JGit: Transport Exception - reject HostKey: bitbucket.org

Question

I am using JGit to create and clone a repository (the remote is a bitbucket repo - and yes, I added my deployment key). In essence, I:

1. Create repository
2. Disable JSch strict hostkey checking
3. Set JSch credentials (my ssh key is password protected, hence JSch will fail if I don't specify a password)
4. Clone the repository

My code is as follows:

  // Create repository
        File gitDir = new File(localPath);
        FileRepository repo = new FileRepository(gitDir);
        repo.create();

        // Add remote origin
        SshSessionFactory.setInstance(new JschConfigSessionFactory() {
            public void configure(Host hc, Session session) {
                session.setConfig("StrictHostKeyChecking", "no");
            }
        });
        JschConfigSessionFactory sessionFactory = new JschConfigSessionFactory() {
            @Override
            protected void configure(OpenSshConfig.Host hc, Session session) {
                CredentialsProvider provider = new CredentialsProvider() {
                    @Override
                    public boolean isInteractive() {
                        return false;
                    }

                    @Override
                    public boolean supports(CredentialItem... items) {
                        return true;
                    }

                    @Override
                    public boolean get(URIish uri, CredentialItem... items) throws UnsupportedCredentialItem {
                        for (CredentialItem item : items) {
                            if (item instanceof CredentialItem.StringType) {
                                ((CredentialItem.StringType) item).setValue("myPassword");
                            }
                        }
                        return true;
                    }
                };
                UserInfo userInfo = new CredentialsProviderUserInfo(session, provider);
                session.setUserInfo(userInfo);
            }
        };
        SshSessionFactory.setInstance(sessionFactory);
        git = org.eclipse.jgit.api.Git.cloneRepository()
                .setURI(remote)
                .setDirectory(new File(localPath + "/git"))
                .call();

Problem: The clone fails with the following error

org.eclipse.jgit.api.errors.TransportException: git@bitbucket.org:username/blah.git: reject HostKey: bitbucket.org at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:137) at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:178) at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:125)

Answer 1

I was searching for an answer to this as well with very few references out there. I wanted to contribute what eventually worked for me. I was trying to use jGit to query Gerrit via the ssh command console. For that to work, you need to provide a passphrase and ssh private key.

To set up the connection, you first must configure JSch first:

    SshSessionFactory factory = new JschConfigSessionFactory() {

        public void configure(Host hc, Session session) {
            session.setConfig("StrictHostKeyChecking", "no");
        }

        @Override
        protected JSch
                        getJSch(final OpenSshConfig.Host hc, FS fs) throws JSchException {
            JSch jsch = super.getJSch(hc, fs);
            jsch.removeAllIdentity();
            //Where getSshKey returns content of the private key file
            if (StringUtils.isNotEmpty(data.getSshKey())) {
                jsch.addIdentity("identityName", data.getSshKey()
                    .getBytes(), null, data.getSshPassphrase()
                    .getBytes());
            }
            return jsch;
        }
    };

Now, I was unable to use traditional methods for using the session with the private key. git.cloneRepository() will not work. You have to setup a transport and assign the session factory to it:

String targetRevision = "refs/head/master"; //or "refs/meta/config", "refs/for/master"
Transport transport = null;
transport = Transport.open(git.getRepository(), url);
((SshTransport) transport).setSshSessionFactory(factory);
RefSpec refSpec = new RefSpec().setForceUpdate(true).setSourceDestination(
                        targetRevision, targetRevision);
transport.fetch(monitor, Arrays.asList(refSpec));

CheckoutCommand co = git.checkout();
co.setName(targetRevision);
co.call();

//Add and make a change:
git.add().addFilepattern("somefile.txt").call();
RevCommit revCommit = git.commit().setMessage("Change.").call();

//Last, push the update:
RemoteRefUpdate rru =new RemoteRefUpdate(git.getRepository(), revCommit.name(),
                        targetRevision, true, null, null);
List<RemoteRefUpdate> list = new ArrayList<RemoteRefUpdate>();
list.add(rru);
PushResult r = transport.push(monitor, list);

There you have it, a short small circle tutorial for connecting via ssh to remote repository, fetch/checkout, make a change, and push back upstream. I hope this saves others time trying to understand jGit better.