发表新帖
发表新帖

“Invalid privatekey” when using JSch

前端 未结
关注
5 727
攒了一身酷
攒了一身酷 2020-11-27 13:25

I\'m using the following code to work with Git in a Java application. I have a valid key (use it all the time), and this specific code has work for me before with the same

相关标签:
5条回答
  • 灰色年华
    2020-11-27 13:30

    I also stumbled upon this issue. running Jgit on mac, for some users we saw the following exception:

    org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:160)
    at org.eclipse.jgit.transport.SshTransport.getSession(SshTransport.java:137)
    at org.eclipse.jgit.transport.TransportGitSsh$SshFetchConnection.<init>(TransportGitSsh.java:274)
    at org.eclipse.jgit.transport.TransportGitSsh.openFetch(TransportGitSsh.java:169)
    at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:136)
    at org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:122)
    at org.eclipse.jgit.transport.Transport.fetch(Transport.java:1236)
    at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:234)
    ... 17 more
Caused by: com.jcraft.jsch.JSchException: invalid privatekey: [B@e4487af
    at com.jcraft.jsch.KeyPair.load(KeyPair.java:664)
    at com.jcraft.jsch.KeyPair.load(KeyPair.java:561)
    at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:40)
    at com.jcraft.jsch.JSch.addIdentity(JSch.java:407)
    at com.jcraft.jsch.JSch.addIdentity(JSch.java:367)
    at org.eclipse.jgit.transport.JschConfigSessionFactory.getJSch(JschConfigSessionFactory.java:276)
    at org.eclipse.jgit.transport.JschConfigSessionFactory.createSession(JschConfigSessionFactory.java:220)
    at org.eclipse.jgit.transport.JschConfigSessionFactory.createSession(JschConfigSessionFactory.java:176)
    at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:110)

    The root cause was discovered to be the ssh private key mismatch. The exception only happened for users with key of newer kind ed25519, which outputs this key header:

    -----BEGIN OPENSSH PRIVATE KEY-----

    instead of kind RSA:

    -----BEGIN RSA PRIVATE KEY-----

    regenerating an RSA key (ssh-keygen -t rsa), made the exception go away.

    Edit following comments: If you have OpenSSH 7.8 and above you might need to add -m PEM to the generation command: ssh-keygen -t rsa -m PEM

    0 讨论(0)
  • 面向向阳花
    2020-11-27 13:38

    Quite late to reply, but want to leave track of how to face the issue.

    The point, as meny mentioned, is actually the way you generate the key and with the -m PEM option resolves.

    However if, just as happened to me, you could not regenerate the key because the public part had already been installed in several servers, you can still convert your private key to a suitable format.

    To do so, just issue the following command:

    ssh-keygen -p -m pem -f id_rsa

    It will ask for input of a new passphrase. With parameters -P (old passphrase) and -N (new passphrase) you can provide them at once, if needed.

    0 讨论(0)
  • 刺人心
    2020-11-27 13:41

    1. You read a file named .pem and de-base64 all of it and treat the result as PKCS8-unencrypted, apparently successfully. This means the file was NOT PEM-format. PEM format at minimum MUST have the dash-BEGIN and dash-END lines to be valid, which if not removed cause de-base64 to either fail or be wrong. (Some PEM formats also have 822-style headers which must be handled.)

    2. You appear to be using BouncyCastle, but in my versions there is no PKCS8Generator constructor that takes only RSAPrivateKey. The closest thing that works is JcaPKCS8Generator (RSAPrivateKey implements PrivateKey, OutputEncryptor=null) (i.e. a different but related class, and two arguments not one).

    3. PemWriter is buffered, and you didn't flush it before looking at the underlying StringWriter. As a result writer.toString().getBytes() is an empty/zero-length array, which JSch rightly considers invalid.

    With #2 and #3 fixed and using my input, and calling JSch directly instead of via JGit, it works for me.

    0 讨论(0)
  • 情歌与酒
    2020-11-27 13:42

    Recent versions of OpenSSH (7.8 and newer) generate keys in new OpenSSH format by default, which start with:

    -----BEGIN OPENSSH PRIVATE KEY-----

    JSch does not support this key format.

    You can use ssh-keygen to convert the key to the classic OpenSSH format:

    ssh-keygen -p -f file -m pem -P passphrase -N passphrase

    (if the key is not encrypted with a passphrase, use "" instead of passphrase)

    For Windows users: Note that ssh-keygen.exe is now built-in in Windows 10. And can be downloaded from Microsoft Win32-OpenSSH project for older versions of Windows.

    On Windows, you can also use PuTTYgen (from PuTTY package):

    • Start PuTTYgen
    • Load the key
    • Go to Conversions > Export OpenSSH key.
      For RSA keys, it will use the classic format.

    If you are creating a new key with ssh-keygen, just add -m PEM to generate the new key in the classic format:

    ssh-keygen -m PEM
    0 讨论(0)
  • 太阳男子
    2020-11-27 13:45

    JSch does not support this key format. It supports only RSAPrivateKey. This command works for me. Try this solution

    ssh-keygen -m PEM -t rsa -b 2048

    //edited to rsa with 2048 keysize

    0 讨论(0)
 看不清?
提交回复
热议问题