Community
Participate
Working Groups
Unable to connect to github.com after updating to 2021-09 eclipse (previous version 2021-03 was working fine). The error: Can't connect to any repository: git@github.com:andy-goryachev/MemSafeCrypto.git (git@github.com:andy-goryachev/MemSafeCrypto.git: DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: Supplied key (net.i2p.crypto.eddsa.EdDSAPrivateKey) is not a RSAPrivateKey instance) An exception stack trace is not available. eclipse.buildId=4.21.0.I20210906-0500 java.version=15.0.1 java.vendor=Azul Systems, Inc. BootLoader constants: OS=win32, ARCH=x86_64, WS=win32, NL=en_US Framework arguments: -product org.eclipse.epp.package.java.product Command-line arguments: -data file:/C:/System/eclipse.workspaces/workspace/ -os win32 -ws win32 -arch x86_64 -product org.eclipse.epp.package.java.product tried with both Apache Mina and built-in HTTP client. The key is EdDSA per github's recommentation (and it used to work with an earlier release). Please, please help! Thank you in advance. -andy
Sounds like some serious misconfiguration somewhere. Why do you mention the HTTP client when the problem is about an SSH connection? Is there anything more in the Eclipse log?
A good point about HTTP, it is not related. There is no more information in the log (hence the words "An exception stack trace is not available.") This is a straightforward upgrade from 2021-03 to 2021-09. I can't even think of where to look because Network -> SSH has no relevant settings. As if the standard provider used by Eclipse does not support elliptical keys anymore and requests RSA.
... and now I cannot revert the configuration. this is just great. the second law of thermodynamics in action.
Sorry, can't help you with this. It's totally unclear where this message comes from; it's not from JGit or from Apache MINA sshd. As far as I can determine by searching the Web, it comes from the SecurityProvider, and probably indicates that the code tries to compute an RSA-type signature but using an ed25519 key. I have no idea what might lead to this. As I'm about to go on vacation, I also have no time to look into this in more detail for now. I'll look again in January if it then is still a problem.
Thank you, Thomas.
OK, so I was able to fix it by moving github key to the leading position in Preferences -> General -> Network Connections -> SSH2 -> Private Keys. I don't quite know what the logic is for selecting the right key for a given host, but perhaps it can be improved. Downgrading the severity but keeping the bug open because I think it is still a bug.
(In reply to andy goryachev from comment #6) > OK, so I was able to fix it by moving github key to the leading position in > > Preferences -> General -> Network Connections -> SSH2 -> Private Keys. > > I don't quite know what the logic is for selecting the right key for a given > host, but perhaps it can be improved. Downgrading the severity but keeping > the bug open because I think it is still a bug. Yes, that's a bug in Apache MINA sshd. Thanks for this information, that gave me a clue as to how to reproduce this. Don't know why there's no stack trace; in an Apache MINA sshd unit test I get Exception in thread "main" org.apache.sshd.common.SshException: DefaultAuthFuture[ssh-connection]: Failed (InvalidKeyException) to execute: Supplied key (net.i2p.crypto.eddsa.EdDSAPrivateKey) is not a RSAPrivateKey instance at org.apache.sshd.common.future.AbstractSshFuture.lambda$verifyResult$1(AbstractSshFuture.java:131) at org.apache.sshd.common.future.AbstractSshFuture.formatExceptionMessage(AbstractSshFuture.java:185) at org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:130) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:39) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:32) at org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:43) at ch.paranor.thomas.TestClient.testAuth(TestClient.java:44) at ch.paranor.thomas.TestClient.main(TestClient.java:58) Caused by: java.security.InvalidKeyException: Supplied key (net.i2p.crypto.eddsa.EdDSAPrivateKey) is not a RSAPrivateKey instance at org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi.engineInitSign(Unknown Source) at java.security.Signature$Delegate.engineInitSign(Signature.java:1177) at java.security.Signature.initSign(Signature.java:530) at org.apache.sshd.common.signature.AbstractSignature.initSigner(AbstractSignature.java:104) at org.apache.sshd.client.auth.pubkey.KeyPairIdentity.sign(KeyPairIdentity.java:81) at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.appendSignature(UserAuthPublicKey.java:363) at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.processAuthDataRequest(UserAuthPublicKey.java:333) at org.apache.sshd.client.auth.AbstractUserAuth.process(AbstractUserAuth.java:73) at org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:303) at org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:225) at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:526) at org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:452) at org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1524) at org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:412) at org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:64) at org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:359) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:336) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:333) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) at java.security.AccessController.doPrivileged(Native Method) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) at sun.nio.ch.Invoker$2.run(Invoker.java:218) at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Indeed Apache MINA sshd tries to generate an RSA SHA1 signature with an ed25519 key :-( Reproducible if the setup is such that 1. a wrong RSA key is tried with signature rsa-sha2-512; server rejects the authentication attempt. 2. the (correct) ed25519 key is tried; but unfortunately with the wrong signature type (ssh-rsa). Work-arounds are: * Put RSA keys last in the list of keys to be tried. * Use a ~/.ssh/config file specifying the exact key to use, for instance Host github github.com Hostname github.com User git IdentityFile ~/.ssh/id_ed25519.github IdentitiesOnly yes The fix in Apache MINA sshd would be a one-liner, but a unit test for this is more than I can do in the time before my vacation.
Thank you so much, Thomas! I am not sure why it showed no exception before - I do see it in the log now (and I don't see the old events for some reason). I am still impressed by your prompt response! Have a great vacation. Cheers, -a
Reported upstream at [1]. The one-line fix (without unit test) is [2]. [1] https://issues.apache.org/jira/browse/SSHD-1231 [2] https://github.com/apache/mina-sshd/pull/211
New Gerrit change created: https://git.eclipse.org/r/c/jgit/jgit/+/189355
Gerrit change https://git.eclipse.org/r/c/jgit/jgit/+/189355 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=4c555f0742856bb21efcb2df53c7ceac921ffe80
+1 thank you, Thomas!
Thanks. Should be fixed in EGit nightly now.