Community
Participate
Working Groups
In a workspace that has been in use for years, a few days ago I started getting this exception: org.eclipse.jgit.api.errors.TransportException: ssh://sherrmann@git.eclipse.org:29418/jdt/eclipse.jdt.core.git: Cannot log in at git.eclipse.org:29418 at org.eclipse.jgit.api.LsRemoteCommand.execute(LsRemoteCommand.java:189) at org.eclipse.jgit.api.LsRemoteCommand.call(LsRemoteCommand.java:128) at org.eclipse.egit.core.op.ListRemoteOperation.run(ListRemoteOperation.java:116) at org.eclipse.egit.ui.internal.components.AsynchronousListOperation.run(AsynchronousListOperation.java:76) at org.eclipse.egit.ui.internal.dialogs.CancelableFuture$1.run(CancelableFuture.java:280) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63) Caused by: org.eclipse.jgit.errors.TransportException: ssh://sherrmann@git.eclipse.org:29418/jdt/eclipse.jdt.core.git: Cannot log in at git.eclipse.org:29418 at org.eclipse.jgit.transport.sshd.SshdSession.connect(SshdSession.java:178) at org.eclipse.jgit.transport.sshd.SshdSession.connect(SshdSession.java:99) at org.eclipse.jgit.transport.sshd.SshdSessionFactory.getSession(SshdSessionFactory.java:251) at org.eclipse.jgit.transport.sshd.SshdSessionFactory.getSession(SshdSessionFactory.java:1) at org.eclipse.jgit.transport.SshTransport.getSession(SshTransport.java:107) at org.eclipse.jgit.transport.TransportGitSsh$SshFetchConnection.<init>(TransportGitSsh.java:281) at org.eclipse.jgit.transport.TransportGitSsh.openFetch(TransportGitSsh.java:153) at org.eclipse.jgit.api.LsRemoteCommand.execute(LsRemoteCommand.java:167) ... 5 more Caused by: org.apache.sshd.common.SshException: No more authentication methods available at org.apache.sshd.common.future.AbstractSshFuture.verifyResult(AbstractSshFuture.java:126) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:39) at org.apache.sshd.client.future.DefaultAuthFuture.verify(DefaultAuthFuture.java:32) at org.apache.sshd.common.future.VerifiableFuture.verify(VerifiableFuture.java:68) at org.eclipse.jgit.transport.sshd.SshdSession.connect(SshdSession.java:168) ... 12 more Caused by: org.apache.sshd.common.SshException: No more authentication methods available at org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:353) at org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:288) at org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:225) at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:526) at org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:452) at org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1524) at org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:412) at org.eclipse.jgit.internal.transport.sshd.JGitClientSession.messageReceived(JGitClientSession.java:197) at org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:64) at org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:359) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:336) at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:333) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38) at java.base/java.security.AccessController.doPrivileged(AccessController.java:312) at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37) at java.base/sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:127) at java.base/sun.nio.ch.Invoker$2.run(Invoker.java:219) at java.base/sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:830) This is the same exception when trying to fetch from a repo that has migrated to github, whereas jdt.core has not migrated yet. On a different machine the same coordinates still succeed to fetch. I got it with EGit 5.13, then updated to 6.2 which did not improve things. Even if I did smth wrong, saying "No more authentication methods available" is not very helpful. I noticed that EGit added a preference option regarding ssh agents. When I tried to disable this I got: java.lang.NullPointerException at org.eclipse.egit.ui.internal.preferences.GitPreferenceRoot.lambda$0(GitPreferenceRoot.java:418) at org.eclipse.jface.preference.FieldEditor.fireValueChanged(FieldEditor.java:350) at org.eclipse.jface.preference.FieldEditor.fireStateChanged(FieldEditor.java:333) at org.eclipse.jface.preference.BooleanFieldEditor.valueChanged(BooleanFieldEditor.java:243) at org.eclipse.jface.preference.BooleanFieldEditor.lambda$0(BooleanFieldEditor.java:195) at org.eclipse.swt.events.SelectionListener$1.widgetSelected(SelectionListener.java:84) at org.eclipse.swt.widgets.TypedListener.handleEvent(TypedListener.java:252)
New Gerrit change created: https://git.eclipse.org/r/c/egit/egit/+/192345
(In reply to Stephan Herrmann from comment #0) > java.lang.NullPointerException > at > org.eclipse.egit.ui.internal.preferences.GitPreferenceRoot. > lambda$0(GitPreferenceRoot.java:418) Is fixed by: (In reply to Eclipse Genie from comment #1) > New Gerrit change created: https://git.eclipse.org/r/c/egit/egit/+/192345 Sorry for this truly stupid oversight. Instead of using this UI option, add "IdentityAgent none" to the SSH host entry for git.eclipse.org in ~/.ssh/config: Host git.eclipse.org Hostname git.eclipse.org User sherrmann Port 29418 IdentityFile ~/.ssh/<your key> IdentityAgent none With 6.2 this should work. If this works, but fails when you remove the "IdentityAgent none" line, then most probably your agent offers a different key, and Gerrit's SSH daemon has some limit on authentication attempts, which gets hit before the correct key is tried. (Agent keys take precedence in SSH...) If so, try removing "IdentityAgent none" and adding "IdentitiesOnly yes" instead.
(In reply to Stephan Herrmann from comment #0) > Caused by: org.apache.sshd.common.SshException: No more authentication > methods available > at > org.apache.sshd.client.session.ClientUserAuthService. > tryNext(ClientUserAuthService.java:353) [...] > Even if I did smth wrong, saying "No more authentication methods available" > is not very helpful. Tell that to Apache MINA sshd :-) I fully agree. Unfortunately it's the default that org.apache.sshd gives us. I _think_ recent versions have some support for a kind of listeners to log which authentications are attempted, but IIRC it's rather arcane and needs different listeners for different authentication methods. Maybe JGit could try to use that to at least give some indication which auth methods and which keys were tried at all.
Gerrit change https://git.eclipse.org/r/c/egit/egit/+/192345 was merged to [master]. Commit: http://git.eclipse.org/c/egit/egit.git/commit/?id=7de03f7446a3e4613cfa110b400537d83fbfed4a
Thanks Thomas. Edits in .ssh/config didn't cut it, but alerted by your mentioning of identity files I found one identity for which I had not uploaded the public key to gerrit. I could guess that previously the secondary ssh-dss identity was used on this machine. Was support for ssh-dss / id_dsa dropped "recently" somewhere in the stack?
(In reply to Stephan Herrmann from comment #5) > Thanks Thomas. > > Edits in .ssh/config didn't cut it, but alerted by your mentioning of > identity files I found one identity for which I had not uploaded the public > key to gerrit. > > I could guess that previously the secondary ssh-dss identity was used on > this machine. Was support for ssh-dss / id_dsa dropped "recently" somewhere > in the stack? So it wasn't the agent. Yes, DSA support is disabled in newer Gerrit versions by default. EF did update Gerrit recently, and probably didn't enable it in the Gerrit config. DSA is still enabled in JGit.
I'm closing this. Improving the feedback on authentication failures is bug 571390. (Had forgotten about that one. I think I can do that for 6.2.)
(In reply to Thomas Wolf from comment #7) > I'm closing this. Improving the feedback on authentication failures is bug > 571390. (Had forgotten about that one. I think I can do that for 6.2.) Sounds good. thanks.