Warning message in JGit for pull and push [message #1839738] |
Fri, 26 March 2021 19:50 |
Yulian Yulian Messages: 13 Registered: February 2021 |
Junior Member |
|
|
Hello everybody,
I am using JGit library "org.eclipse.jgit.ssh.apache", version: '5.10.0.202012080955-r', Java 11 and I am getting an warning message in the pull and push step:
2021-03-26 11:39:26.729 WARN --- [sshd-JGitSshClient[4d9ba686]-nio2-thread-4] o.e.j.i.t.s.GssApiWithMicAuthentication - GSS-API error for mechanism OID 1.2.840.113554.1.2.2
org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at java.security.jgss/sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:162)
at java.security.jgss/sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:126)
at java.security.jgss/sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:193)
at java.security.jgss/sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:218)
Even on the other machines I run the same WS that do the actions on GIT through JGit library with the same ssh keys and it's working.
Does anybody have any idea?
Thank you in advance!
Beast regards,
[Updated on: Fri, 26 March 2021 20:24] Report message to a moderator
|
|
|
|
|
|
|
Re: Warning message in JGit for pull and push [message #1839803 is a reply to message #1839786] |
Mon, 29 March 2021 10:20 |
Yulian Yulian Messages: 13 Registered: February 2021 |
Junior Member |
|
|
Thomas Wolf wrote on Mon, 22 February 2021 21:14Yes, it is. Take a look at the SshdSessionFactoryBuilder. It has a number of hooks you can use. Skipping GSSAPI (Kerberos) would be setPreferredAuthentications("publickey,keyboard-interactive,password"). StrictHostKeyChecking can be changed for instance by adding a ServerKeyDatabase via setServerKeyDatabase(). For instance one that always returns true in its accept() method to switch off host key checking altogether. Setting a particular ssh key could be done for instance by switching off handling of ~/.ssh/config (setConfigStoreFactory((h, f, u) -> null)) and defining the key to use via setDefaultIdentities().
Or you could work with a custom ConfigStoreFactory installed via setConfigStoreFactory(), which could return a SshConfigStore that returned a HostEntry with StrictHostKeyChecking=no and IdentityFile=<whatever> and PreferredAuthentications=...
There are really multiple ways to customize this. You may find some of the tests in bundle org.eclipse.jgit.ssh.apache.test interesting, in particular, there are two tests that show how to configure this so that it doesn't use any on-disk files and a pre-defined key.
BTW: depending on what your application does or how it is structured, it may not be necessary to create a new SshSessionFactory in a TransportConfigCallback on each git command. Maybe it is sufficient to just define the SshSessionFactory once and then set it globally via SshSessionFactory.setInstance(). That is what EGit does. Might be possible in your case, too. With a custom ConfigStoreFactory you should be able to configure individual connections as if the config was done in a ~/.ssh/config file, but without actually using such a file, and without having to create new session factories all the time.
Something is un clear for me....
After I did these changes:
SshdSessionFactoryBuilder sshdSessionFactoryBuilder = new SshdSessionFactoryBuilder();
sshdSessionFactoryBuilder.setPreferredAuthentications("publickey,keyboard-interactive,password");
sshdSessionFactoryBuilder.setHomeDirectory(FS.detect().userHome());
sshdSessionFactoryBuilder.setSshDirectory(FS.detect().userHome());
SshSessionFactory.setInstance(sshdSessionFactoryBuilder.build(new JGitKeyCache()));
I receive this error:
Caused by: org.apache.sshd.common.SshException: Server key did not validate
at org.eclipse.jgit.internal.transport.sshd.JGitClientSession.checkKeys(JGitClientSession.java:344)
at org.apache.sshd.common.session.helpers.AbstractSession.handleKexMessage(AbstractSession.java:578)
at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:464)
Without the previous changes (I have only this line: SshSessionFactory.setInstance(new SshdSessionFactory()); ) I receive this warning:
2021-03-29 11:22:57.463 INFO --- [scheduling-1] o.a.s.c.u.s.e.EdDSASecurityProviderRegistrar - getOrCreateProvider(EdDSA) created instance of net.i2p.crypto.eddsa.EdDSASecurityProvider
2021-03-29 11:22:57.611 INFO --- [scheduling-1] o.a.s.c.i.DefaultIoServiceFactoryFactory - No detected/configured IoServiceFactoryFactory using Nio2ServiceFactoryFactory
2021-03-29 11:23:04.835 WARN --- [sshd-JGitSshClient[656b5146]-nio2-thread-1] o.e.j.i.t.s.GssApiWithMicAuthentication - GSS-API error for mechanism OID 1.2.840.113554.1.2.2
org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at java.security.jgss/sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:162)
at java.security.jgss/sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:126)
at java.security.jgss/sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:193)
at java.security.jgss/sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:218)
at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230)
at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:196)
at org.eclipse.jgit.internal.transport.sshd.GssApiWithMicAuthentication.sendToken(GssApiWithMicAuthentication.java:183)
To be frankly I don't know how exactly does it work for the second scenario (which ssh key use for pull and push).
Also for the first scenario the format of the key is invalid? What is the supported ssh key? How I can generat to be a valid one?
Sorry for duplication :)
|
|
|
|
|
Powered by
FUDForum. Page generated in 0.03984 seconds