Hi,
My project depends on spring-cloud-config-server-1.1.2.RELEASE.jar and it is using JGit to load Spring config files from Git.
It works very well when Git server using ssh-rsa as cipher, but when Git ssh cipher is ecdsa-sha2-nistp256, it always report the error as below,
[Request processing failed; nested exception is java.lang.IllegalStateException: Cannot clone or checkout repository] with root cause
com.jcraft.jsch.JSchException: UnknownHostKey: XXX.XXX.com. RSA key fingerprint is XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
at com.jcraft.jsch.Session.checkHost(Session.java:786) ~[jsch-0.1.50.jar:na]
at com.jcraft.jsch.Session.connect(Session.java:342) ~[jsch-0.1.50.jar:na]
at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:116) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r]
at org.eclipse.jgit.transport.SshTransport.getSession(SshTransport.java:136) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r]
at org.eclipse.jgit.transport.TransportGitSsh$SshFetchConnection.<init>(TransportGitSsh.java:262) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r]
at org.eclipse.jgit.transport.TransportGitSsh.openFetch(TransportGitSsh.java:161) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r]
at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:136) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r]
at org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:122) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r]
at org.eclipse.jgit.transport.Transport.fetch(Transport.java:1115) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r]
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:130) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r]
at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:178) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r]
at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:125) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r]
at org.springframework.cloud.config.server.environment.JGitEnvironmentRepository.cloneToBasedir(JGitEnvironmentRepository.java:282) ~[spring-cloud-config-server-1.1.2.RELEASE.jar:1.1.2.RELEASE]
I truly have the right host config in known_hosts as below and it has been verified by Git client,
XXX.XXX.com ecdsa-sha2-nistp256 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
After some research about Jsch and found the default cipher for Jsch is ssh-rsa without specified. And I am not able to find the right code to load the host cipher in
https://github.com/eclipse/jgit/blob/master/org.eclipse.jgit/src/org/eclipse/jgit/transport/OpenSshConfig.java
Would you give me some suggestion either I am wrong or JGit needs a patch?
Thanks,
-Jack
Jack Yang, Lead Technical Consultant
m:+86-180-7282-2983 | NASDAQ: PRFT | Perficient.com


|