Using jgit to report errors: the solution of algorithm negotiation failure

In today’s Java project, when using the jgit library to pull the remote code with SSH protocol, we encountered a lot of errors and stepped on a lot of holes to solve the problem. I’d like to record it here to help you
first of all, let’s talk about the use environment:

    1. there is no problem for the code to run on the Linux server. You can use SSH to pull the code. The local MacBook can pull code with SSH, but not with java code

Problem solving

        1. code error:

      com.jcraft.jsch.jschexception: algorithm negotiation failure

      1. this means that the algorithm negotiation fails, and SSH communication protocol has a stage of secret agreement and algorithm negotiation, in which both parties negotiate the final algorithm according to the algorithm supported by the local end and the opposite end. Different versions of openssh have different default algorithm lists, which may lead to the failure of algorithm negotiation. Use SSH – version to view the current openssh version
$ ssh -Version
OpenSSH_7.9p1, LibreSSL 2.7.3

View_ Protocol used in RSA private key file header


Use SSH keygen - M PEM - t RSA to generate old format keys


When configuring the newly generated public key of SSH in gitlab repository settings in Git clone repository, specify the SSH private key file

private String private_key = "/Users/wang/.ssh/y";
SshSessionFactory sshSessionFactory = new JschConfigSessionFactory() {
            protected void configure(OpenSshConfig.Host host, Session session) {
                session.setConfig("StrictHostKeyChecking", "no");

            protected JSch createDefaultJSch(FS fs) throws JSchException {
                JSch sch = super.createDefaultJSch(fs);
                return sch;

        Git git = Git.cloneRepository()
                .setTransportConfigCallback(transport -> {
                    SshTransport sshTransport = (SshTransport) transport;
                .setCredentialsProvider(new UsernamePasswordCredentialsProvider(username, password))
                .setDirectory(new File(codePath))
        checkoutBranch(git, commitId);
        return git;

Other issues

      1. an error is reported when jsch connects to SSH: the invalid private key reports an error in the private key file that uses

--- begin open private key -----

      1. protocol by default. Just use the above method to generate the old RSA private key. In

/etc/SSH/sshd_ Add the following two lines to the config

      1. file to enable SSH to support corresponding algorithms and Macs
KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

MACs [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,[email protected],hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96

Restart sshd service on MAC

sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist

Stop sshd service on MAC

sudo launchctl unload -w /System/Library/LaunchDaemons/ssh.plist

How to check whether a process is started

sudo launchctl list | grep sshd
0   com.openssh.sshd

Read More: