与JGit一起使用密钥来安全地访问Git存储库 [英] Using Keys with JGit to Access a Git Repository Securely

问题描述

我使用 JGit 访问远程Git仓库，并且需要使用 SSH 。 JGit使用 JSch 提供安全访问。但是，我不确定如何为JGit设置密钥文件和知道主机文件。我试过的是如下。

创建 SshSessionFactory ，通过继承 JSchConfigSessionFactory ：

  public class CustomJschConfigSessionFactory extends JschConfigSessionFactory {
 @Override 
 protected void configure（OpenSshConfig.Host host，Session session）{
 session.setConfig （StrictHostKeyChecking，是）; 
 
 
 
 
 
 
 $在我访问远程Git仓库的类中，做了以下事情： 
 
 
  CustomJschConfigSessionFactory jschConfigSessionFactory = new CustomJschConfigSessionFactory（）; 
 
 JSch jsch = new JSch（）; 
尝试{
 jsch.addIdentity（。ssh / id_rsa）; 
 jsch.setKnownHosts（。ssh / known_hosts）; 
} catch（JSchException e）{
 e.printStackTrace（）; 
} 
 SshSessionFactory.setInstance（jschConfigSessionFactory）; 
  
我不知道如何将此JSch对象与JGit关联，以便它可以成功连接到远程存储库。当我尝试用JGit克隆它时，我得到以下异常：
 
 $ b 
  org.eclipse。 jgit.api.errors.TransportException：git@git.test.com：abc.org/test_repo.git：拒绝HostKey：git.test.com 
在org.eclipse.jgit.api.FetchCommand.call（FetchCommand .java：137）
 at org.eclipse.jgit.api.CloneCommand.fetch（CloneCommand.java:178）
 at org.eclipse.jgit.api.CloneCommand.call（CloneCommand.java:125 ）
 at GitTest.cloneRepo（GitTest.java:109）
 at GitTest.main（GitTest.java:223）
 at sun.reflect.NativeMethodAccessorImpl.invoke0（Native Method）
在sun.reflect.NativeMethodAccessorImpl.invoke（NativeMethodAccessorImpl.java:39）
 at sun.reflect.DelegatingMethodAccessorImpl.invoke（DelegatingMethodAccessorImpl.java:25）
 at java.lang.reflect.Method.invoke（ Method.java:597）
 at com.intellij.rt.execution.application.AppMain.main（AppMain.java:120）
引起：org.eclipse.jgit.errors.TransportException：git @ git.test.com： abc.org/test_repo.git：拒绝HostKey：git.test.com 
在org.eclipse.jgit.transport.JschConfigSessionFactory.getSession（JschConfigSessionFactory.java:142）
在org.eclipse.jgit。 transport.SshTransport.getSession（SshTransport.java:121）
 at org.eclipse.jgit.transport.TransportGitSsh $ SshFetchConnection。< init>（TransportGitSsh.java:248）
 at org.eclipse.jgit .transport.TransportGitSsh.openFetch（TransportGitSsh.java:147）
 at org.eclipse.jgit.transport.FetchProcess.executeImp（FetchProcess.java:136）
 at org.eclipse.jgit.transport.FetchProcess .execute（FetchProcess.java:122）
 at org.eclipse.jgit.transport.Transport.fetch（Transport.java:1104）
 at org.eclipse.jgit.api.FetchCommand.call（FetchCommand .java：128）
 ... 9 more 
由com.jcraft.jsch.JSchException引发：在com.jcraft.jsch.Session处拒绝HostKey：git.test.com 
。 checkHost（Session.java:748）
 at com.jcraft.jsch.Session.connect（Session.java:321）
 at org.eclipse.jgit.transport.JschConfigSessio nFactory.getSession（JschConfigSessionFactory.java:116）
 ... 16 more 
  
我有将git.test.com条目添加到我的 / etc / hosts 文件中。我使用相同的代码来访问一个http url的git repo，所以它的代码工作正常。这是失败的关键处理部分。关于如何处理这个问题的任何想法？
解决方案
管理找到问题。服务器端的公钥与通常的id_rsa.pub不同，但我身边的私钥是id_rsa。 JSch默认预计公钥与私钥加上.pub后缀具有相同的名称。使用具有通用名称的密钥对（例如：private = key_1和public = key_1.pub）可解决此问题。
 
I'm using JGit to access a remote Git repo, and I need to use SSH for it. JGit uses JSch to provide secure access. However, I'm not sure how to set the key file and the knows hosts file for JGit. What I have tried is as follows.

Created a custom configuration of the SshSessionFactory, using by subclassing JSchConfigSessionFactory:
public class CustomJschConfigSessionFactory extends JschConfigSessionFactory {
    @Override
    protected void configure(OpenSshConfig.Host host, Session session) {
        session.setConfig("StrictHostKeyChecking", "yes");
    }
}
In the class which I access the remote Git repo, did the following:
CustomJschConfigSessionFactory jschConfigSessionFactory = new CustomJschConfigSessionFactory();

JSch jsch = new JSch();
try {
    jsch.addIdentity(".ssh/id_rsa");
    jsch.setKnownHosts(".ssh/known_hosts");
} catch (JSchException e) {
    e.printStackTrace();  
}
    SshSessionFactory.setInstance(jschConfigSessionFactory);
I can't figure out how to associate this JSch object with JGit so that it can successfully connect to the remote repository. When I try to clone it with JGit, I get the following exception:
org.eclipse.jgit.api.errors.TransportException: git@git.test.com:abc.org/test_repo.git: reject HostKey: git.test.com
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:137)
at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:178)
at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:125)
at GitTest.cloneRepo(GitTest.java:109)
at GitTest.main(GitTest.java:223)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)
Caused by: org.eclipse.jgit.errors.TransportException: git@git.test.com:abc.org/test_repo.git: reject HostKey: git.test.com
at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:142)
at org.eclipse.jgit.transport.SshTransport.getSession(SshTransport.java:121)
at org.eclipse.jgit.transport.TransportGitSsh$SshFetchConnection.<init>(TransportGitSsh.java:248)
at org.eclipse.jgit.transport.TransportGitSsh.openFetch(TransportGitSsh.java:147)
at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:136)
at org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:122)
at org.eclipse.jgit.transport.Transport.fetch(Transport.java:1104)
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:128)
... 9 more
Caused by: com.jcraft.jsch.JSchException: reject HostKey: git.test.com
at com.jcraft.jsch.Session.checkHost(Session.java:748)
at com.jcraft.jsch.Session.connect(Session.java:321)
at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:116)
... 16 more
I have added the git.test.com entry to my /etc/hosts file. I have used the same code to access a git repo with a http url, so the code it working fine. It's the key handling part that is failing. Any idea on how to handle this?
解决方案
Managed to find the issue. The public key in the server side had a different name other than the usual id_rsa.pub, while the private key on my side was id_rsa. JSch expects by default the public key to have the same name as the private key plus the .pub suffix. Using a key pair with a common name (ex.: private = key_1 and public = key_1.pub) solves the issue.

                        
这篇关于与JGit一起使用密钥来安全地访问Git存储库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！