|
Re: ssh connection using an ECDSA key fails on second attempt (auth failed) [message #1791200 is a reply to message #1791164] |
Mon, 25 June 2018 21:49 |
Thomas Wolf Messages: 576 Registered: August 2016 |
Senior Member |
|
|
I recommend that you install EGit nightly. It works for sure in Neon, and it should work in Mars, too. EGit 4.6.1 is fairly old, and there have been many improvements since then, especially in ssh connection code. Be aware that since EGit4.9, we do consider your ~/.ssh/config file; earlier versions didn't do so properly.
If the problem then persists:
First: what's in the error log? There should be a log entry with a stack trace there, which might help us figure out what goes on. Use global menu "Windows->Show Views" to open the error log view, then find the log entry, double-click it to get more information, and post the stack trace here.
Second, EGit nightly contains additional debug tracing for the ssh library used; those traces might help us to figure out what went wrong, too. To enable those traces, go to "Preferences->General->Tracing", check the "Enable tracing" checkbox and then under "Git" enable "org.eclipse.egit.core/debug" and "org.eclipse.egit.code/debug/core/jsch". Make sure the trace goes to a file. Then re-try the operation and post the resulting trace here.
|
|
|
|
|
|
|
Re: ssh connection using an ECDSA key fails on second attempt (auth failed) [message #1791405 is a reply to message #1791164] |
Thu, 28 June 2018 19:05 |
Thomas Wolf Messages: 576 Registered: August 2016 |
Senior Member |
|
|
It's another bug in Jsch, the Java ssh implementation used by EGit/JGit. It re-uses the keys once read, but it has a bug in com.jcraft.jsch.jce.SignatureECDSA, where it clears the private key part. As a result the key can be used only once. When it later tries to re-use the same key instance again, authentication fails because the private key is all zeroes.
Unfortunately, there is no way we could fix this. :-(
One more reason to move to some other ssh implementation. See bug 520927.
Sorry, for now the upshot is: ECDSA or ed25519 just don't work.
Switching to another ssh implementation is a large effort, so don't hold your breath.
One thing you can try is to set the environment variable GIT_SSH to an external ssh executable. EGit should then use that instead of that broken Java ssh implementation.
[Updated on: Thu, 28 June 2018 19:23] Report message to a moderator
|
|
|
|
Powered by
FUDForum. Page generated in 0.03331 seconds