Bamboo Git SSH connections failing with PEMException
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
Git SSH connections via Bamboo are failing with a PEMException when using the third-party app Kantega SSO, SAML and Kerberos for Bamboo is installed and a new signing key has been added.
The following appears in the atlassian-bamboo.log
Caused by: org.bouncycastle.openssl.PEMException: unable to convert key pair: no such algorithm: RSA for provider BC
at org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.getKeyPair(Unknown Source)
at com.atlassian.bamboo.crypto.BouncyCastleProviderUtils.toJavaKeyPair(BouncyCastleProviderUtils.java:57)
at com.atlassian.bamboo.crypto.BouncyCastleProviderUtils.toJavaKeyPair(BouncyCastleProviderUtils.java:72)
at com.atlassian.bamboo.plugins.ssh.ProxyConnectionDataBuilderImpl.withKeyFromReader(ProxyConnectionDataBuilderImpl.java:90)
at com.atlassian.bamboo.plugins.ssh.ProxyConnectionDataBuilderImpl.withKeyFromString(ProxyConnectionDataBuilderImpl.java:69)
at com.atlassian.bamboo.plugins.ssh.ProxyConnectionDataBuilderImpl.withKeyFromString(ProxyConnectionDataBuilderImpl.java:30)
at com.atlassian.bamboo.plugins.git.NativeGitOperationHelper.beforeRepositoryAccess(NativeGitOperationHelper.java:211)
... 72 more
Caused by: java.security.NoSuchAlgorithmException: no such algorithm: RSA for provider BC
at sun.security.jca.GetInstance.getService(GetInstance.java:87)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
at java.security.KeyFactory.getInstance(KeyFactory.java:211)
at org.bouncycastle.jcajce.util.NamedJcaJceHelper.createKeyFactory(Unknown Source)
at org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.getKeyFactory(Unknown Source)
... 79 moreCaused by: org.bouncycastle.openssl.PEMException: unable to convert key pair: no such provider: BC
at org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.getKeyPair(Unknown Source)
at com.atlassian.bamboo.crypto.BouncyCastleProviderUtils.toJavaKeyPair(BouncyCastleProviderUtils.java:57)
at com.atlassian.bamboo.crypto.BouncyCastleProviderUtils.toJavaKeyPair(BouncyCastleProviderUtils.java:72)
at com.atlassian.bamboo.plugins.ssh.ProxyConnectionDataBuilderImpl.withKeyFromReader(ProxyConnectionDataBuilderImpl.java:86)
at com.atlassian.bamboo.plugins.ssh.ProxyConnectionDataBuilderImpl.withKeyFromString(ProxyConnectionDataBuilderImpl.java:65)
at com.atlassian.bamboo.plugins.ssh.ProxyConnectionDataBuilderImpl.withKeyFromString(ProxyConnectionDataBuilderImpl.java:27)
at com.atlassian.bamboo.plugins.git.NativeGitOperationHelper.beforeRepositoryAccess(NativeGitOperationHelper.java:231)
... 67 more
Caused by: java.security.NoSuchProviderException: no such provider: BC
at sun.security.jca.GetInstance.getService(GetInstance.java:83)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
at java.security.KeyFactory.getInstance(KeyFactory.java:211)
at org.bouncycastle.jcajce.util.NamedJcaJceHelper.createKeyFactory(Unknown Source)
at org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.getKeyFactory(Unknown Source)
... 74 moreThis may also result in the error "New access key is required but could not be added to Bitbucket Server" errors when attempting to add a Bitbucket repository, however this a very generic symptom which is more commonly caused by factors addressed on the below knowledge-base article:
Diagnosis
Environment
At time of writing this has been confirmed on:
- Bamboo 6.8.0 and Kantega SSO, SAML and Kerberos version 3.5.4
Workaround
Restart Bamboo. Bamboo will need to be restarted each time a new signing key is added via the Kantega SSO app until a fix is provided by the app vendor.