spring cloud config center Git SSH configuration

Git SSH configuration using properties

By default, the JGit library used by Spring Cloud Config Server uses SSH configuration files such as ~/.ssh/known_hosts and /etc/ssh/ssh_config when connecting to Git repositories by using an SSH URI. In cloud environments such as Cloud Foundry, the local filesystem may be ephemeral or not easily accessible. For those cases, SSH configuration can be set by using Java properties. In order to activate property-based SSH configuration, the spring.cloud.config.server.git.ignoreLocalSshSettings property must be set to true, as shown in the following example:

 

  spring:
    cloud:
      config:
        server:
          git:
            uri: git@gitserver.com:team/repo1.git
            ignoreLocalSshSettings: true
            hostKey: someHostKey
            hostKeyAlgorithm: ssh-rsa
            privateKey: |
                         -----BEGIN RSA PRIVATE KEY-----
                         MIIEpgIBAAKCAQEAx4UbaDzY5xjW6hc9jwN0mX33XpTDVW9WqHp5AKaRbtAC3DqX
                         IXFMPgw3K45jxRb93f8tv9vL3rD9CUG1Gv4FM+o7ds7FRES5RTjv2RT/JVNJCoqF
                         ol8+ngLqRZCyBtQN7zYByWMRirPGoDUqdPYrj2yq+ObBBNhg5N+hOwKjjpzdj2Ud
                         1l7R+wxIqmJo1IYyy16xS8WsjyQuyC0lL456qkd5BDZ0Ag8j2X9H9D5220Ln7s9i
                         oezTipXipS7p7Jekf3Ywx6abJwOmB0rX79dV4qiNcGgzATnG1PkXxqt76VhcGa0W
                         DDVHEEYGbSQ6hIGSh0I7BQun0aLRZojfE3gqHQIDAQABAoIBAQCZmGrk8BK6tXCd
                         fY6yTiKxFzwb38IQP0ojIUWNrq0+9Xt+NsypviLHkXfXXCKKU4zUHeIGVRq5MN9b
                         BO56/RrcQHHOoJdUWuOV2qMqJvPUtC0CpGkD+valhfD75MxoXU7s3FK7yjxy3rsG
                         EmfA6tHV8/4a5umo5TqSd2YTm5B19AhRqiuUVI1wTB41DjULUGiMYrnYrhzQlVvj
                         5MjnKTlYu3V8PoYDfv1GmxPPh6vlpafXEeEYN8VB97e5x3DGHjZ5UrurAmTLTdO8
                         +AahyoKsIY612TkkQthJlt7FJAwnCGMgY6podzzvzICLFmmTXYiZ/28I4BX/mOSe
                         pZVnfRixAoGBAO6Uiwt40/PKs53mCEWngslSCsh9oGAaLTf/XdvMns5VmuyyAyKG
                         ti8Ol5wqBMi4GIUzjbgUvSUt+IowIrG3f5tN85wpjQ1UGVcpTnl5Qo9xaS1PFScQ
                         xrtWZ9eNj2TsIAMp/svJsyGG3OibxfnuAIpSXNQiJPwRlW3irzpGgVx/AoGBANYW
                         dnhshUcEHMJi3aXwR12OTDnaLoanVGLwLnkqLSYUZA7ZegpKq90UAuBdcEfgdpyi
                         PhKpeaeIiAaNnFo8m9aoTKr+7I6/uMTlwrVnfrsVTZv3orxjwQV20YIBCVRKD1uX
                         VhE0ozPZxwwKSPAFocpyWpGHGreGF1AIYBE9UBtjAoGBAI8bfPgJpyFyMiGBjO6z
                         FwlJc/xlFqDusrcHL7abW5qq0L4v3R+FrJw3ZYufzLTVcKfdj6GelwJJO+8wBm+R
                         gTKYJItEhT48duLIfTDyIpHGVm9+I1MGhh5zKuCqIhxIYr9jHloBB7kRm0rPvYY4
                         VAykcNgyDvtAVODP+4m6JvhjAoGBALbtTqErKN47V0+JJpapLnF0KxGrqeGIjIRV
                         cYA6V4WYGr7NeIfesecfOC356PyhgPfpcVyEztwlvwTKb3RzIT1TZN8fH4YBr6Ee
                         KTbTjefRFhVUjQqnucAvfGi29f+9oE3Ei9f7wA+H35ocF6JvTYUsHNMIO/3gZ38N
                         CPjyCMa9AoGBAMhsITNe3QcbsXAbdUR00dDsIFVROzyFJ2m40i4KCRM35bC/BIBs
                         q0TY3we+ERB40U8Z2BvU61QuwaunJ2+uGadHo58VSVdggqAo0BSkH58innKKt96J
                         69pcVH/4rmLbXdcmNYGm6iu+MlPQk4BUZknHSmVHIFdJ0EPupVaQ8RHT
                         -----END RSA PRIVATE KEY-----

