JSch doesn't detect $HOME/.ssh/id_rsa public key

Question

I'm trying to authenticate to a remote Git server using JSch version 0.1.55 via JGit. Using the command-line Git authentication works fine, but via JSch, it does not. The error I'm getting is:

Caused by: org.eclipse.jgit.errors.TransportException: git@REDACTED_HOST:petter/rio.git: Auth fail
    at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:158)
    at org.eclipse.jgit.transport.SshTransport.getSession(SshTransport.java:107)
    at org.eclipse.jgit.transport.TransportGitSsh$SshPushConnection.<init>(TransportGitSsh.java:306)
    at org.eclipse.jgit.transport.TransportGitSsh.openPush(TransportGitSsh.java:143)
    at org.eclipse.jgit.transport.PushProcess.execute(PushProcess.java:127)
    at org.eclipse.jgit.transport.Transport.push(Transport.java:1335)
    at org.eclipse.jgit.api.PushCommand.call(PushCommand.java:137)
    ... 10 more
Caused by: com.jcraft.jsch.JSchException: Auth fail
    at com.jcraft.jsch.Session.connect(Session.java:519)
    at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:112)
    ... 16 more

My theory is that it's unable to find any public keys, based on the last lines of the debug log:

11:07:56.228 [main] DEBUG re.dacted - JSCH: Authentications that can continue: publickey,keyboard-interactive,password
11:07:56.228 [main] DEBUG re.dacted - JSCH: Next authentication method: publickey
11:07:56.295 [main] DEBUG re.dacted - JSCH: Disconnecting from REDACTED_HOST port 22

I think that may be caused by some weird interaction between JSch and the ssh-agent on my Mac (I'm using gpg-agent). Based on https://gist.github.com/niclasnilsson/038f20bee1bd19e970d59ba35732e262, I tried creating a .ssh/config file with the '*' entry included there, and at one point I got a different error, from the UserAuthPublic key class. However, no matter what I try, I can't seem to be getting back to that stage.

I also tried the instructions from https://dzone.com/articles/how-to-authenticate-with-jgit (ofc, without hard-coding the passphrase, which seems like a very odd thing to have to do), but no luck. It seems like it's not even getting to the point of trying to invoke any of the methods on the UserInfo.

I do get a key back from ssh-add -l. Not sure what else to do in order to try troubleshooting this. Any pointers would be highly appreciated!

Answer 1

JSch does not load any private key automatically from anywhere.

If you want to use public key authentication, you need to explicitly tell JSch what private key to use.

See Can we use JSch for SSH key-based communication?

Answer 2

Of course I found the answer shortly after posting the question. :) By debugging what the UserAuthPublicKey class was doing during authentication, I realised I had misunderstood how the UserInfo class is used. By using the following Kotlin code, I got it to read the passphrase via a terminal prompt instead:

    private val sshSessionFactory = object : JschConfigSessionFactory() {
        override fun configure(hc: OpenSshConfig.Host?, session: Session?) {
            session?.userInfo = object : UserInfo {
                override fun promptPassphrase(p0: String?) = true
                override fun getPassphrase(): String? = passphraseSupplier()
                override fun getPassword(): String? = null
                override fun promptYesNo(p0: String?) = false
                override fun showMessage(message: String?) = Unit
                override fun promptPassword(p0: String?) = false
            }
        }
    }

My misunderstanding was in what the meaning of 'promptX' and 'getX' methods is. It seems as if 'prompt' means 'do you support prompting the user for X', and that if the UserInfo implementation for 'promptX' returns true, then a following call to 'getX' should return the correct value. It would have been great with some javadocs describing this, that would have saved me several hours!