0

I'm trying to set up Spring Cloud Config that connects to remote Git repository using SSH but keep getting error 'Algorithm negotiation fail'. Someone suggested that I change the SSH client because Jsch 0.1.55 does not support certain kex algorithms, but JSch is used by JGit which in turns by Spring Cloud Config so it's not really an option, is it?.

I can connect to the repository just fine using HTTPS, is it really the only option for now?

Any help would be greatly appreciated.

Best regards,

James

SetNug
  • 331
  • 1
  • 2
  • 13
  • 1
    have you already tried to exchange old jsch jar with com.github.mwiede.jsch jar? There was an issue reported in https://github.com/mwiede/jsch/issues/85 but it has been fixed with jgit 5.13 – Matthias Wiedemann Jul 20 '22 at 06:34
  • Tried your suggestion using v0.2.2 & failed w/ NPE: Caused by: java.lang.NullPointerException: null at java.util.Hashtable.put(Hashtable.java:460) at com.jcraft.jsch.JSch.setConfig(JSch.java:670) – SetNug Jul 20 '22 at 11:21
  • Which jgit version is on your classpath? – Matthias Wiedemann Jul 20 '22 at 18:35
  • It's 5.12.0.202106070339-r. Tried to use v6.x but failed w/ error Parameter 0 of method defaultEnvironmentRepository in org.springframework.cloud.config.server.config.DefaultRepositoryConfiguration required a bean of type 'org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentRepositoryFactory' that could not be found. – SetNug Jul 21 '22 at 05:57
  • you need jgit at least 5.13 to get rid of the NPE, as mentioned above – Matthias Wiedemann Jul 21 '22 at 07:20
  • Tried 5.13.1.202206130422-r still failed w/ NPE. – SetNug Jul 21 '22 at 11:08
  • 1
    I guess you have a caching problem or so. I setup a blank project like I posted in the answer and the test is green. – Matthias Wiedemann Jul 21 '22 at 14:37

1 Answers1

1

You can use com.github.mwiede:jsch:0.2.2 and jgit:5.13.1.202206130422-r like in the following setup:

pom.xml

<dependencies>
        <!-- Git -->
        <dependency>
            <groupId>org.eclipse.jgit</groupId>
            <artifactId>org.eclipse.jgit</artifactId>
            <version>5.13.1.202206130422-r</version>
        </dependency>
        <dependency>
            <groupId>org.eclipse.jgit</groupId>
            <artifactId>org.eclipse.jgit.ssh.jsch</artifactId>
            <version>5.13.1.202206130422-r</version>
            <exclusions>
                <exclusion>
                    <groupId>com.jcraft</groupId>
                    <artifactId>jsch</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>com.github.mwiede</groupId>
            <artifactId>jsch</artifactId>
            <version>0.2.2</version>
        </dependency>
        <dependency>
            <groupId>org.junit.jupiter</groupId>
            <artifactId>junit-jupiter</artifactId>
            <version>RELEASE</version>
            <scope>test</scope>
        </dependency>

    </dependencies>

junit Test

@Test
void gitClone() {
    CloneCommand cloneCommand = Git.cloneRepository()
            .setURI("git@github.com:mwiede/jsch.git")
            .setDirectory(new File("target/junit/clone-test"));

    assertDoesNotThrow(cloneCommand::call).close();
}
Matthias Wiedemann
  • 1,313
  • 12
  • 22
  • Thank you for your test snippet. It runs fine, but it also runs fine with the problematic version of JGit & JSch. – SetNug Jul 22 '22 at 02:35
  • Yes, it works with problematic version of JGit & JSch as long as the kex algorithm negotiation finds a match. when ssh-rsa and ssh-dss were removed on server side, it won't work. – Matthias Wiedemann Jul 22 '22 at 10:23