user has keys it cannot read. Is there some way to prevent the exception from occurring, like by ignoring bad keys and just adding any good ones? As of right now, this exception is preventing the system from working properly on any machine that has unreadable keys in the user's ssh folder.
|
|
|
|
|
Re: Have JGit JschConfigSessionFactory ignore invalid keys [message #1766084 is a reply to message #1766075] |
Thu, 15 June 2017 09:50  |
Eclipse User |
|
|
|
Arrika Darkwolfe wrote on Thu, 15 June 2017 12:46The keys are needed by other tools to my understanding... is it possible that a key that is an invalid format for JGit may be a valid format for another tool?
I'll ask if the key they are referring to is being used without a problem by another tool.
I think *.ppk files are keys in Putty format. OpenSSH cannot deal with them, and neither can Jsch, the Java ssh library used by JGit. But these keys should end up being added in JGit/Jsch only if referenced from ~/.ssh/config. That file is for OpenSSH only, and AFAIK Putty doesn't read it, so a Putty key should never be referenced there.
There are ways to convert the Putty format to OpenSSH format, for instance Puttygen can load the ppk format and export the OpenSSH format.
|
|
|
Powered by
FUDForum. Page generated in 0.03379 seconds