3
  • Windows 10 Pro x64
  • JDK 11.0.6
  • spring-cloud-config-server 2.2.2.RELEASE

I'm setting up Spring Cloud Config server. Works fine with a file system backend. Works fine with a https / basic auth github backend. Now I'm trying to set it up for SSH so I don't have to put my username and password in the config file.

It's my understanding that Spring Cloud Config / jgit will use all the default SSH settings, correct? I have done the following:

  1. ssh-keygen -m PEM -t rsa -b 4096 -C "xxx@xxx.net" -- took all the default files and NO passphrase. files got created in C:\Users\xxx.ssh.
  2. opened c:\users\xxx.ssh\id_rsa.pub, selected all, c&p to github
  3. ran git clone git@github.com:xxx/Config.git, copied SHA256 fingerprint into yes/no/fingerprint prompt, clone was successful
  4. edited known_hosts and removed IP, so now it just reads github.com ssh-rsa AAAA...

  5. application.properties:

    spring.cloud.config.server.git.uri=git@github.com:xxx/Config.git

    spring.cloud.config.server.git.clone-on-start=true

    spring.cloud.config.server.git.strict-host-key-checking=false

    spring.cloud.config.server.git.skip-ssl-validation=true

This results in:

Caused by: com.jcraft.jsch.JSchException: Auth fail
    at com.jcraft.jsch.Session.connect(Session.java:519) ~[jsch-0.1.54.jar:na]
    at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:146) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar:5.1.3.201810200350-r]
    ... 31 common frames omitted

Why am I getting an Auth fail?

SledgeHammer
  • 7,338
  • 6
  • 41
  • 86
  • I have seen https://github.com/spring-cloud/spring-cloud-config/issues/1603... which redirects here! – VonC May 03 '20 at 19:39
  • If anyone still looking at this issue and you're sure it is related to SSH key format (like [this](https://github.com/spring-cloud/spring-cloud-config/issues/1251#issuecomment-901097861)) then one possible solution would be to use *spring-cloud-config-server* version 3.1.0 or newer. They updated the problematic JGit version 5.1.3 to 5.12.0 in this [commit](https://github.com/spring-cloud/spring-cloud-config/commit/8d8451b694f22cebb64781b412fa78c45da0db97#diff-033c69ea9fcdbc0b950d10a7017bd2bf4101837217fe074f111b45467718883a) so that Config Server can properly use OpenSSH-formatted keys as well. – emrekgn Aug 18 '21 at 16:59

1 Answers1

3

One possible reason would be the server running as Admin instead of your regular User account, which means it would not find %USERPROFILE%\id_rsa.

The OP SledgeHammer confirms in the comments:

Jgit works against HOMEDRIVE and HOMEPATH on Windows.
My company remaps those to a P: drive (although it doesn't remap USERPROFILE).
And the openssh tools (and git itself) works against USERPROFILE.

That means Jsch will need .ssh in P:\

Another reason would be the format of the private key (try with a private key generated using the old OpenSSH format, for testing)

Finally, double-check the URI used

After investigating the jgit API, I've worked out the problem.
The URI in the Spring Cloud Config documentation is incorrect. The documentation lists the format to be

git@host:port/repo1.git

It should instead be

ssh://git@host:port/repo1.git

So in my case, it worked once I changed it to ssh://git@mygit:2222/secops/secrets.git

(you don't need the port 2222, just to use '/' instead of ':')

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • @SledgeHammer Good catch. I have updated the answer and included your comment for more visibility. I'll leave the answer there, as it could help others with the same issue. – VonC May 03 '20 at 21:10