Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jgit-dev] SSH Gerrit key with JGit

On Tue, Dec 20, 2011 at 03:47, Itzack <itzack@xxxxxxxxx> wrote:
> So I ran into a weird problem these days. I have an app that uses Jgit high
> level API to perform GIT commands. Recently Gerrit has also come into play
> and with it the need to register the public SSH key, which is all fine. The
> problem arises if I start the application without any key generated in my
> .ssh directory. As expected an exception is thrown which is correctly
> treated informing me I have to generate the key and register on Gerrit. I
> also have a Retry button in this window, meaning the application does not
> close when this happens. So, if I create the key and register it on Gerrit
> and then hit "Retry" I still get an Auth fail exception. But if I do close
> the app and simply start again it works like a charm.
> My guess is that the SSH session used in the first try to clone the repo is
> the same being used on subsequent tries and therefore it has not refreshed
> the status of the private/public key pair. I think I even managed to confirm
> this by checking the SSHSessionFactory before and after. So my question is,
> is there a way to tell JGit to refresh the JSch session for it to retrieve
> the new key generated? Or am I completely out of line and the problem is
> something else entirely?

I think the issue here is the SSH data is cached in memory, and
doesn't get refreshed from disk. So creating a key after the initial
scan is never seen until a process restart, because nothing told the
SSH code to go look at ~/.ssh again. There are 3 changes that might be
relevant here:

This change tries the SSH connection again if there was an
authentication failure, such as when passwords are cached in memory
and no longer valid. I wonder if it would have any impact with the
~/.ssh directory contents. It may make sense to add a refresh of the
~/.ssh directory into this code path during a second attempt.

These two handle using the system SSH configuration file, and might
also have an impact on refreshing:

Back to the top