From 28c3ae1728866bcdb2fb88b61683e3132c7f8ff5 Mon Sep 17 00:00:00 2001 From: Thomas Wolf Date: Mon, 6 May 2024 19:32:12 +0200 Subject: [PATCH] sshd: fix IdentiesOnly if SSH agent is enabled and has keys Commit a44b9e8bf changed the logic so that we try to read a public key from the file given first, and only then try the file with the ".pub" extension. Unfortunately the exception handling was not sufficient to correctly deal with the given file containing a private key. Apache MINA SSHD may throw a StreamCorruptedException when one tries to read a public key from a file containing a private key. Handle this exception in addition to GeneralSecurityException, and change the order of exception handlers because StreamCorruptedException is an IOException. Bug: jgit-53 Change-Id: I7dddc2c11aa75d7663f7fe41652df612bf8c88cd Signed-off-by: Thomas Wolf --- .../transport/sshd/JGitPublicKeyAuthentication.java | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java index b0b1028daa..6aace4753a 100644 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java @@ -17,6 +17,7 @@ import static org.eclipse.jgit.transport.SshConstants.PUBKEY_ACCEPTED_ALGORITHMS import java.io.File; import java.io.IOException; +import java.io.StreamCorruptedException; import java.net.URISyntaxException; import java.nio.file.Files; import java.nio.file.InvalidPathException; @@ -355,20 +356,20 @@ public class JGitPublicKeyAuthentication extends UserAuthPublicKey { // only warn about non-existing files in case the key file is // not derived if (!isDerived) { - log.warn("{}", //$NON-NLS-1$ + log.warn(LOG_FORMAT, format(SshdText.get().cannotReadPublicKey, keyFile)); } - } catch (InvalidPathException | IOException e) { - log.warn("{}", //$NON-NLS-1$ - format(SshdText.get().cannotReadPublicKey, keyFile), e); - } catch (GeneralSecurityException e) { + } catch (GeneralSecurityException | StreamCorruptedException e) { // ignore in case this is not a derived key path, as in most // cases this specifies a private key if (isDerived) { - log.warn("{}", //$NON-NLS-1$ + log.warn(LOG_FORMAT, format(SshdText.get().cannotReadPublicKey, keyFile), e); } + } catch (InvalidPathException | IOException e) { + log.warn(LOG_FORMAT, + format(SshdText.get().cannotReadPublicKey, keyFile), e); } return null; } -- 2.39.5