Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-62578

Unsupported key format found 'ssh-rsa' while expecting rsa-sha2-256

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Not A Defect
    • Component/s: git-client-plugin
    • Labels:
      None
    • Environment:
      Git Client plugin 3.2.1
      Jenkins 2.222.3
    • Similar Issues:

      Description

      After upgrading Git Client plugin to version 3.2.1, Jenkins is unable to authenticate on Git (full stack trace in attachment):

      com.trilead.ssh2.IOWarningException: Unsupported key format found 'ssh-rsa' while expecting rsa-sha2-256
        at com.trilead.ssh2.signature.RSAKeyAlgorithm.decodePublicKey(RSAKeyAlgorithm.java:111)
      

       

       

      According to pom-file, git-client plugin 3.2.1 depends on trilead-ssh2 version build-217-jenkins-11. Checking trilead-ssh2 sources on the tag trilead-ssh2-build-217-jenkins-11, we see the mismatch with line number:

      https://github.com/jenkinsci/trilead-ssh2/blob/ab0f2c88a402bf5b49748c96405467bfbcf03e76/src/com/trilead/ssh2/signature/RSAKeyAlgorithm.java#L102

       

      Actually the exception is thrown in line 102, not 111. It seems that git-client plugin was built with a wrong branch of trilead-ssh2, that caused the regression.

        Attachments

          Activity

          Hide
          tashoyan Arseniy Tashoyan added a comment -

          The issue got solved after upgrading another plugin: Trilead API Plugin to 1.0.8.

          Show
          tashoyan Arseniy Tashoyan added a comment - The issue got solved after upgrading another plugin: Trilead API Plugin to 1.0.8.
          Hide
          markewaite Mark Waite added a comment -

          Can you further explain how you decided that git client plugin was built with a wrong branch of trilead-ssh2?

          An explicit dependency on trilead-api is not declared in the git client plugin 3.2.1 pom and I don't see one declared in the effective pom either. The first explicit dependency declaration on the trilead-api will be in git client plugin 3.3.0 that will be released in the next month or so. In the 3.3.0 pom, it relies on the Jenkins plugin BOM to provide the version of the trilead-api plugin version.

          Show
          markewaite Mark Waite added a comment - Can you further explain how you decided that git client plugin was built with a wrong branch of trilead-ssh2? An explicit dependency on trilead-api is not declared in the git client plugin 3.2.1 pom and I don't see one declared in the effective pom either. The first explicit dependency declaration on the trilead-api will be in git client plugin 3.3.0 that will be released in the next month or so. In the 3.3.0 pom, it relies on the Jenkins plugin BOM to provide the version of the trilead-api plugin version.
          Hide
          tashoyan Arseniy Tashoyan added a comment - - edited

          It took me a bit of investigation:

          1. git-client 3.2.1 has parent: org.jenkins-ci.plugins:plugin:3.57
          2. This parent introduces a dependency: org.jenkins-ci.main:jenkins-core:2.138.4
          3. That dependency in turn brings a transitive dependency: org.jenkins-ci:trilead-ssh2:build-217-jenkins-11

          The dependency tree could be displayed by running `mvn dependency:tree`.

          Then I checked out the source code of trilead-ssh2 at the tag build-217-jenkins-11. There I saw the discrepancy between line number in the stack trace (RSAKeyAlgorithm.java:111) and RSAKeyAlgorithm.java on the tag.

          Finally, I checked another branch of trilead-ssh2: revert-43-rsa-sha-2. The pre-last revision of RSAKeyAlgorithm.java on that branch has `throw new IOWarningException(...)` exactly at the line 111, as in the stack trace.

          Show
          tashoyan Arseniy Tashoyan added a comment - - edited It took me a bit of investigation: git-client 3.2.1 has parent: org.jenkins-ci.plugins:plugin:3.57 This parent introduces a dependency: org.jenkins-ci.main:jenkins-core:2.138.4 That dependency in turn brings a transitive dependency: org.jenkins-ci:trilead-ssh2:build-217-jenkins-11 The dependency tree could be displayed by running `mvn dependency:tree`. Then I checked out the source code of trilead-ssh2 at the tag build-217-jenkins-11. There I saw the discrepancy between line number in the stack trace (RSAKeyAlgorithm.java:111) and RSAKeyAlgorithm.java on the tag. Finally, I checked another branch of trilead-ssh2: revert-43-rsa-sha-2. The pre-last revision of RSAKeyAlgorithm.java on that branch has `throw new IOWarningException(...)` exactly at the line 111, as in the stack trace.
          Hide
          markewaite Mark Waite added a comment -

          Thanks very much!

          Show
          markewaite Mark Waite added a comment - Thanks very much!

            People

            Assignee:
            markewaite Mark Waite
            Reporter:
            tashoyan Arseniy Tashoyan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: