In today’s Java project, when using the jgit library to pull the remote code with SSH protocol, we encountered a lot of errors and stepped on a lot of holes to solve the problem. I’d like to record it here to help you
first of all, let’s talk about the use environment:
-
- there is no problem for the code to run on the Linux server. You can use SSH to pull the code. The local MacBook can pull code with SSH, but not with java code
Problem solving
-
-
-
- code error:
com.jcraft.jsch.jschexception: algorithm negotiation failure
-
-
-
-
- this means that the algorithm negotiation fails, and SSH communication protocol has a stage of secret agreement and algorithm negotiation, in which both parties negotiate the final algorithm according to the algorithm supported by the local end and the opposite end. Different versions of openssh have different default algorithm lists, which may lead to the failure of algorithm negotiation. Use SSH – version to view the current openssh version
-
$ ssh -Version
OpenSSH_7.9p1, LibreSSL 2.7.3
View_ Protocol used in RSA private key file header
-----BEGIN OPENSSH PRIVATE KEY-----
Use SSH keygen - M PEM - t RSA
to generate old format keys
-----BEGIN RSA PRIVATE KEY-----
When configuring the newly generated public key of SSH in gitlab repository settings in Git clone repository, specify the SSH private key file
private String private_key = "/Users/wang/.ssh/y";
SshSessionFactory sshSessionFactory = new JschConfigSessionFactory() {
@Override
protected void configure(OpenSshConfig.Host host, Session session) {
session.setConfig("StrictHostKeyChecking", "no");
}
@Override
protected JSch createDefaultJSch(FS fs) throws JSchException {
JSch sch = super.createDefaultJSch(fs);
sch.addIdentity(private_key);
return sch;
}
};
Git git = Git.cloneRepository()
.setURI(gitUrl)
.setTransportConfigCallback(transport -> {
SshTransport sshTransport = (SshTransport) transport;
sshTransport.setSshSessionFactory(sshSessionFactory);
})
.setCredentialsProvider(new UsernamePasswordCredentialsProvider(username, password))
.setDirectory(new File(codePath))
.setBranch(commitId)
.call();
checkoutBranch(git, commitId);
return git;
Other issues
-
-
- an error is reported when jsch connects to SSH: the invalid private key reports an error in the private key file that uses
-
--- begin open private key -----
-
-
- protocol by default. Just use the above method to generate the old RSA private key. In
-
/etc/SSH/sshd_ Add the following two lines to the config
-
-
- file to enable SSH to support corresponding algorithms and Macs
-
KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
MACs [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,[email protected],hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
Restart sshd service on MAC
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist
Stop sshd service on MAC
sudo launchctl unload -w /System/Library/LaunchDaemons/ssh.plist
How to check whether a process is started
sudo launchctl list | grep sshd
0 com.openssh.sshd