search

mwiede / jsch

fork of the popular jsch library
Other
713 stars 132 forks source link

Auth fail for methods 'publickey' using ssh-agent #328

Open cloneit opened 1 year ago

cloneit commented 1 year ago

First of all, thank you maintaining this library.

I was facing Auth fail issue with Jsch 0.1.55 version. I recently saw this forked repository and tried to use the forked version of this Jsch version: 0.2.8. I am running on java_v11_oracle_runtime:0.18.1.

I am getting failure while running this for cloning a git repo using ssh-agent:

Auth fail for methods 'publickey' 11:32:22 at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:255) 11:32:22 at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:302) 11:32:22 at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:200)

Below is the code snippet for creating a Jsch session using ssh-agent and SSHSessionFactory:

`SshSessionFactory.setInstance(new JschConfigSessionFactory() { @Override protected void configure(Host host, Session session) { session.setConfig("StrictHostKeyChecking", "false"); }

            @Override
            protected JSch createDefaultJSch(FS fs) throws JSchException
            {
                com.jcraft.jsch.SSHAgentConnector con = null;

                try
                {
                    con = new SSHAgentConnector();
                }
                catch (AgentProxyException e)
                {
                    logger.warn("Failed to init SSH Agent Proxy: ", e);
                }

                if (con == null || cmdLine.hasOption("usePrivateKey"))
                {
                    return super.createDefaultJSch(fs);
                }
                else
                {
                    final JSch jsch = new JSch();
                    JSch.setConfig("PreferredAuthentications", "publickey");
                    IdentityRepository irepo = new AgentIdentityRepository(con);
                    jsch.setIdentityRepository(irepo);
                    return jsch;
                }
            }
        });
        `

Would appreciate if you can help on this?

Thanks, Ramesh

norrisjeremy commented 1 year ago

Hi @cloneit,

  1. Do you have an SSH agent running and preloaded with an SSH key authorized by the server to which you are connecting?
  2. Have you tried enabling logging in JSch to get more detailed information?

Thanks, Jeremy

cloneit commented 1 year ago

Hi @norrisjeremy ,

Yes. SSH-agent are running and keys are pre-loaded. Below are the logs from the machine:

[ssh-agent] Looking for ssh-agent implementation... [ssh-agent] Exec ssh-agent (binary ssh-agent on a remote machine) Running ssh-add Identity added: *** [ssh-agent] Started.

norrisjeremy commented 1 year ago

Hi @cloneit,

I'm not sure then. You have supplied very little information that we can use to assist you. All I can say is that the error message Auth fail for methods 'publickey' means that the authentication to the server failed, which would indicate that the ssh-agent lacked a key that is authorized by the server to which you are connected.

Thanks, Jeremy

cloneit commented 1 year ago

Hi @norrisjeremy ,

I can see both public and private keys getting pre-loaded in the logs. It is working with 0.1.55 version and Java version 8.

Now we are on Java v11 and using below lib versions.

Tried the workaround following these threads: https://github.com/mwiede/jsch/issues/85 and https://github.com/mwiede/jsch/issues/65

Added JunitSocketFactory lib as we are on Java11 and UnixDomainSocketFactory is available on Java v16+.

is it something missing from the implementation(code-snippet shared above)?

           `<dependency>
        <groupId>com.github.mwiede</groupId>
        <artifactId>jsch</artifactId>
        <version>0.2.8</version>
     </dependency>`

            `<dependency>
        <groupId>com.kohlschutter.junixsocket</groupId>
        <artifactId>junixsocket-core</artifactId>
        <version>2.6.2</version>
        <type>pom</type>
            </dependency>`

            `<dependency>
        <groupId>org.eclipse.jgit</groupId>
        <artifactId>org.eclipse.jgit</artifactId>
        <version>5.3.2.201906051522-r</version>
    </dependency>`
cloneit commented 1 year ago

Hi @norrisjeremy ,

Did you got chance to look at my above reply?

Thanks, Ramesh

norrisjeremy commented 1 year ago

Hi @cloneit,

Based upon the limited information you have provided (as you still haven't enabled logging in JSch), we can only conclude that the issue you are having is one of the following:

  1. The SSH agent you are attempting to use with JSch isn't actually loaded with a private key that is authorized on the server you are contacting as you believe.
  2. Or JSch isn't actually using the the SSH agent as you believe.

Additionally, you appear to be using an old version of JGit (5.3.2.201906051522) that was released almost four years ago instead of a more recent release, so it's quite possible that you are simply encountering some sort of issue in JGit.

Thanks, Jeremy