SSH authentication not working anymore after update
597 views
Skip to first unread message
Johnny Bigoode
Oct 5, 2016, 9:09:10 AM10/5/16
to gitblit
I was changing my web.xml trying to get the baseFolder outside ${contextFolder}/WEB-INF/data, because it seems that using the standard windows path wouldn't work so straightforward (C:\gitblit\data).
After sometime I realized that using /D:/gitblit/data managed to get it working.
All fine and dandy, so I went ahead and updated the application to the newest version, 1.8.0. And everything broke.
The external baseFolder wasn't working anymore, meaning all repositories were missing.
After copying the backed up data back to the original baseFolder the repositories showed up again, but all ownership got all messed up and more importantly, no one can connect using SSH anymore.
After copying the backed up data back to the original baseFolder the repositories showed up again, but all ownership got all messed up and more importantly, no one can connect using SSH anymore.
My biggest issue now is solving the SSH problem, when trying to connect this is the issue I run into.
$ ssh -v -l <username> -p 29418 <servername>
OpenSSH_7.1p2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to <servername> [<serverip>] port 29418.
debug1: Connection established.
debug1: identity file /c/Users/<username>/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/<username>/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/<username>/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/<username>/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/<username>/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/<username>/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/<username>/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/<username>/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version Gitblit_v1.8.0 (SSHD-CORE-1.0.0-NIO2)
debug1: no match: Gitblit_v1.8.0 (SSHD-CORE-1.0.0-NIO2)
debug1: Authenticating to <servername>:29418 as '<username>'
debug1: SSH2_MSG_KEXINIT sent
Received disconnect from <serverip>: 9: sendKexInit() no resolved signatures available
Disconnected from <serverip>
On another thread I noticed that there should be a gitblit.log file somewhere, but I can't find it in the webapp folder or the tomcat\log folder, but I noticed the following error in my stderr and catalina log that seems related
05-Oct-2016 09:42:06.546 INFO [ContainerBackgroundProcessor[StandardEngine[Catalina]]] org.apache.catalina.loader.WebappClassLoaderBase.checkStateForResourceLoading Illegal access: this web application instance has been stopped already. Could not load [org.bouncycastle.jcajce.provider.asymmetric.dsa.KeyPairGeneratorSpi]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access.
java.lang.IllegalStateException: Illegal access: this web application instance has been stopped already. Could not load [org.bouncycastle.jcajce.provider.asymmetric.dsa.KeyPairGeneratorSpi]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access.
at org.apache.catalina.loader.WebappClassLoaderBase.checkStateForResourceLoading(WebappClassLoaderBase.java:1325)
at org.apache.catalina.loader.WebappClassLoaderBase.checkStateForClassLoading(WebappClassLoaderBase.java:1313)
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1178)
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1139)
at java.security.Provider$Service.getImplClass(Unknown Source)
at java.security.Provider$Service.newInstance(Unknown Source)
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at java.security.KeyPairGenerator.getInstance(Unknown Source)
at org.apache.sshd.common.util.SecurityUtils.getKeyPairGenerator(SecurityUtils.java:419)
at com.gitblit.transport.ssh.SshDaemon.generateKeyPair(SshDaemon.java:217)
at com.gitblit.transport.ssh.SshDaemon.<init>(SshDaemon.java:96)
at com.gitblit.manager.ServicesManager.configureSshDaemon(ServicesManager.java:417)
at com.gitblit.manager.ServicesManager.start(ServicesManager.java:108)
at com.gitblit.manager.ServicesManager.start(ServicesManager.java:72)
at com.gitblit.servlet.GitblitContext.startManager(GitblitContext.java:271)
at com.gitblit.servlet.GitblitContext.startManager(GitblitContext.java:267)
at com.gitblit.servlet.GitblitContext.startCore(GitblitContext.java:208)
at com.gitblit.servlet.GitblitContext.contextInitialized(GitblitContext.java:148)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4811)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5251)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
at org.apache.catalina.core.StandardContext.reload(StandardContext.java:3827)
at org.apache.catalina.startup.HostConfig.reload(HostConfig.java:1372)
at org.apache.catalina.startup.HostConfig.checkResources(HostConfig.java:1345)
at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1581)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:284)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:95)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1141)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1377)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1381)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1349)
at java.lang.Thread.run(Unknown Source)
James Moger
Oct 5, 2016, 9:27:35 AM10/5/16
to git...@googlegroups.com
Base Folder
Maybe instead of messing with web.xml you should instead configure a JNDI resource or setup an evironment variable.Logging
Gitblit should be logging to Catalina.out or stdout.
SSH
It looks like your Tomcat setup doesn't like the bundled BouncyCastle crypto library. Not sure why.
These type of container issues are main reason for considering the GO distribution over the WAR.
-J
--
You received this message because you are subscribed to the Google Groups "gitblit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gitblit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Johnny Bigoode
Oct 5, 2016, 10:27:36 AM10/5/16
to gitblit
Thanks James!
Using the folder via JNDI did the trick perfect.
And since you mentioned that Tomcat might not be liking BouncyCastle, I just cleaned Catalina's work folder and it worked like a charm!
The only think I'd bug a little is the log... wouldn't be wiser to have the app's log into a separate file?
To unsubscribe from this group and stop receiving emails from it, send an email to gitblit+u...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages