Following is the link to setup SSH configuration for working with Git lfs repositories in Artifactory. Please note that "passphrase" is not to be provided when you are creating SSH keys for server authentication. If the "passphrase" is provided when you generate the SSH keys for server authentication, then you will see an error like the below example when attempting the git lfs push to Artifactory.
(0 of 1 files) 0 B / 4.09 MB
Post https://localhost/artifactory/gitlfs-local/objects/batch: dial tcp [::1]:443: getsockopt: connection refused
In the artifactory.log you will notice the below exception for the failed attempt:
2016-01-18 18:49:12,089 [sshd-SshServer[f4220a5]-nio2-thread-2] [WARN ](o.a.s.s.s.ServerSession:456) - Exception caught
org.apache.sshd.common.SshException: sendKexInit() none of the keys appears in supported list: [ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-dss, ssh-rsa]
The other reason for the failure to push to Artifactory when using SSH authentication is if you have provided an incorrect SSH port to be connected to Artifactory in the ".git/config" file which is under the local git repository. The url in this file should have the SSH port that is configured in Artifactory during the SSH server configuration. Below is a sample ".git/config" file with the Artifactory URL highlighted:
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
ignorecase = true
precomposeunicode = true
[remote "origin"]
url = https://github.com/nihalreddy28/project-examples.git
fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
remote = origin
merge = refs/heads/master
[lfs]
url = "ssh://git@localhost:1339/artifactory/gitlfs-local"
Mymac-MBP:project-examples mac$ ssh <ServerName> -p <port> git-lfs-authenticate artifactory/<reponame> download 0abcd
The command should look like the below example:
ssh 127.0.0.1 -p 1339 git-lfs-authenticate artifactory/gitlfs-local download 0abcd
If the SSH auth is successful, you should see the below output.
{"header":{"Authorization":"Bearer UPehbrgQaBKtm2E/Aj570vIWKk7n6cujPRB6mcuFPpU="},"href":"http://localhost:8081/artifactory/api/lfs/gitlfs-local"}
SSH Access when NGINX is on a separate machine than Artifactory
If you are attempting to setup SSH authentication for Git LFS, you can follow these steps to accomplish the task (This requires NGINX 1.9.0 and above):
Environment tested
- NGINX v1.11 connected to two Artifactory instances (Primary and Slave)
- NGINX is configured with port 8080 to access Artifactory - http://<url>:8080/artifactory)
A. Configuring NGINX to support Git LFS using SSH authentication
Requires: NGINX v 1.9.0+
- Locate your NGINX installation and add the below stream lines (in bold) to /etc/nginx/nginx.conf file - SSH port configured in Artifactory in this case is port 1339 (please ensure this is the same as what is defined in Artifactory):
http { …..
include /etc/nginx/conf.d/*.conf;
}
stream {
upstream backend {
# You do not necessarily need to specify two servers if you have two separate NGINX's with each pointing to its own Artifactory, this is for load balancing from NGINX #
server host-1-ip-address:1339 // for example "server <primary-url>:1339"
server host-2-ip-address:1339 // for example “server <secondary-url>:1339"
}
server {
listen 1339;
proxy_pass backend;
}
}
Notes: The “stream” must be at the same level as http but not within the http block!
NGINX Reference - https://nginx.org/en/docs/stream/ngx_stream_core_module.html
B. Configuring Artifactory SSH
Refer to SSH Server configuration to configure SSH. For the above example - Custom Base URL is the NGINX URL.
The SSH configuration will look like -
C. On the Git LFS Client
Instructions -