Prevent double authentication for the same public key

Openssh client sends two requests, one without a key signature to verify
that the public key is acceptable and the second one with the signature
after having loaded the private key and signed some data for actual
verification.

To prevent that the PublickeyAuthenticator#authenticate is called twice
cache the authentication status for session and public key.  Implement
SessionListener to clean up the cache entry when session is destroyed.

This is a workaround for SSHD bug [1].

Inspired-By: Guillaume Nodet <gnodet@apache.org>
[1] https://issues.apache.org/jira/browse/SSHD-300

1 files changed, 5 insertions, 2 deletions

diff --git a/src/main/java/com/gitblit/transport/ssh/SshCommandFactory.java b/src/main/java/com/gitblit/transport/ssh/SshCommandFactory.java
index da57f76e..48e8869a 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshCommandFactory.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshCommandFactory.java
@@ -61,10 +61,12 @@ public class SshCommandFactory implements CommandFactory {
 	private static final Logger logger = LoggerFactory.getLogger(SshCommandFactory.class);
 
 	private final IGitblit gitblit;
-	private final PublicKeyAuthenticator keyAuthenticator;
+	private final CachingPublicKeyAuthenticator keyAuthenticator;
 	private final ScheduledExecutorService startExecutor;
 
-	public SshCommandFactory(IGitblit gitblit, PublicKeyAuthenticator keyAuthenticator, IdGenerator idGenerator) {
+	public SshCommandFactory(IGitblit gitblit,
+			CachingPublicKeyAuthenticator keyAuthenticator,
+			IdGenerator idGenerator) {
 		this.gitblit = gitblit;
 		this.keyAuthenticator = keyAuthenticator;
 
@@ -252,6 +254,7 @@ public class SshCommandFactory implements CommandFactory {
 			}
 		}
 
+		@SuppressWarnings("unused")
 		private void onDestroy() {
 			synchronized (this) {
 				if (cmd != null) {