| [jgit-dev] JGit work with ecdsa-sha2-nistp256 |
|
Hi, My project depends on spring-cloud-config-server-1.1.2.RELEASE.jar and it is using JGit to load Spring config files from Git. It works very well when Git server using ssh-rsa as cipher, but when Git ssh cipher is ecdsa-sha2-nistp256, it always report the error as below, [Request processing failed; nested exception is java.lang.IllegalStateException: Cannot clone or checkout repository] with root cause com.jcraft.jsch.JSchException: UnknownHostKey: XXX.XXX.com. RSA key fingerprint is XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX at com.jcraft.jsch.Session.checkHost(Session.java:786) ~[jsch-0.1.50.jar:na] at com.jcraft.jsch.Session.connect(Session.java:342) ~[jsch-0.1.50.jar:na] at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:116) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r] at org.eclipse.jgit.transport.SshTransport.getSession(SshTransport.java:136) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r] at org.eclipse.jgit.transport.TransportGitSsh$SshFetchConnection.<init>(TransportGitSsh.java:262) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r] at org.eclipse.jgit.transport.TransportGitSsh.openFetch(TransportGitSsh.java:161) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r] at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:136) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r] at org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:122) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r] at org.eclipse.jgit.transport.Transport.fetch(Transport.java:1115) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r] at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:130) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r] at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:178) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r] at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:125) ~[org.eclipse.jgit-3.5.3.201412180710-r.jar:3.5.3.201412180710-r] at org.springframework.cloud.config.server.environment.JGitEnvironmentRepository.cloneToBasedir(JGitEnvironmentRepository.java:282) ~[spring-cloud-config-server-1.1.2.RELEASE.jar:1.1.2.RELEASE] I truly have the right host config in known_hosts as below and it has been verified by Git client, XXX.XXX.com ecdsa-sha2-nistp256 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX After some research about Jsch and found the default cipher for Jsch is ssh-rsa without specified. And I am not able to find the right code to load the host cipher in
https://github.com/eclipse/jgit/blob/master/org.eclipse.jgit/src/org/eclipse/jgit/transport/OpenSshConfig.java Would you give me some suggestion either I am wrong or JGit needs a patch? Thanks, -Jack
|
