Git SSH configuration using properties
By default, the JGit library used by Spring Cloud Config Server uses SSH configuration files such as ~/.ssh/known_hosts
and /etc/ssh/ssh_config
when connecting to Git repositories by using an SSH URI. In cloud environments such as Cloud Foundry, the local filesystem may be ephemeral or not easily accessible. For those cases, SSH configuration can be set by using Java properties. In order to activate property-based SSH configuration, the spring.cloud.config.server.git.ignoreLocalSshSettings
property must be set to true
, as shown in the following example:
spring: cloud: config: server: git: uri: git@gitserver.com:team/repo1.git ignoreLocalSshSettings: true hostKey: someHostKey hostKeyAlgorithm: ssh-rsa privateKey: | -----BEGIN RSA PRIVATE KEY----- MIIEpgIBAAKCAQEAx4UbaDzY5xjW6hc9jwN0mX33XpTDVW9WqHp5AKaRbtAC3DqX IXFMPgw3K45jxRb93f8tv9vL3rD9CUG1Gv4FM+o7ds7FRES5RTjv2RT/JVNJCoqF ol8+ngLqRZCyBtQN7zYByWMRirPGoDUqdPYrj2yq+ObBBNhg5N+hOwKjjpzdj2Ud 1l7R+wxIqmJo1IYyy16xS8WsjyQuyC0lL456qkd5BDZ0Ag8j2X9H9D5220Ln7s9i oezTipXipS7p7Jekf3Ywx6abJwOmB0rX79dV4qiNcGgzATnG1PkXxqt76VhcGa0W DDVHEEYGbSQ6hIGSh0I7BQun0aLRZojfE3gqHQIDAQABAoIBAQCZmGrk8BK6tXCd fY6yTiKxFzwb38IQP0ojIUWNrq0+9Xt+NsypviLHkXfXXCKKU4zUHeIGVRq5MN9b BO56/RrcQHHOoJdUWuOV2qMqJvPUtC0CpGkD+valhfD75MxoXU7s3FK7yjxy3rsG EmfA6tHV8/4a5umo5TqSd2YTm5B19AhRqiuUVI1wTB41DjULUGiMYrnYrhzQlVvj 5MjnKTlYu3V8PoYDfv1GmxPPh6vlpafXEeEYN8VB97e5x3DGHjZ5UrurAmTLTdO8 +AahyoKsIY612TkkQthJlt7FJAwnCGMgY6podzzvzICLFmmTXYiZ/28I4BX/mOSe pZVnfRixAoGBAO6Uiwt40/PKs53mCEWngslSCsh9oGAaLTf/XdvMns5VmuyyAyKG ti8Ol5wqBMi4GIUzjbgUvSUt+IowIrG3f5tN85wpjQ1UGVcpTnl5Qo9xaS1PFScQ xrtWZ9eNj2TsIAMp/svJsyGG3OibxfnuAIpSXNQiJPwRlW3irzpGgVx/AoGBANYW dnhshUcEHMJi3aXwR12OTDnaLoanVGLwLnkqLSYUZA7ZegpKq90UAuBdcEfgdpyi PhKpeaeIiAaNnFo8m9aoTKr+7I6/uMTlwrVnfrsVTZv3orxjwQV20YIBCVRKD1uX VhE0ozPZxwwKSPAFocpyWpGHGreGF1AIYBE9UBtjAoGBAI8bfPgJpyFyMiGBjO6z FwlJc/xlFqDusrcHL7abW5qq0L4v3R+FrJw3ZYufzLTVcKfdj6GelwJJO+8wBm+R gTKYJItEhT48duLIfTDyIpHGVm9+I1MGhh5zKuCqIhxIYr9jHloBB7kRm0rPvYY4 VAykcNgyDvtAVODP+4m6JvhjAoGBALbtTqErKN47V0+JJpapLnF0KxGrqeGIjIRV cYA6V4WYGr7NeIfesecfOC356PyhgPfpcVyEztwlvwTKb3RzIT1TZN8fH4YBr6Ee KTbTjefRFhVUjQqnucAvfGi29f+9oE3Ei9f7wA+H35ocF6JvTYUsHNMIO/3gZ38N CPjyCMa9AoGBAMhsITNe3QcbsXAbdUR00dDsIFVROzyFJ2m40i4KCRM35bC/BIBs q0TY3we+ERB40U8Z2BvU61QuwaunJ2+uGadHo58VSVdggqAo0BSkH58innKKt96J 69pcVH/4rmLbXdcmNYGm6iu+MlPQk4BUZknHSmVHIFdJ0EPupVaQ8RHT -----END RSA PRIVATE KEY-----
The following table describes the SSH configuration properties.
Table 1. SSH Configuration Properties
Property Name | Remarks |
ignoreLocalSshSettings | If true , use property-based instead of file-based SSH config. Must be set at as spring.cloud.config.server.git.ignoreLocalSshSettings , not inside a repository definition. |
privateKey | Valid SSH private key. Must be set if ignoreLocalSshSettings is true and Git URI is SSH format. |
hostKey | Valid SSH host key. Must be set if hostKeyAlgorithm is also set. |
hostKeyAlgorithm | One of ssh-dss, ssh-rsa, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521 . Must be set if hostKey is also set. |
strictHostKeyChecking | true or false . If false, ignore errors with host key. |
knownHostsFile | Location of custom .known_hosts file. |
preferredAuthentications | Override server authentication method order. This should allow for evading login prompts if server has keyboard-interactive authentication before the publickey method. |
根據官網的配置寫,報了個錯:Property 'spring.cloud.config.server.git.privateKey' is not a valid private key
仔細查看后發現我的私鑰是以BEGIN OPENSSH PRIVATE KEY開頭,END OPENSSH PRIVATE KEY結尾,而
現在服務端如mysql,gitee等還不支持這種格式,因此我們還是生成原來的格式:以BEGIN RSA PRIVATE KEY開頭,
END RSA PRIVATE KEY結尾。
現在使用命令 ssh-keygen -t rsa -C 生成ssh,默認是以新的格式生成,id_rsa的第一行變成了“BEGIN OPENSSH PRIVATE KEY” 而不在是“BEGIN RSA PRIVATE KEY”,解決方法:使用 ssh-keygen -m PEM -t rsa -b 4096 -C "郵箱" 來生成。
-m 參數指定密鑰的格式,PEM(也就是RSA格式)是之前使用的舊格式
-b:指定密鑰長度;
-e:讀取openssh的私鑰或者公鑰文件;
-C:添加注釋;
-f:指定用來保存密鑰的文件名;
-i:讀取未加密的ssh-v2兼容的私鑰/公鑰文件,然后在標准輸出設備上顯示openssh兼容的私鑰/公鑰;
-l:顯示公鑰文件的指紋數據;
-N:提供一個新密語;
-P:提供(舊)密語;
-q:靜默模式;
-t:指定要創建的密鑰類型
重新配置私鑰,就可以啦。
參考鏈接:
https://www.cnblogs.com/alinainai/p/11100089.html
https://www.cnblogs.com/soner/p/10412888.html
重新生成密鑰並且同步到github上之后本地測試鏈接 ssh -T git@github.com 通過之后,config服務重啟再次測試報錯:org.eclipse.jgit.api.errors.TransportException: git@github.xxx.git: remote hung up unexpectedly
解決方法:
# ignoreLocalSshSettings: true ignore-local-ssh-settings: false
因為我看true爆紅,所以替換YML的配置,有時啟動會鏈接超時,不過不妨礙鏈接github。