In the Maven settings.xml
, I want to define an SSH server and provide:
- The Host to connect to
- The user to connect to
- The location of a private key (to authenticate myself)
- Manually provide a Host Key (public key to verify the server)
I do not want:
- to depend on the
~/.ssh/known_hosts
file - to be asked to accept a host key
- to ignore the host key validation
As such, existing answers on StackExchange do not help me, which include:
- Overridding the provider to the
NullKnownHostProvider
and settinghostKeyChecking
tono
. - Manually executing ssh on the command line to get the hostkey entered in the
~/.ssh/known_hosts
file.
This is an example of how I envisioned it could be setup in the maven setup.xml
:
<servers>
<server>
<id>gitcloud.myserver.net:8001</id>
<username>git</username>
<privateKey>C:/data/home/.ssh/id_rsa</privateKey>
<configuration>
<knownHostsProvider implementation="org.apache.maven.wagon.providers.ssh.knownhost.SingleKnownHostProvider">
<hostKeyChecking>yes</hostKeyChecking>
<contents>codecloud.web.att.com ssh-rsa XXXXA3NvvFakeSSHKEYsdfADA...doLQ==</contents>
</knownHostsProvider>
</configuration>
</server>
</servers>
This is a common problem, you can find many people on the Internet looking for a correct solution, trying to override the
knownHostsProvider
implementation with an instance ofSingleKnownHostsProvider
, as you explained in your example.First, here is why it's not so easy to do that:
When the repository URL starts with
scp:
, Plexus, the component manager used by Maven, looks for a component with roleorg.apache.maven.wagon.Wagon
and hintscp
, and find the only one that complies to these needs in the current Wagon implementation (up to 3.0.1 at least), that is of classorg.apache.maven.wagon.providers.ssh.jsch.ScpWagon
. This class extends the classAbstractJschWagon
in the same package, and this latter class statically defines afile
role-hint to select aKnownHostProvider
instance.Therefore, this
file
role-hint makes Plexus use the classFileKnownHostsProvider
to instanciate aKnownHostsProvider
object that is given to theScpWagon
instance. This is because the classFileKnownHostsProvider
is defined the following way at the beginning of its source file:On the contrary, the class
SingleKnownHostProvider
is not defined with role-hintfile
but with role-hintsingle
:So, the binding to this unwanted (in your situation)
FileKnownHostsProvider
is statically defined in theAbstractJschWagon
source file. This is the whole difficulty.Now, here is how to solve the problem:
Use this Maven wagon patched implementation available here on GitHub, by running those steps:
1- in your
pom.xml
, you may have some maven extension defined this way:Note that you may use another version than the 3.0.1.
Anyway, change this definition by the specific version 3.0.1-SINGLE:
2- This specific version
3.0.1-SINGLE
is a Wagon version I've patched to solve this very common problem, I've also encountered. It is not available on Maven central, but on GitHub.So, you must install it yourself, the following way for instance:
3- Now, configure your
setup.xml
this way:Everything should now work like you want: if the host key defined in the
setup.xml
file is correct, maven will not display the key fingerprint, nor ask you to validate this host key.Hope that helps.