These are chat archives for spring-cloud/spring-cloud

10th
Nov 2017

I am trying to config config server with ssh keys (dalson sr4), but fail with the error message

...
Caused by: com.jcraft.jsch.JSchException: UnknownHostKey: github.intra.company.com. RSA key fingerprint ....

my bootstrap.yml look like this:

spring: application: name: my-configserver cloud: config: fail-fast: true server: bootstrap: @config-server-bootstrap@ git: uri: git@github.intra.company.com:MyOrg/my-config.git search-paths: '{application}' clone-on-start: true knownHostsFile: ssh_known_hosts ignoreLocalSshSettings: true hostKey: AAAAB3NzaC1yc2EAAAADAQABAAABAQDMzwrmYiFj/9FD... LQDtNyeHPntdEG6fGmkwfR7YKMtZ75kD1 hostKeyAlgorithm: ssh-rsa strictHostKeyChecking: false privateKey: | -----BEGIN RSA PRIVATE KEY----- EEjd0ZDfYaeCegcbJ+osWqjE0DY2u5s3NktATCmPLLCIj7ttDHurpnTerWbZEUZw ... ivZ4S1wHikEhVBoWmXQ2wQ== -----END RSA PRIVATE KEY-----

my ssh_known_hosts is located in src/main/resources and looks like this

github.intra.company.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMzwrmYiFj/9FD0uo...
any pointer what is causing the above error message?

Dave Syer
@dsyer
Nov 10 2017 10:41 UTC
It's a bit hard to read the config
Please use fences (``` on a line by itself) to format code

In the input field, it looks good (formatted):

spring:
application:
name: my-configserver
cloud:
config:
fail-fast: true
server:
bootstrap: @config-server-bootstrap@
git:
uri: git@github.intra.company.com:MyOrg/my-config.git
search-paths: '{application}'
clone-on-start: true
knownHostsFile: ssh_known_hosts
ignoreLocalSshSettings: true
hostKey: AAAAB3NzaC1yc2EAAAADAQABAAABAQDMzwrmYiFj/9FD...
LQDtNyeHPntdEG6fGmkwfR7YKMtZ75kD1
hostKeyAlgorithm: ssh-rsa
strictHostKeyChecking: false
privateKey: |
-----BEGIN RSA PRIVATE KEY-----
EEjd0ZDfYaeCegcbJ+osWqjE0DY2u5s3NktATCmPLLCIj7ttDHurpnTerWbZEUZw
...
ivZ4S1wHikEhVBoWmXQ2wQ==
-----END RSA PRIVATE KEY-----

no luck, the indendations are gone
Dave Syer
@dsyer
Nov 10 2017 10:42 UTC
Still not using ```
like:
  this
spring: application: name: my-configserver cloud: config: fail-fast: true server: bootstrap: @config-server-bootstrap@ git: uri: git@github.intra.company.com:MyOrg/my-config.git search-paths: '{application}' clone-on-start: true knownHostsFile: ssh_known_hosts ignoreLocalSshSettings: true hostKey: AAAAB3NzaC1yc2EAAAADAQABAAABAQDMzwrmYiFj/9FD... LQDtNyeHPntdEG6fGmkwfR7YKMtZ75kD1 hostKeyAlgorithm: ssh-rsa strictHostKeyChecking: false privateKey: | -----BEGIN RSA PRIVATE KEY----- EEjd0ZDfYaeCegcbJ+osWqjE0DY2u5s3NktATCmPLLCIj7ttDHurpnTerWbZEUZw ... ivZ4S1wHikEhVBoWmXQ2wQ== -----END RSA PRIVATE KEY-----
Dave Syer
@dsyer
Nov 10 2017 10:44 UTC
It's three backticks. Count them. Three.
  application:
    name: my-configserver
  cloud:
    config:
      fail-fast: true
      server:
        bootstrap: @config-server-bootstrap@
        git:
          uri: git@github.intra.company.com:MyOrg/my-config.git
          search-paths: '{application}'
          clone-on-start: true
          knownHostsFile: ssh_known_hosts
          ignoreLocalSshSettings: true
          hostKey: AAAAB3NzaC1yc2EAAAADAQABAAABAQDMzwrmYiFj/9FD...
          LQDtNyeHPntdEG6fGmkwfR7YKMtZ75kD1
          hostKeyAlgorithm: ssh-rsa
          strictHostKeyChecking: false
          privateKey: |
                        -----BEGIN RSA PRIVATE KEY-----
                        EEjd0ZDfYaeCegcbJ+osWqjE0DY2u5s3NktATCmPLLCIj7ttDHurpnTerWbZEUZw
                        ...
                        ivZ4S1wHikEhVBoWmXQ2wQ==
                        -----END RSA PRIVATE KEY-----
horray ;-)
Dave Syer
@dsyer
Nov 10 2017 10:46 UTC
:beers:
the hostKey value is actually in one line, so the line break visible is not in bootstrap.yml
Dave Syer
@dsyer
Nov 10 2017 10:49 UTC
right
I don't know if known hosts can be extracted from the classpath
It might need to be a file
What makes you think it would work from the classpath?
Dave Syer
@dsyer
Nov 10 2017 10:55 UTC
It looks to me like Jsch expects a filename. (And it swallows exceptions if the file doesn't exist.) So that would explain your result.
I have taken the propertey knownHostFile from an example in the reference guide, but can't find it at the moment. I think it was from version 1.2.x of config server, my google-fu is not good at the moment... AFAIK, in the guide was not detail exaplanation where the file should be located, so it was an assumption that classpath is the place
does that mean, that the value of knownHostsFile is the file name that has to be located where the ssh-client expects it to be located? Like ~/ssh?
Dave Syer
@dsyer
Nov 10 2017 11:06 UTC
Yes.
I think Jsch even knows how to resolve the "~" for you
Open a ticket for the documentation
I can see it hasn't really been finished
the dalston guide doesn' t list the the property knownHostsFile anymore: http://cloud.spring.io/spring-cloud-static/Dalston.SR4/single/spring-cloud.html#_git_ssh_configuration_using_properties
Maybe there is no support for it in this release?
Dave Syer
@dsyer
Nov 10 2017 11:10 UTC
No, it's there
It's just that no-one re-generated the properties docs
The property name is a clue BTW ("File")
Problem is also that the config-server-app is in an internal pivotal-cf cloud and there is no file system support or home directory AFAIK
Dave Syer
@dsyer
Nov 10 2017 11:11 UTC
That feature was added by the PCF team.
Ask them for some support?
For sure there is a home directory.
But I don't know how they expect you to set the known hosts
Wait...
You mean you are deploying your own config server?
Not the one provided by PCF?
yes we have to at the moment...
one per space until the guys from the operations team have time for providing config server service...
Dave Syer
@dsyer
Nov 10 2017 11:14 UTC
Then your known hosts file will be at /home/vcap/app
(the jar file is unpacked when it is executed by Cloud Foundry)
${user.home} will be /home/vcap
and java.class.path will be the root of your exploded archive
at ${user.home}/app
sorry for asking dumb (beginner) questions... that means, I still put the file in src/main/resources and use
knownHostsFile: /home/vcap/app/classes/myfilewithknownhostnameentries
?
Dave Syer
@dsyer
Nov 10 2017 11:21 UTC
Don’t know. Probably BOOT-INF/classes right?
Look inside your jar file

al right I will try that way. Thanks for your input!

I also tried to disable the host checking with the property strictHostKeyChecking yesterday, but was not successful. Should the above error message have been gone with this property?

Dave Syer
@dsyer
Nov 10 2017 11:27 UTC
don't know, sorry