Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » EGit / JGit » Warning message in JGit for pull and push(Warning in JGit No valid credentials )
Warning message in JGit for pull and push [message #1839738] Fri, 26 March 2021 19:50 Go to next message
Yulian Yulian is currently offline Yulian YulianFriend
Messages: 13
Registered: February 2021
Junior Member
Hello everybody,

I am using JGit library "org.eclipse.jgit.ssh.apache", version: '5.10.0.202012080955-r', Java 11 and I am getting an warning message in the pull and push step:

2021-03-26 11:39:26.729 WARN --- [sshd-JGitSshClient[4d9ba686]-nio2-thread-4] o.e.j.i.t.s.GssApiWithMicAuthentication - GSS-API error for mechanism OID 1.2.840.113554.1.2.2
org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at java.security.jgss/sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:162)
at java.security.jgss/sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:126)
at java.security.jgss/sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:193)
at java.security.jgss/sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:218)


Even on the other machines I run the same WS that do the actions on GIT through JGit library with the same ssh keys and it's working.

Does anybody have any idea?

Thank you in advance!
Beast regards,

[Updated on: Fri, 26 March 2021 20:24]

Report message to a moderator

Re: Warning message in JGit for pull and push [message #1839760 is a reply to message #1839738] Sat, 27 March 2021 16:17 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 363
Registered: August 2016
Senior Member
Looks like on that machine there is a partial Kerberos configuration.
Re: Warning message in JGit for pull and push [message #1839762 is a reply to message #1839760] Sat, 27 March 2021 20:01 Go to previous messageGo to next message
Yulian Yulian is currently offline Yulian YulianFriend
Messages: 13
Registered: February 2021
Junior Member
Thank you for your answer!

How do I do a proper Kerberos configuration?
NOTE: On that machine that I did receive any error, I didn't do any kerberose configuration, also nothing special than the other one.

[Updated on: Sat, 27 March 2021 20:04]

Report message to a moderator

Re: Warning message in JGit for pull and push [message #1839769 is a reply to message #1839762] Sun, 28 March 2021 08:21 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 363
Registered: August 2016
Senior Member
I don't know; I don't have any Kerberos setup. You'd have to search yourself.

But probably we should just remove that warning. As a work-around, you could explicitly remove the gssapi-with-mic from the authentication methods.
Re: Warning message in JGit for pull and push [message #1839786 is a reply to message #1839769] Sun, 28 March 2021 19:33 Go to previous messageGo to next message
Yulian Yulian is currently offline Yulian YulianFriend
Messages: 13
Registered: February 2021
Junior Member
Ok, thank you.
I will do my own research about Kerberos setup.
Re: Warning message in JGit for pull and push [message #1839803 is a reply to message #1839786] Mon, 29 March 2021 10:20 Go to previous messageGo to next message
Yulian Yulian is currently offline Yulian YulianFriend
Messages: 13
Registered: February 2021
Junior Member
Thomas Wolf wrote on Mon, 22 February 2021 21:14
Yes, it is. Take a look at the SshdSessionFactoryBuilder. It has a number of hooks you can use. Skipping GSSAPI (Kerberos) would be setPreferredAuthentications("publickey,keyboard-interactive,password"). StrictHostKeyChecking can be changed for instance by adding a ServerKeyDatabase via setServerKeyDatabase(). For instance one that always returns true in its accept() method to switch off host key checking altogether. Setting a particular ssh key could be done for instance by switching off handling of ~/.ssh/config (setConfigStoreFactory((h, f, u) -> null)) and defining the key to use via setDefaultIdentities().

Or you could work with a custom ConfigStoreFactory installed via setConfigStoreFactory(), which could return a SshConfigStore that returned a HostEntry with StrictHostKeyChecking=no and IdentityFile=<whatever> and PreferredAuthentications=...

There are really multiple ways to customize this. You may find some of the tests in bundle org.eclipse.jgit.ssh.apache.test interesting, in particular, there are two tests that show how to configure this so that it doesn't use any on-disk files and a pre-defined key.

