I am using Git with Intellij in Windows 10 environment. For some reason my git credentials are messed up. When I try to fetch/clone, Intellij is not asking me the credentials to enter. It appears as if it is trying to use already stored git credentials. I am getting the following error when I try to fetch :
7:58:31.180: git -c core.quotepath=false fetch origin --progress
--prune
java.io.IOException: Authentication failed: at
org.jetbrains.git4idea.ssh.SSHMain.authenticate(SSHMain.java:298) at
org.jetbrains.git4idea.ssh.SSHMain.start(SSHMain.java:172) at
org.jetbrains.git4idea.ssh.SSHMain.main(SSHMain.java:137) Caused by:
java.io.IOException: Publickey authentication failed. at
com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:262)
at
com.trilead.ssh2.Connection.authenticateWithPublicKey(Connection.java:443)
at org.jetbrains.git4idea.ssh.SSHMain.tryPublicKey(SSHMain.java:352)
at org.jetbrains.git4idea.ssh.SSHMain.authenticate(SSHMain.java:231)
... 2 more Caused by: java.io.IOException: Invalid PEM structure,
'-----BEGIN...' missing at
com.trilead.ssh2.crypto.PEMDecoder.parsePEM(PEMDecoder.java:138) at
com.trilead.ssh2.crypto.PEMDecoder.decode(PEMDecoder.java:313) at
com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:171)
... 5 more fatal: Could not read from remote repository. Please make
sure you have the correct access rights and the repository exists.
So, I googled and found various approaches and tried all of them only to find none is working for me.
I tried in the following ways:
1)Removing the credentials stored in Windows Credentials Manager
2)Change remote repository credentials (authentication) on Intellij IDEA 14
3)Git credential helper - update password
and so on.. Any other thoughts to fix the issue so that the Intellij would ask me the credentials before I fetch/clone my repo?
TL;DR Update to the latest version (2018.3 or above), it uses Native SSH by default and if everything works in the terminal, it should work in the IDE.
A bit more detailed answer below:
Git credential helpers work for HTTP-base connections. Judging by the error, you are using SSH, so no credential helper is involved so any manipulations around it will not help.
The error message also belongs to the IntelliJ Built-in SSH client, and the reason is either wrong ssh-key in use or unsupported key format - and builtin client is known to not support new OpenSSH key format - see https://youtrack.jetbrains.com/issue/IDEA-151116
The solution to this is to configure IDE to use Native SSH, which is, in fact, telling git to use system default SSH client, or the one bundled with GitForWindows in case it is used. Native SSH is supposed to support the key format in use.
Prior to 2018.3, IntelliJ was not able to handle interactive prompts for passphrase or host verification, so ssh-agent had to be used. Stating from 2018.3, IntelliJ can handle those prompts and Native SSH is the default. So updating should solve the issue should it be the key format, or some specific .ssh config not supported by the builtin SSH client.
I was running into some other issues when I configured Native SSH, but downgrading git version to 2.17.0 from 2.20.1 has solved the problem
Related
For my personal pet-project I wrote on Java application, which pulls code from GIT repository through https and performs some analysis. However when I started testing it against code store in corporate repository I got “PKIX path building failed” and “unable to find valid certification path to requested target” errors.
Quick googling showed that the main cause of the problem is incorrect SSL settings in the infrastructure like self-signed certificate, for example.
I found possible workarounds to avoid this error:
Add host certificate manually into JRE trusted certificates.
Dynamically add the certificate to trusted certificates from applications resource files during its startup.
During startup of the app disable SSL validations at all, but this makes application vulnerable to "man in the middle" attacks.
But that's not the question.
When I was working with this corporate repository with standard GIT client (through https too) I've never got any issues with SSL or certificates. So the question is - how does official GIT client avoids this problem with self signed certificate in the chain?
Git itself does not do anything with any of this.
Git uses helpers—external programs and libraries—when talking to other Git providers. Those programs and libraries are responsible for all of this. So if you use git fetch or git push—note that git pull uses git fetch—and you use these with a URL that begins with https://, Git uses a system-provided HTTPS library,1 usually called "libcurl" or just curl. If you use an ssh:// URL, Git uses the system-provided ssh.
The Pro Git Book includes a chapter on Git Internals, with one section dedicated to Environment Variables. When using libcurl, these variables are particularly useful:
GIT_CURL_VERBOSE prints out the same stuff that curl -v prints.
GIT_SSL_NO_VERIFY turns off SSL certificate verification. So the default must be to do that verification, which (of course) will have issues with self-signed certificates.
When I was working with this corporate repository with standard GIT client (through https too) I've never got any issues with SSL or certificates.
That's interesting and curious; perhaps invoking Git with GIT_CURL_VERBOSE set will show what's going on here, or perhaps not. Or, perhaps the libcurl that was used to build your particular Git uses some CA files that your Java libraries do not.
1The details for this will depend on how your Git binaries were built. If you like, you can get the source code for Git and build it yourself, and thus have control over which library is used.
