January 25, 2011
I had created a new SSH key pair to access a client project codebase in a private github repository and was having trouble connecting via Eclipse (Helios) & EGit.
My new keypair was generated with OpenSSH v5.6, and since OpenSSh v5.4 AES-128 is now the default cipher (replacing 3DES). As seen in the header of my new private key:
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,XXXXXXXXX
The internal SSH library used by Eclipse and EGit is JSch. My fully updated Eclipse Helios is using JSch v0.1.41, but unfortunately support for AES-128-CBC ciphered private keys wasn’t added until JSch v0.1.44.
You could wait for Eclipse to update it (though v0.1.44 came out last Nov). or track down an updated build of com.jcraft.jsch.jar from Eclipse Orbit and manually drop it in your Eclipse plugins folder (oh bother). or re-encrypt your private key with 3DES (don’t).
The work around I used takes advantage of a recent feature added to EGit:
"If the environment variable GIT_SSH is set, use GIT_SSH for any remote protocol connections, instead of the local JSch library."
Perfect! I just set my GIT_SSH environment variable to my local OpenSSH and now EGit uses that and is able to handle my AES-128 ciphered private key properly and successfully connect to github.
I love you Eclipse, but you sure are high maintenance.
And a big thanks to the folks posting to these pages for pointing me in the right direction: