Prevent double authentication for the same public key

Openssh client sends two requests, one without a key signature to verify
that the public key is acceptable and the second one with the signature
after having loaded the private key and signed some data for actual
verification.

To prevent that the PublickeyAuthenticator#authenticate is called twice
cache the authentication status for session and public key.  Implement
SessionListener to clean up the cache entry when session is destroyed.

This is a workaround for SSHD bug [1].

Inspired-By: Guillaume Nodet <gnodet@apache.org>
[1] https://issues.apache.org/jira/browse/SSHD-300

1 files changed, 3 insertions, 3 deletions

diff --git a/src/main/java/com/gitblit/transport/ssh/commands/DispatchCommand.java b/src/main/java/com/gitblit/transport/ssh/commands/DispatchCommand.java
index 1e43e2f2..3c041af6 100644
--- a/src/main/java/com/gitblit/transport/ssh/commands/DispatchCommand.java
+++ b/src/main/java/com/gitblit/transport/ssh/commands/DispatchCommand.java
@@ -34,7 +34,7 @@ import com.gitblit.git.GitblitUploadPackFactory;
 import com.gitblit.git.RepositoryResolver;
 import com.gitblit.models.UserModel;
 import com.gitblit.transport.ssh.CommandMetaData;
-import com.gitblit.transport.ssh.PublicKeyAuthenticator;
+import com.gitblit.transport.ssh.CachingPublicKeyAuthenticator;
 import com.gitblit.transport.ssh.SshDaemonClient;
 import com.gitblit.utils.cli.SubcommandHandler;
 import com.google.common.base.Charsets;
@@ -237,9 +237,9 @@ public class DispatchCommand extends BaseCommand {
 		this.gitblitReceivePackFactory = gitblitReceivePackFactory;
 	}
 
-	private PublicKeyAuthenticator authenticator;
+	private CachingPublicKeyAuthenticator authenticator;
 
-	public void setAuthenticator(PublicKeyAuthenticator authenticator) {
+	public void setAuthenticator(CachingPublicKeyAuthenticator authenticator) {
 		this.authenticator = authenticator;
 	}
 }