In today’s Java project, when using the jgit library to pull the remote code with SSH protocol, we encountered a lot of errors and stepped on a lot of holes to solve the problem. I’d like to record it here to help you
first of all, let’s talk about the use environment:
-
- there is no problem for the code to run on the Linux server. You can use SSH to pull the code. The local MacBook can pull code with SSH, but not with java code
Problem solving
-
-
-
- code error:
com.jcraft.jsch.jschexception: algorithm negotiation failure
-
-
-
-
- this means that the algorithm negotiation fails, and SSH communication protocol has a stage of secret agreement and algorithm negotiation, in which both parties negotiate the final algorithm according to the algorithm supported by the local end and the opposite end. Different versions of openssh have different default algorithm lists, which may lead to the failure of algorithm negotiation. Use SSH – version to view the current openssh version
-
$ ssh -Version
OpenSSH_7.9p1, LibreSSL 2.7.3
View_ Protocol used in RSA private key file header
-----BEGIN OPENSSH PRIVATE KEY-----
Use SSH keygen - M PEM - t RSA
to generate old format keys
-----BEGIN RSA PRIVATE KEY-----
When configuring the newly generated public key of SSH in gitlab repository settings in Git clone repository, specify the SSH private key file
private String private_key = "/Users/wang/.ssh/y";
SshSessionFactory sshSessionFactory = new JschConfigSessionFactory() {
@Override
protected void configure(OpenSshConfig.Host host, Session session) {
session.setConfig("StrictHostKeyChecking", "no");
}
@Override
protected JSch createDefaultJSch(FS fs) throws JSchException {
JSch sch = super.createDefaultJSch(fs);
sch.addIdentity(private_key);
return sch;
}
};
Git git = Git.cloneRepository()
.setURI(gitUrl)
.setTransportConfigCallback(transport -> {
SshTransport sshTransport = (SshTransport) transport;
sshTransport.setSshSessionFactory(sshSessionFactory);
})
.setCredentialsProvider(new UsernamePasswordCredentialsProvider(username, password))
.setDirectory(new File(codePath))
.setBranch(commitId)
.call();
checkoutBranch(git, commitId);
return git;
Other issues
-
-
- an error is reported when jsch connects to SSH: the invalid private key reports an error in the private key file that uses
-
--- begin open private key -----
-
-
- protocol by default. Just use the above method to generate the old RSA private key. In
-
/etc/SSH/sshd_ Add the following two lines to the config
-
-
- file to enable SSH to support corresponding algorithms and Macs
-
KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
MACs [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,[email protected],hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
Restart sshd service on MAC
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist
Stop sshd service on MAC
sudo launchctl unload -w /System/Library/LaunchDaemons/ssh.plist
How to check whether a process is started
sudo launchctl list | grep sshd
0 com.openssh.sshd
Read More:
- Centos8 solves SSH secure shell error algorithmic negotiation failures
- Solution of idea using @ Autowired annotation to report errors
- The solution of using Autowired annotation to report errors in IntelliJ idea
- Clion configuration MingGW report error test cmake run with errors solution
- Using Lombok to compile and report errors
- Using JSON to report errors
- CentOS uses Yum install to report errors
- Solve Putty error “Couldn’t agree a key exchange algorithm”
- Node.js Using port 80 to report errors in Linux
- Using jsoup to parse web pages and report null errors
- Elememt UI introduces components on demand to report errors
- soap security negotiation failed
- Running Django manager.py report errors Error:111 connecting to 127.0.0.1:6379.connection refused
- Solution to failure of SSL configuration in synergy
- solve java.net.ConnectException : Connection refused:connect report errors
- New Maven project– pom.xml report errors
- SELinux solution to Apache SSL failure
- Solution to the problem of failure to elect leaders when offline service is reported in Nacos
- Solution to the failure of ROS noetic initialization (rosdep init)
- Solution to the failure of springboot integrated PageHelper