Tarek Tarek - 15 days ago 26
Java Question

Spring Cloud Config cannot clone private bitbucket repository using ssh key

I am on Linux (arch), trying to configure Spring Cloud Config following this tutorial with a private bitbucket git repository using an ssh key, but I keep getting the error:

Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
[Request processing failed; nested exception is java.lang.IllegalStateException: Cannot
clone or checkout repository] with root cause com.jcraft.jsch.JSchException: Auth fail

Now, according to the tutorial, it should work:

If you don’t use HTTPS and user credentials, SSH should also work out of the box when you store keys in the default directories (~/.ssh) and the uri points to an SSH location, e.g. "git@github.com:configuration/cloud-configuration". It is important that all keys in ~/.ssh/known_hosts are in "ssh-rsa" format. The new "ecdsa-sha2-nistp256" format is NOT supported. The repository is accessed using JGit, so any documentation you find on that should be applicable. HTTPS proxy settings can be set in ~/.git/config or in the same way as for any other JVM process via system properties (-Dhttps.proxyHost and -Dhttps.proxyPort).

I do have a private ssh key in the ~/.ssh folder named bitbucket-rsa, created using the command
ssh-keygen -t rsa -b 4096 -C "my-email@provider.com"
. The public key was added to Bitbucket correctly, as I am able to clone, pull and push from the repository from the command line without a hitch. The private key has been added to the ssh-agent and bitbucket.org is present in the known_hosts file.

Here's the bootstrap.yml in the config-service project:

name: config-service
uri: "git@bitbucket.org:TarekSaid/my-private-repo.git"
port: 8888

Using https with a username and password works, but I still prefer using ssh keys, how can I make it work?


Finally made it work!

this question: How to use a custom ssh key location with Spring Cloud Config pointed me in the right direction. I debugged the JschConfigSessionFactory class and found out that when the username and password are not provided it fetches configuration from the default config file in ~/.ssh/config.

Therefore, all I had to do was add the following to my ~/.ssh/config file:


Host bitbucket.org
  User TarekSaid
  Hostname bitbucket.org
  PreferredAuthentications publickey
  IdentitiesOnly yes
  IdentityFile ~/.ssh/bitbucket_rsa

Now it's working.