My client program is to get the records from DynamoDb table. My binary is working as expected on host machine, but if I run the same binary in Linux container, it's returning this error:
Unable to connect to endpoint
Do I need to change anything in client code or container settings?
This might be a bit late, but in case someone else is trying to run AWS through docker, by default it checks the SSL certificates when it connects. So you need to initialise the AWS client configuration with:
Aws::Client::ClientConfiguration config;
config.verifySSL = false;
It might be an SSL issue, if you see exceptions and/or logs mentioning about some sort of SSL certificate or connection error.
The short summary is that your linux box need to trust Amazon's root CA, which you can test by visiting https://dynamodb.eu-west-3.amazonaws.com.
Here is more detailed documentation to diagnose and resolve certificate related issues: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ats-certs.html
When I try to connect to my EC2 server, using Netbeans(Git-Remote-Push), I get "incorrect credentials coonecting to repository at SSH://xx.xx.xxx.xx/git-repo"
In my ide.log, I get the following message:
"WARNING [org.netbeans.modules.progress.spi.InternalHandle]: Cannot call progress on a task that was never started at org.netbeans.modules.git.client.GitProgressSupport.setProgressMessage(GitProgressSupport.java:247)
INFO [org.netbeans.modules.git.ui.repository.remote.SelectUriStep]: Auth failed when accessing ssh://54.77.226.97/git-repo
com.jcraft.jsch.JSchException: Algorithm negotiation fail"
Steps I have taken to overcome the problem.
I can connect using git-bash OK
I have ussed ssh-keygen to generate the keys
I have downloaded JCE 8 unlimited strength policy files.
Any help much appreciated, thanks
"Algorithm negotiation fail" means that the SSH-Client implementation netbeans uses and the server implementation, cannot find a mutual algorithm to encrypt/compress.
Reason could be that an administrator doesn't want the server to support insecure or doubtful algorithms from now on. So you have to find an update for Netbeans.
Hope you are doing well.I know there are many answers alike to the issue that i am going to ask but still no one seems to help.
Please help!!!
Issue:-
I am trying to connect to a secure website(HTTPS) using WebScarab, so that i can capture the traffic.Http is working fine for me.
For this i am using WebScarab as a proxy.
'client.getHostConfiguration().setProxy("127.0.0.1", 8008);'
but everytime i gets an exception (
SunCertPathBuilderException
) as stated above.
I have tried adding the website certificate to the Java using Keytool utility also.
I then added a proxy (reverse) entry in WebScarab (127.0.0.1 , 443) and changed the program to use it as a proxy server.
'client.getHostConfiguration().setProxy("127.0.0.1", 443);'
Then i got the following exception :-
org.apache.commons.httpclient.ProtocolException: The server stbeehive.oracle.com failed to respond with a valid HTTP response.
I also tried creating a .p12 certificate (for the website which i want to connect to) and importing it to WebScarab.
But inspite of all these methods i am not able to get the proper response.
I am using WebScarab as a proxy for firefox to capture its traffic and it is working fine (for both http and https).
Please help me as i have run out of ideas now :(
Are you using WebScarab or WebScarab-NG?
Please try WebScarab "classic", rather than the -NG variant. NG was a failed experiment, and no real effort was put into validating the client-side certificate functionality.
Also, what version of Java are you using, what operating system, 32 bit or 64-bit, etc, etc
Regards,
Rogan
I have a webapp that sends a SOAP request to a 3rd party server. When the request is made on my local computer it works without a problem, but when I deploy my application to my server I get an error with the following causes:
com.sun.xml.messaging.saaj.SOAPExceptionImpl: java.security.PrivilegedActionException: com.sun.xml.messaging.saaj.SOAPExceptionImpl: Message send failed
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: algorithm check failed: MD2withRSA is disabled
I've searched around but I can't find anything relevant to my situation. It's probably worth noting that the request I'm making is to an https url. My computer is running Windows XP and the server is running Slackware Linux. Any ideas what might be causing the server to reject the request?
Check your Java versions on your local machine, and your server.
From here, it seems the jvm 6u17 disabled MD2 as it is insecure, and whatever you connect to is using MD2
MD2withRSA is highly vulnerable and therefore deactivated in Sun... aeh Oracle's JVM. You should ask the owner of the remote service, whether his server supports more secure encryption methods (I think, older Apache HTTPd versions do offer MD2withRSA by default...). In order to resolve this problem without forcing the provider to change the method, you may use your own implementation of the X509TrustManager that accepts the old method.
A Google search on "MD2withRSA" showed this URL as the first hit, that seems to point to a change in a certain Java version. Probably the verasiuons on your local computer and the server do not match.
Newer Java 7 (version 1.7) allows re-enabling MD2 via $JAVA_HOME/jre/lib/security/java.security file. Download and install Java 7 and modify java.security file in text editor as follows
1) Remove MD2 from following property
jdk.certpath.disabledAlgorithms= # MD2
2) Ensure following property is commented out
# jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048
3) Restart java application
Warning: MD2 is disabled by default in Jdk 7 because it is insecure. However, it can be enabled as described above to support older deployments.