In the Maven settings.xml, I want to define an SSH server and provide:
- The Host to connect to
- The user to connect to
- The location of a private key (to authenticate myself)
- Manually provide a Host Key (public key to verify the server)
I do not want:
- to depend on the
~/.ssh/known_hostsfile - to be asked to accept a host key
- to ignore the host key validation
As such, existing answers on StackExchange do not help me, which include:
- Overridding the provider to the
NullKnownHostProviderand settinghostKeyCheckingtono. - Manually executing ssh on the command line to get the hostkey entered in the
~/.ssh/known_hostsfile.
This is an example of how I envisioned it could be setup in the maven setup.xml:
<servers>
<server>
<id>gitcloud.myserver.net:8001</id>
<username>git</username>
<privateKey>C:/data/home/.ssh/id_rsa</privateKey>
<configuration>
<knownHostsProvider implementation="org.apache.maven.wagon.providers.ssh.knownhost.SingleKnownHostProvider">
<hostKeyChecking>yes</hostKeyChecking>
<contents>codecloud.web.att.com ssh-rsa XXXXA3NvvFakeSSHKEYsdfADA...doLQ==</contents>
</knownHostsProvider>
</configuration>
</server>
</servers>
This is a common problem, you can find many people on the Internet looking for a correct solution, trying to override the
knownHostsProviderimplementation with an instance ofSingleKnownHostsProvider, as you explained in your example.First, here is why it's not so easy to do that:
When the repository URL starts with
scp:, Plexus, the component manager used by Maven, looks for a component with roleorg.apache.maven.wagon.Wagonand hintscp, and find the only one that complies to these needs in the current Wagon implementation (up to 3.0.1 at least), that is of classorg.apache.maven.wagon.providers.ssh.jsch.ScpWagon. This class extends the classAbstractJschWagonin the same package, and this latter class statically defines afilerole-hint to select aKnownHostProviderinstance.Therefore, this
filerole-hint makes Plexus use the classFileKnownHostsProviderto instanciate aKnownHostsProviderobject that is given to theScpWagoninstance. This is because the classFileKnownHostsProvideris defined the following way at the beginning of its source file:On the contrary, the class
SingleKnownHostProvideris not defined with role-hintfilebut with role-hintsingle:So, the binding to this unwanted (in your situation)
FileKnownHostsProvideris statically defined in theAbstractJschWagonsource file. This is the whole difficulty.Now, here is how to solve the problem:
Use this Maven wagon patched implementation available here on GitHub, by running those steps:
1- in your
pom.xml, you may have some maven extension defined this way:Note that you may use another version than the 3.0.1.
Anyway, change this definition by the specific version 3.0.1-SINGLE:
2- This specific version
3.0.1-SINGLEis a Wagon version I've patched to solve this very common problem, I've also encountered. It is not available on Maven central, but on GitHub.So, you must install it yourself, the following way for instance:
3- Now, configure your
setup.xmlthis way:Everything should now work like you want: if the host key defined in the
setup.xmlfile is correct, maven will not display the key fingerprint, nor ask you to validate this host key.Hope that helps.