　　The following table describes the SSH configuration properties.

 Table 1. SSH Configuration Properties

Property Name	Remarks
ignoreLocalSshSettings	If true, use property-based instead of file-based SSH config. Must be set at as spring.cloud.config.server.git.ignoreLocalSshSettings, not inside a repository definition.
privateKey	Valid SSH private key. Must be set if ignoreLocalSshSettings is true and Git URI is SSH format.
hostKey	Valid SSH host key. Must be set if hostKeyAlgorithm is also set.
hostKeyAlgorithm	One of ssh-dss, ssh-rsa, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521. Must be set if hostKey is also set.
strictHostKeyChecking	true or false. If false, ignore errors with host key.
knownHostsFile	Location of custom .known_hosts file.
preferredAuthentications	Override server authentication method order. This should allow for evading login prompts if server has keyboard-interactive authentication before the publickey method.

 

根據官網的配置寫，報了個錯：Property 'spring.cloud.config.server.git.privateKey' is not a valid private key

　　仔細查看后發現我的私鑰是以BEGIN OPENSSH PRIVATE KEY開頭，END OPENSSH PRIVATE KEY結尾，而

現在服務端如mysql，gitee等還不支持這種格式，因此我們還是生成原來的格式：以BEGIN RSA PRIVATE KEY開頭，

END RSA PRIVATE KEY結尾。

　　現在使用命令 ssh-keygen -t rsa -C  生成ssh，默認是以新的格式生成，id_rsa的第一行變成了“BEGIN OPENSSH PRIVATE KEY” 而不在是“BEGIN RSA PRIVATE KEY”，解決方法：使用 ssh-keygen -m PEM -t rsa -b 4096 -C "郵箱"  來生成。

　　　　-m 參數指定密鑰的格式，PEM（也就是RSA格式）是之前使用的舊格式

　　　　-b：指定密鑰長度；

　　　　-e：讀取openssh的私鑰或者公鑰文件；

　　　　-C：添加注釋；

　　　　-f：指定用來保存密鑰的文件名；

　　　　-i：讀取未加密的ssh-v2兼容的私鑰/公鑰文件，然后在標准輸出設備上顯示openssh兼容的私鑰/公鑰；

　　　　-l：顯示公鑰文件的指紋數據；

　　　　-N：提供一個新密語；

　　　　-P：提供（舊）密語；

　　　　-q：靜默模式；

　　　　-t：指定要創建的密鑰類型

　　重新配置私鑰，就可以啦。

 

參考鏈接：

　　https://www.cnblogs.com/alinainai/p/11100089.html

　　https://www.cnblogs.com/soner/p/10412888.html

 

重新生成密鑰並且同步到github上之后本地測試鏈接 ssh -T git@github.com 通過之后，config服務重啟再次測試報錯：org.eclipse.jgit.api.errors.TransportException: git@github.xxx.git: remote hung up unexpectedly

解決方法：

 

#          ignoreLocalSshSettings: true
          ignore-local-ssh-settings: false

　　因為我看true爆紅，所以替換YML的配置，有時啟動會鏈接超時，不過不妨礙鏈接github。