Maven JgitFlow plugin Authentication Fail using SSH

Question

I've clone the repository from stash using SSH and when I tried to create the feature branch using mvn jgitflow:feature-start, I'm facing the following error:

[ERROR] Failed to execute goal external.atlassian.jgitflow:jgitflow-maven-plugin:1.0-m5.1:feature-start (default-cli) on project **************: Error starting feature: Error starting feature: org.eclipse.jgit.api.errors.TransportException: ssh://URL.git: Auth fail -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal external.atlassian.jgitflow:jgitflow-maven-plugin:1.0-m5.1:feature-start (default-cli) on project **************: Error starting feature: Error starting feature: org.eclipse.jgit.api.errors.TransportException: ssh://URL.git: Auth fail
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
    at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
    at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:498)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)

I'm executing this command in Intellij terminal. I've also created new ssh-key but still getting the same error. The ticket for this issue has already created on confluence here but the ticket logs aren't same. Furthermore I have clone the repository using HTTP and execute the same command and it works, it seems like this issue is occurring due to the recent changes in git crypto. If someone observe the same behaviour please notify me or please guide me if I'm missing anything.

.There is another alternative plugin you can try" gitflow-maven-plugin" Source link: https://github.com/aleksandr-m/gitflow-maven-plugin Maven repository link: https://mvnrepository.com/artifact/com.amashchenko.maven.plugin/gitflow-maven-plugin — isuru chathuranga, Feb 19 '20 at 06:40
Two years late to the party, but - are you just missing the `enableSshAgent` option? https://bitbucket.org/atlassian/jgit-flow/wiki/goals/release-start#!enablesshagent — sparksalot, Jan 14 '21 at 12:08

Raj · Answer 1 · 2023-03-03T17:11:31.987

We use GitHub Enterprise server which got upgraded from 3.4 to 3.6 Notification : https://github.blog/2022-06-28-improving-git-protocol-security-on-github-enterprise-server/ After our GitHub Server Crypto upgrade, I got the exact same exception when try to start release. I fixed this issue by setting up GITHub authentication using id/pwd instead of SSH. Within the Maven Parent Pom file there is plugin section for jgitflow-maven-plugin. In this there is a subsection , here we can set enableSshAgent as true or false. If true then SSH keys will be used to connect GitHub. If it is false then we have to provide username and password tag so I added that like below

<username>myuser</username>
<password>mypwd</password>

Afterwards I got known host prompt which I disabled by creating a config file within ~/.ssh

cat > config
Host github.com
  IdentityFile ~/.ssh/id_ecdsa
  StrictHostKeyChecking no
  UserKnownHostsFile=/dev/null

You need to ensure, the user which is trying to connect GitHub, should have proper ssh or credentials setup. When I try with SSH keys it has not worked with RSA,Ed25519, ECDSA. We raised with GIT Hub team and they provided below solution :

Some teams are using old OpenSSH clients that downgrade their updated keys. Two methods that a team can take to ensure that their SSH keys are secure and ready for GitHub Enterprise Server 3.6 and above:

either generate new keys of the type ecdsa (this is supported in both OpenSSH and JSCH) for the impacted users — this is GitHub’s recommended approach
update the SSH clients to ones that translates the signature algorithm to rsa-sha2-512 for existing RSA keys

In my case ecdsa should have worked but it is using ssh keys from which location I was not able to determine. Hope above helps !!

Maven JgitFlow plugin Authentication Fail using SSH

1 Answers1