|
|
|
| Re: Unable to create SshSessionFactory on versions > 5 JGit [message #1838245 is a reply to message #1838158] |
Fri, 19 February 2021 12:33   |
 Yulian Yulian
Messages: 13
Registered: February 2021 |
Junior Member |
|
|
Thank you very much for your answer and now with this implementation for TransportConfigCallback:
private static class SshTransportConfigCallback implements TransportConfigCallback {
private final SshSessionFactory sshSessionFactory = new JschConfigSessionFactory() {
@Override
protected void configure(OpenSshConfig.Host hc, Session session) {
session.setConfig("StrictHostKeyChecking", "no");
session.setConfig(
"PreferredAuthentications",
"publickey,keyboard-interactive,password");
}
@Override
protected JSch createDefaultJSch(FS fs) throws JSchException {
JSch jSch = super.createDefaultJSch(fs);
jSch.addIdentity("id_rsa");
return jSch;
}
};
@Override
public void configure(Transport transport) {
SshTransport sshTransport = (SshTransport) transport;
sshTransport.setSshSessionFactory(sshSessionFactory);
}
}
I received this error:
Caused by: java.lang.NullPointerException
at java.base/java.util.Hashtable.put(Hashtable.java:475)
at com.jcraft.jsch.JSch.setConfig(JSch.java:601)
at org.eclipse.jgit.transport.JschConfigSessionFactory.createDefaultJSch(JschConfigSessionFactory.java:401)
at com.tora.portal.client.git.GitControl$SshTransportConfigCallback$1.createDefaultJSch(GitControl.java:112)
at org.eclipse.jgit.transport.JschConfigSessionFactory.getJSch(JschConfigSessionFactory.java:361)
at org.eclipse.jgit.transport.JschConfigSessionFactory.createSession(JschConfigSessionFactory.java:317)
at org.eclipse.jgit.transport.JschConfigSessionFactory.createSession(JschConfigSessionFactory.java:184)
at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:108)
at org.eclipse.jgit.transport.SshTransport.getSession(SshTransport.java:107)
at org.eclipse.jgit.transport.TransportGitSsh$SshFetchConnection.<init>(TransportGitSsh.java:254)
... 9 more
[Updated on: Fri, 19 February 2021 12:33] Report message to a moderator |
|
|
|
|
|
|
|
|
| Re: Unable to create SshSessionFactory on versions > 5 JGit [message #1838353 is a reply to message #1838336] |
Mon, 22 February 2021 21:14 |
Thomas Wolf
Messages: 573
Registered: August 2016 |
Senior Member |
|
|
Yes, it is. Take a look at the SshdSessionFactoryBuilder. It has a number of hooks you can use. Skipping GSSAPI (Kerberos) would be setPreferredAuthentications("publickey,keyboard-interactive,password"). StrictHostKeyChecking can be changed for instance by adding a ServerKeyDatabase via setServerKeyDatabase(). For instance one that always returns true in its accept() method to switch off host key checking altogether. Setting a particular ssh key could be done for instance by switching off handling of ~/.ssh/config (setConfigStoreFactory((h, f, u) -> null)) and defining the key to use via setDefaultIdentities().
Or you could work with a custom ConfigStoreFactory installed via setConfigStoreFactory(), which could return a SshConfigStore that returned a HostEntry with StrictHostKeyChecking=no and IdentityFile=<whatever> and PreferredAuthentications=...
There are really multiple ways to customize this. You may find some of the tests in bundle org.eclipse.jgit.ssh.apache.test interesting, in particular, there are two tests that show how to configure this so that it doesn't use any on-disk files and a pre-defined key.