BTW: depending on what your application does or how it is structured, it may not be necessary to create a new SshSessionFactory in a TransportConfigCallback on each git command. Maybe it is sufficient to just define the SshSessionFactory once and then set it globally via SshSessionFactory.setInstance(). That is what EGit does. Might be possible in your case, too. With a custom ConfigStoreFactory you should be able to configure individual connections as if the config was done in a ~/.ssh/config file, but without actually using such a file, and without having to create new session factories all the time.


Something is un clear for me....
After I did these changes:

SshdSessionFactoryBuilder sshdSessionFactoryBuilder = new SshdSessionFactoryBuilder();
sshdSessionFactoryBuilder.setPreferredAuthentications("publickey,keyboard-interactive,password");
sshdSessionFactoryBuilder.setHomeDirectory(FS.detect().userHome());
sshdSessionFactoryBuilder.setSshDirectory(FS.detect().userHome());
SshSessionFactory.setInstance(sshdSessionFactoryBuilder.build(new JGitKeyCache()));


I receive this error:
Caused by: org.apache.sshd.common.SshException: Server key did not validate
at org.eclipse.jgit.internal.transport.sshd.JGitClientSession.checkKeys(JGitClientSession.java:344)
at org.apache.sshd.common.session.helpers.AbstractSession.handleKexMessage(AbstractSession.java:578)
at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:464)

Without the previous changes (I have only this line: SshSessionFactory.setInstance(new SshdSessionFactory()); ) I receive this warning:

2021-03-29 11:22:57.463 INFO --- [scheduling-1] o.a.s.c.u.s.e.EdDSASecurityProviderRegistrar - getOrCreateProvider(EdDSA) created instance of net.i2p.crypto.eddsa.EdDSASecurityProvider
2021-03-29 11:22:57.611 INFO --- [scheduling-1] o.a.s.c.i.DefaultIoServiceFactoryFactory - No detected/configured IoServiceFactoryFactory using Nio2ServiceFactoryFactory
2021-03-29 11:23:04.835 WARN --- [sshd-JGitSshClient[656b5146]-nio2-thread-1] o.e.j.i.t.s.GssApiWithMicAuthentication - GSS-API error for mechanism OID 1.2.840.113554.1.2.2
org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at java.security.jgss/sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:162)
at java.security.jgss/sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:126)
at java.security.jgss/sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:193)
at java.security.jgss/sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:218)
at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230)
at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:196)
at org.eclipse.jgit.internal.transport.sshd.GssApiWithMicAuthentication.sendToken(GssApiWithMicAuthentication.java:183)

To be frankly I don't know how exactly does it work for the second scenario (which ssh key use for pull and push).
Also for the first scenario the format of the key is invalid? What is the supported ssh key? How I can generat to be a valid one?

Sorry for duplication :)
Re: Warning message in JGit for pull and push [message #1839971 is a reply to message #1839803] Fri, 02 April 2021 12:34 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 363
Registered: August 2016
Senior Member
I can't make sense of the first stack trace. JGitClientSession.java:344 is somewhere else; the checkKeys() method throwing that exception is at org.apache.sshd.client.session.AbstractClientSession:583.

Having the .ssh directory the same as the user home is a bit strange.

Do you pass a CredentialsProvider on SshdSessionFactory.getSession()? The default "known hosts" file handler would probably not find an existing known_hosts file and then would like to ask the user (a) whether to accept the host key, and (b) whether to create a new "known_hosts" file. But if no CredentialsProvider is given, it cannot ask, and will thus reject the host key.
Re: Warning message in JGit for pull and push [message #1840292 is a reply to message #1839971] Sun, 11 April 2021 19:09 Go to previous message
Yulian Yulian is currently offline Yulian YulianFriend
Messages: 13
Registered: February 2021
Junior Member
Hi Thomas,

Yes, you are right, I didn't pass the correct value for HomeDirectory and SSHDirectory.
That is how I fixed that problem.
Previous Topic:Unable to create SshSessionFactory on versions > 5 JGit
Next Topic:Overriding Git config file without a file based config
Goto Forum:
  


Current Time: Sun Jun 13 12:26:32 GMT 2021

Powered by FUDForum. Page generated in 0.01700 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top