Here’s a tip if you are having trouble connecting to GitHub using Eclipse/Egit with a recently generated SSH key pair…
I had created a new SSH key pair to access a client project codebase in a private GitHub repository and was having trouble connecting via Eclipse (Helios) & EGit.
My new keypair was generated with OpenSSH v5.6, and since OpenSSh v5.4
AES-128 is now the default cipher (replacing
3DES). As seen in the header of my new private key:
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,XXXXXXXXX
The internal SSH library used by Eclipse and EGit is JSch. My fully updated Eclipse Helios is using JSch
v0.1.41, but unfortunately support for
AES-128-CBC ciphered private keys wasn’t added until JSch
You could wait for Eclipse to update it (though
v0.1.44 came out last Nov). or track down an updated build of
com.jcraft.jsch.jar from Eclipse Orbit and manually drop it in your Eclipse plugins folder (oh bother). or re-encrypt your private key with 3DES (don’t).
The work around I used takes advantage of a recent feature added to EGit:
If the environment variable GIT_SSH is set, use GIT_SSH for any remote protocol connections, instead of the local JSch library.
Perfect! I just set my
GIT_SSH environment variable to my local OpenSSH and now EGit uses that and is able to handle my
AES-128 ciphered private key properly and successfully connect to GitHub.
I love you Eclipse, but you sure are high maintenance.
And a big thanks to the folks posting to these pages for pointing me in the right direction:
One thought on “Eclipse, EGit, github, jsch and AES-128 encrypted private keys”
Thank you very much!I am looking to do the exact same thing that you decsirbe in this article. It took me a while to find this. It should have been the first hit on Google!If you don’t mind, what suggestions do you have for reading in usernames and passwords? I have been fighting with Ant to find a decent way to do this. I can use the input task obviously but the password is displayed in cleartext. I can’t seem to find a way to suppress that. In fact, it’s how I stumbled upon your article. Again, many thanks for the great article.