Re: [jgit-dev] JGit Doesn't check StrictHostKeyChecking Parameter Value

[Duft Markus <Markus.Duft@xxxxxxxxxx>]

Hi

 

The approach I use at our company for house-internal servers is (for Eclipse) an additional plugin, which overrides the JGit SshSessionFactory and replaces it with one that disables host key verification. This method is called from my plugins Activator:

 

public void disableHostVerification() {

        // force loading of the egit plugin, to activate egits ssh transport provider.

        BundleContext context = Activator.getContext();

        for (Bundle bundle : context.getBundles()) {

            if (bundle.getSymbolicName().equals("org.eclipse.egit.ui")) {

                try {

                    bundle.start(Bundle.START_TRANSIENT);

                } catch (Exception ex) {

                    printLog("failed to disable host key verification; failed to start egit bundle.");

                    ex.printStackTrace(console.outErr);

                }

            }

        }

 

        SshSessionFactory.setInstance(new AnyHostSshSessionFactory());

    }

 

The force-loading of egit is only necessary if you have it ofc (egit also sets another factory, which I want to get rid of in this case), otherwise just set the factory. I’ll attach the two other relevant files. J

 

HTH,

Markus

 

Von: jgit-dev-bounces@xxxxxxxxxxx [mailto:jgit-dev-bounces@xxxxxxxxxxx] Im Auftrag von Isuru Haththotuwa
Gesendet: Montag, 3. Dezember 2012 14:51
An: Tomasz Zarna
Cc: JGit Developers list
Betreff: Re: [jgit-dev] JGit Doesn't check StrictHostKeyChecking Parameter Value in the .ssh Folder?

 

Hi all,

I think this issue can be solved if we can specify the key and known host file manually. In JSch, we can do it as follows:

JSch jsch = new JSch();

        try {
            jsch.addIdentity(".ssh/id_rsa");
            jsch.setKnownHosts(".ssh/known_hosts");
        } catch (JSchException e) {
            e.printStackTrace(); 
        }

But, how do I make JGit use this private key file and the known hosts file? Is there a way to set the jsch object? Apart from creating a new configuration for SshSessionFactory by subclassing JschConfigSessionFactory and overriding the configure(OpenSshConfig.Host host, Session session) method, I could not find a way to do this. What I did was:

public class CustomJschConfigSessionFactory extends JschConfigSessionFactory {
    @Override
    protected void configure(OpenSshConfig.Host host, Session session) {
        session.setConfig("StrictHostKeyChecking", "yes");
    }
}

In the client class which accesses the Git repo:

jschConfigSessionFactory = new CustomJschConfigSessionFactory();

JSch jsch = new JSch();

        try {
            jsch.addIdentity(".ssh/id_rsa");
            jsch.setKnownHosts(".ssh/known_hosts");
        } catch (JSchException e) {
            e.printStackTrace(); 
        }

SshSessionFactory.setInstance(jschConfigSessionFactory);

Think this is the approach, but still there is a missing bit somewhere. I get a new exception as well now, saying 'reject HostKey'.

Any help is greatly appreciated!

On Mon, Dec 3, 2012 at 3:36 PM, Isuru Haththotuwa <isurulucky@xxxxxxxxx> wrote:

Yes, I was using 0.1.42. However, I tried with 0.1.49 now and still get the same error.

 

On Mon, Dec 3, 2012 at 3:24 PM, Tomasz Zarna <tzarna@xxxxxxxxx> wrote:

What version of JSch are you using? From the stack trace it doesn't
look like the latest 0.1.49.

Cheers

On Mon, Dec 3, 2012 at 10:16 AM, Isuru Haththotuwa <isurulucky@xxxxxxxxx> wrote:
> com.jcraft.jsch.Session.

--
Thanks and Regards,
Isuru

--
Thanks and Regards,
Isuru

         
--  
Salomon Automation GmbH - Friesachstrasse 15 - A-8114 Friesach bei Graz
Sitz der Gesellschaft: Friesach bei Graz
UID-NR:ATU28654300 - Firmenbuchnummer: 49324 K
Firmenbuchgericht: Landesgericht für Zivilrechtssachen Graz

Attachment: AnyHostKeyRepository.java
Description: AnyHostKeyRepository.java

Attachment: AnyHostSshSessionFactory.java
Description: AnyHostSshSessionFactory.java