USERAUTH fail with private key file for Github and Spring cloud config

Question

I tried to use the method for using private key (that has passphrase and is added to ssh-agent from file) (according to this stack post):

spring:
  cloud:
    config:
      server:
        git:
          uri: git@github.com-forApp:myorg/myrepo.git
          search-paths: '{application}'
          clone-on-start: true
          private_key_file: ~/.ssh/id_rsa

but I keep getting

org.eclipse.jgit.api.errors.TransportException: git@github.com:myorg/myrepo.git: USERAUTH fail

Do I have to do it exactly as doc says with pasting the key into config file or can one just point to the key file somehow?

EDIT

Actually it turns out that the private_key_file is not needed at all or ignored by Spring. But you need the ~/.ssh/config section pointing to private key to use:

Host github.com-forApp # used in spring uri 
       HostName github.com
       User git
       IdentityFile ~/.ssh/gitHubKey

@BurakAkyıldız yes, eg when I use git it uses my ssh key no login/pass needed — mCs, May 14 '19 at 20:42

Imran · Accepted Answer · 2020-04-30T08:40:07.807

6

I was able to replicate your behavior and resolved it with following. Let me know your thoughts.

USERAUTH fail is happening because you are not providing the passphrase for the RSA private key.(password for Basic Auth and passphrase for ssh private key)

spring:
  cloud:
    config:
      server:
        git:
          uri: git@github.com:myorg/myrepo.git
          search-paths: '{application}'
          clone-on-start: true
          passphrase: myprivatekeypassword

By default ~/.ssh/id_rsa is sent during GIT SSH Authentication(Test with command ssh -vT git@github.com. You don't need to specify it in configuration. Also, I am not sure whether private_key_file works or not, since I don't see any official documentation for it.

If you have different named RSA file under .ssh then I would advise to create config file under ~/.ssh/config with github host details and identify file.

Here is one example.

Host github.com
    IdentityFile ~/.ssh/mygitid_rsa

Check this stack answer for more details which desired the configuration providing private key file path within config.

edited Apr 30 '20 at 08:40

answered May 15 '19 at 00:16

Imran

5,542
3
23
46

It was all about adding `passphrase` not it works even with `private_key_file` which is also present in the answer you linked. It works regardless if it is added to `ssh-agent` or not. Only while addng changes to config repo it asks for the passphrase – mCs May 15 '19 at 12:51
@mCs correct. adding it to ssh-agent doesn't matter since JGit library underlying is not referring it. – Imran May 15 '19 at 12:59
Actually it turns out that the `private_key_file` is not needed at all or ignored by Spring. But you need the `~/.ssh/config` section pointing to private key to use as in my question – mCs May 28 '19 at 08:49
@mCs yes. the stack answer I shared as well was desiring the feature but it's not supported yet!. – Imran May 28 '19 at 13:48

USERAUTH fail with private key file for Github and Spring cloud config

1 Answers1

Linked