10

I'm using jgit to access a repository in GitHub securely. I did the following to generate keys for secure communication between GitHub and my client code.

  1. Generated the key pair:

    ssh-keygen -t rsa

  2. Added the public key to GitHub account with Account Settings -> SSH keys -> add SSH key

  3. Added the private key generated in step 1 to the local host with: 

    ssh-add id_rsa

After doing this, when I try to access GitHub and make a clone, I still get the following error:

org.eclipse.jgit.api.errors.TransportException: git@github.com:test/test_repo.git: UnknownHostKey: github.com. RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:137)
at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:178)
at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:125)

This is the code that I used:

    String localPath, remotePath;
    Repository localRepo;
    Git git;

    localPath = <path_to_local_repository>;
    remotePath = "git@github.com:test/test_repo.git";

    try {
        localRepo = new FileRepository(localPath + "/.git");
    } catch (IOException e) {
        e.printStackTrace();
    }
    git = new Git(localRepo);

    CloneCommand cloneCmd =  git.cloneRepository().
                setURI(remotePath).
                setDirectory(new File(localPath));
        try {
            cloneCmd.call();
        } catch (GitAPIException e) {
            log.error("git clone operation failed");
            e.printStackTrace();
        }

Kindly let me know the issue here and what should I do to rectify it.

Thanks.

Izza
  • 2,389
  • 8
  • 38
  • 60

2 Answers2

22

It happens because you have no entry for github in ~/.ssh/known_hosts, and JSch used in jgit defaults to rejecting session in this case. Refer to this question for solutions: com.jcraft.jsch.JSchException: UnknownHostKey

To set the ssh session property, you need to create a session factory for jgit:

SshSessionFactory.setInstance(new JschConfigSessionFactory() {
  public void configure(Host hc, Session session) {
    session.setConfig("StrictHostKeyChecking", "no");
  }
})

or add StrictHostKeyChecking=no to ~/.ssh/config

Evan Knowles
  • 7,426
  • 2
  • 37
  • 71
Denis Tulskiy
  • 19,012
  • 6
  • 50
  • 68
  • 2
    I do have an entry and still getting the same error, I used StrictHostKeyChecking = no as a workaround but don't want to leave my code vulnerable to attacks. Any thoughts? – victor hugo Dec 14 '16 at 16:14
  • Got over this issue by adding a config file under ~/.ssh with 2 lines Host * and StrictHostKeyChecking no – Upen Dec 20 '19 at 19:18
4

As this thread is first result to :

com.jcraft.jsch.JSchException: UnknownHostKey: gitservername. RSA key fingerprint"

and the only answer, if the problem persists, is to disable StrictHostKeyChecking, which is not acceptable for security purposes.

If the problem persists, you should have a look to this answer from another thread :

https://stackoverflow.com/a/44777270/13184312

What solved the persisting problem is : 

ssh-keyscan -H -t rsa gitservername >> ~/.ssh/known_hosts
Pelsce
  • 53
  • 5