Spring Cloud / Jgit / Github failing with SSH

Question

• Windows 10 Pro x64
• JDK 11.0.6
• spring-cloud-config-server 2.2.2.RELEASE

I'm setting up Spring Cloud Config server. Works fine with a file system backend. Works fine with a https / basic auth github backend. Now I'm trying to set it up for SSH so I don't have to put my username and password in the config file.

It's my understanding that Spring Cloud Config / jgit will use all the default SSH settings, correct? I have done the following:

1. ssh-keygen -m PEM -t rsa -b 4096 -C "[email protected]" -- took all the default files and NO passphrase. files got created in C:\Users\xxx.ssh.
2. opened c:\users\xxx.ssh\id_rsa.pub, selected all, c&p to github
3. ran git clone [email protected]:xxx/Config.git, copied SHA256 fingerprint into yes/no/fingerprint prompt, clone was successful
4. edited known_hosts and removed IP, so now it just reads github.com ssh-rsa AAAA...

5. application.properties:

   [email protected]:xxx/Config.git

   spring.cloud.config.server.git.clone-on-start=true

   spring.cloud.config.server.git.strict-host-key-checking=false

   spring.cloud.config.server.git.skip-ssl-validation=true

This results in:

Caused by: com.jcraft.jsch.JSchException: Auth fail
    at com.jcraft.jsch.Session.connect(Session.java:519) ~[jsch-0.1.54.jar:na]
    at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:146) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar:5.1.3.201810200350-r]
    ... 31 common frames omitted

Why am I getting an Auth fail?

Answer 1

One possible reason would be the server running as Admin instead of your regular User account, which means it would not find %USERPROFILE%\id_rsa.

The OP SledgeHammer confirms in the comments:

Jgit works against HOMEDRIVE and HOMEPATH on Windows.
My company remaps those to a P: drive (although it doesn't remap USERPROFILE).
And the openssh tools (and git itself) works against USERPROFILE.

That means Jsch will need .ssh in P:\

---

Another reason would be the format of the private key (try with a private key generated using the old OpenSSH format, for testing)

Finally, double-check the URI used

After investigating the jgit API, I've worked out the problem.
The URI in the Spring Cloud Config documentation is incorrect. The documentation lists the format to be

git@host:port/repo1.git

It should instead be

ssh://git@host:port/repo1.git

So in my case, it worked once I changed it to ssh://git@mygit:2222/secops/secrets.git

(you don't need the port 2222, just to use '/' instead of ':')