Skip to content

Clone Git stops working with rsa ssh-rsa2 #37

New issue
New issue
Open
Open
Clone Git stops working with rsa ssh-rsa2#37
@datrem

Description

@datrem
datrem
opened on Sep 4, 2025

Hi,
after gitlab update to Version 18.3.1 we have so problems with the git clone.

According to our analysis, this is due to RSA. We use RSA with 4096 bits as the SSH key peer, which leads to the error below.
This is due to the use of ssh-rsa1, but GitLab now enforces ssh-rsa2.
We therefore wanted to switch from ed25519, but this is not supported either.

rundeck.log:
org.eclipse.jgit.api.errors.TransportException: git@ssh.group/ansible.git: Auth fail
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:249)
at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:325)
at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:191)
at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:1)
at java_util_concurrent_Callable$call$0.call(Unknown Source)
at com.rundeck.plugin.GitManager.performClone(GitManager.groovy:137)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.codehaus.groovy.runtime.callsite.PlainObjectMetaMethodSite.doInvoke(PlainObjectMetaMethodSite.java:48)
at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSiteNoUnwrapNoCoerce.invoke(PogoMetaMethodSite.java:189)
at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.callCurrent(PogoMetaMethodSite.java:57)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:185)
at com.rundeck.plugin.GitManager.cloneOrCreate(GitManager.groovy:86)
at com.rundeck.plugin.GitManager$cloneOrCreate$0.call(Unknown Source)
at com.rundeck.plugin.GitCloneWorkflowStep.executeStep(GitCloneWorkflowStep.groovy:130)
at com.dtolabs.rundeck.core.execution.workflow.steps.StepPluginAdapter.executeWorkflowStep(StepPluginAdapter.java:120)
at com.dtolabs.rundeck.core.execution.ExecutionServiceImpl.executeStep(ExecutionServiceImpl.java:114)
at com.dtolabs.rundeck.core.execution.workflow.BaseWorkflowExecutor.executeWFItem(BaseWorkflowExecutor.java:285)
at com.dtolabs.rundeck.core.execution.workflow.BaseWorkflowExecutor.executeWorkflowStep(BaseWorkflowExecutor.java:681)
at com.dtolabs.rundeck.core.execution.workflow.engine.StepCallable.apply(StepCallable.java:71)
at com.dtolabs.rundeck.core.execution.workflow.engine.StepOperation.apply(StepOperation.java:76)
at com.dtolabs.rundeck.core.execution.workflow.engine.StepOperation.apply(StepOperation.java:32)
at com.dtolabs.rundeck.core.rules.WorkflowEngineOperationsProcessor.lambda$beginOperation$1(WorkflowEngineOperationsProcessor.java:323)
at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:131)
at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:75)
at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:82)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.eclipse.jgit.errors.TransportException: git@ssh.group/ansible.git: Auth fail
at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:163)
at org.eclipse.jgit.transport.SshTransport.getSession(SshTransport.java:107)
at org.eclipse.jgit.transport.TransportGitSsh$SshFetchConnection.(TransportGitSsh.java:281)
at org.eclipse.jgit.transport.TransportGitSsh.openFetch(TransportGitSsh.java:153)
at org.eclipse.jgit.transport.FetchProcess.executeImp(FetchProcess.java:153)
at org.eclipse.jgit.transport.FetchProcess.execute(FetchProcess.java:105)
at org.eclipse.jgit.transport.Transport.fetch(Transport.java:1462)
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:238)
... 30 more
Caused by: com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:519)
at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:116)
... 37 more
Failed cloning the repository from git@ssh.group/ansible.git: git@ssh.group/ansible.git: Auth fail
Error with Authentication Failed cloning the repository from git@ssh.group/ansible.git: git@ssh.group/ansible.git: Auth fail
Failed: Unknown: ERROR: error adding private key to ssh-agent.[/usr/bin/ssh-add, /var/lib/rundeck/var/tmp/ansible-runner266841342985285509id_rsa]

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions