2

I have a spring config server but i change the repository to a private one and i am trying to use a SSH authentication.

my application.yml its like this:

spring:
  cloud:
    config:
    server:
      git:
        uri: git@github.com:server/repo.git
        ignoreLocalSshSettings: true
        hostKey: githostkey
        hostKeyAlgorithm: ssh-rsa
        strictHostKeyChecking: true
        passphrase: passphrase
        privateKey : |
                    -----BEGIN RSA PRIVATE KEY-----
                    ...............................
                    -----END RSA PRIVATE KEY-----

but i get this error when the config server try to connect to the repo:

     "org.eclipse.jgit.errors.NoRemoteRepositoryException: 
     git@github.com:server/repo.git: ERROR: You're using an RSA key with SHA-1, which is 
     no longer allowed. Please use a newer client or a different key type."

spring cloud documentation here

recommend use "ssh-keygen -m PEM -t rsa -b 4096 -f ~/config_server_deploy_key.rsa" to create a key pair in the correct format and i added the public key to SSH keys in my github repo.

i check the generated key with 'ssh -i ~/.ssh/config_server_deploy_key.rsa git@github.com' and i got:

  Hi user! You've successfully authenticated, but GitHub does not provide shell 
  access.
  Connection to github.com closed.

but git expose here that SHA-1 SSH is not sopported, supporting the exception I get at first place.

i am trying to use 'ssh-keygen -m PEM -t rsa-sha2-512 -C "myemail@server.com"' to generate a valid key but i have the same issue.

anyone can give me a clue?

Juan Sanchez
  • 113
  • 1
  • 9
  • You need to get JGit to use Apache MINA instead of JSch. If you use MINA, it should just work without changes, and if you use JSch, it will definitely not. – bk2204 Mar 25 '22 at 23:17

1 Answers1

6

i resolve this issue

i get all hostkey of github this way:

ssh -vvv git@github.com

then i use:

ssh-keygen -t ecdsa -b 256 -m PEM

add the new public key to my repo and then

  uri: git@github.com:myserver/myRepo.git
      ignoreLocalSshSettings: true
      ignore-local-ssh-settings: true
      hostKey: AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
      hostKeyAlgorithm: ecdsa-sha2-nistp256
      strictHostKeyChecking: true
      passphrase: 'passphrase'
      privateKey : |
                    -----BEGIN EC PRIVATE KEY-----
                    '''''''''''''''''''''''''''''''''
                    -----END EC PRIVATE KEY-----

and with this everything worked perfectly!

Juan Sanchez
  • 113
  • 1
  • 9