BTW: depending on what your application does or how it is structured, it may not be necessary to create a new SshSessionFactory in a TransportConfigCallback on each git command. Maybe it is sufficient to just define the SshSessionFactory once and then set it globally via SshSessionFactory.setInstance(). That is what EGit does. Might be possible in your case, too. With a custom ConfigStoreFactory you should be able to configure individual connections as if the config was done in a ~/.ssh/config file, but without actually using such a file, and without having to create new session factories all the time.
|
|
|
|
|
|
|
|
| Re: Unable to create SshSessionFactory on versions > 5 JGit [message #1839791 is a reply to message #1838353] |
Mon, 29 March 2021 08:26 |
Yulian Yulian
Messages: 13
Registered: February 2021 |
Junior Member |
|
|
Thomas Wolf wrote on Mon, 22 February 2021 21:14Yes, it is. Take a look at the SshdSessionFactoryBuilder. It has a number of hooks you can use. Skipping GSSAPI (Kerberos) would be setPreferredAuthentications("publickey,keyboard-interactive,password"). StrictHostKeyChecking can be changed for instance by adding a ServerKeyDatabase via setServerKeyDatabase(). For instance one that always returns true in its accept() method to switch off host key checking altogether. Setting a particular ssh key could be done for instance by switching off handling of ~/.ssh/config (setConfigStoreFactory((h, f, u) -> null)) and defining the key to use via setDefaultIdentities().
Or you could work with a custom ConfigStoreFactory installed via setConfigStoreFactory(), which could return a SshConfigStore that returned a HostEntry with StrictHostKeyChecking=no and IdentityFile=<whatever> and PreferredAuthentications=...
There are really multiple ways to customize this. You may find some of the tests in bundle org.eclipse.jgit.ssh.apache.test interesting, in particular, there are two tests that show how to configure this so that it doesn't use any on-disk files and a pre-defined key.
BTW: depending on what your application does or how it is structured, it may not be necessary to create a new SshSessionFactory in a TransportConfigCallback on each git command. Maybe it is sufficient to just define the SshSessionFactory once and then set it globally via SshSessionFactory.setInstance(). That is what EGit does. Might be possible in your case, too. With a custom ConfigStoreFactory you should be able to configure individual connections as if the config was done in a ~/.ssh/config file, but without actually using such a file, and without having to create new session factories all the time.
Something is un clear for me....
After I did these changes:
SshdSessionFactoryBuilder sshdSessionFactoryBuilder = new SshdSessionFactoryBuilder();
sshdSessionFactoryBuilder.setPreferredAuthentications("publickey,keyboard-interactive,password");
sshdSessionFactoryBuilder.setHomeDirectory(FS.detect().userHome());
sshdSessionFactoryBuilder.setSshDirectory(FS.detect().userHome());
SshSessionFactory.setInstance(sshdSessionFactoryBuilder.build(new JGitKeyCache()));
I receive this error:
Caused by: org.apache.sshd.common.SshException: Server key did not validate
at org.eclipse.jgit.internal.transport.sshd.JGitClientSession.checkKeys(JGitClientSession.java:344)
at org.apache.sshd.common.session.helpers.AbstractSession.handleKexMessage(AbstractSession.java:578)
at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:464)
Without the previous changes (I have only this line: SshSessionFactory.setInstance(new SshdSessionFactory()); ) I receive this warning:
2021-03-29 11:22:57.463 INFO --- [scheduling-1] o.a.s.c.u.s.e.EdDSASecurityProviderRegistrar - getOrCreateProvider(EdDSA) created instance of net.i2p.crypto.eddsa.EdDSASecurityProvider
2021-03-29 11:22:57.611 INFO --- [scheduling-1] o.a.s.c.i.DefaultIoServiceFactoryFactory - No detected/configured IoServiceFactoryFactory using Nio2ServiceFactoryFactory
2021-03-29 11:23:04.835 WARN --- [sshd-JGitSshClient[656b5146]-nio2-thread-1] o.e.j.i.t.s.GssApiWithMicAuthentication - GSS-API error for mechanism OID 1.2.840.113554.1.2.2
org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at java.security.jgss/sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:162)
at java.security.jgss/sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:126)
at java.security.jgss/sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:193)
at java.security.jgss/sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:218)
at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230)
at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:196)
at org.eclipse.jgit.internal.transport.sshd.GssApiWithMicAuthentication.sendToken(GssApiWithMicAuthentication.java:183)
To be frankly I don't know how exactly does it work for the second scenario (which ssh key use for pull and push).
Also for the first scenario the format of the key is invalid? What is the supported ssh key? How I can generat to be a valid one?
|
|
|
|
Powered by
FUDForum. Page generated in 0.03036 seconds
] 
Search
Help
Register
Login
Home
