summaryrefslogtreecommitdiffstats
path: root/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
Commit message (Collapse)AuthorAgeFilesLines
* Add SSH host keys with ECDSA and Ed25519Florian Zschocke2022-10-251-8/+51
| | | | | | | | | Create new host keys, one with ECDSA and one with Ed25519 algorithms. For the Ed25519 currently the EdDSA library from i2p is used. This requires some quirks, compared to a modern BouncyCastle. But the SSHD library used cannot use BouncyCastle yet for Ed25519. No DSA key is generated anymore, but we still support existing ones.
* Update BouncyCastle to version 1.69Florian Zschocke2022-10-251-2/+2
| | | | | | | | | | | The version 1.69 is chosen instead of 1.70, because the moxie build would not download the jars, trying to download `...1.7.jar` instead. Three class deprecations are fixed. `PEMWriter` and `X509Extension` are replaced with their drop-in replacements `JcaPEMWriter` and `Extension`. The `PasswordFinder` deprecation note says that "it is no longer used". It also was never used in Gitblit's code, so it is removed from the key par provider class.
* Update dependency MINA SSHD to version 1.7.0Florian Zschocke2022-10-091-3/+6
|
* upgrade to sshd 1.6.0, add eddsa dependency, upgrade jgit to 4.1.2ricardop2022-10-081-3/+7
| | | | | | | | | (cherry picked from commit d8fbdda2ab3fa48e92bdf37399d4b75c48409c5c@rpardini:master) # Conflicts: # .classpath # build.moxie # src/test/java/com/gitblit/tests/SshUnitTest.java
* Update SSHD dependency to version 1.1.0.Florian Zschocke2019-11-101-2/+2
|
* Merge pull request #6 from fzs/sshAuthMethodsFlorian Zschocke2017-01-211-6/+34
|\ | | | | Set list of offered SSH authentication methods.
| * Set list of offered SSH authentication methods.merged--sshAuthMethodsFlorian Zschocke2016-12-061-6/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make the SSH authentication methods used by the server configurable, so that for example password authentication can be turned off. For this, a `git.sshAuthenticationMethods` setting is added which is a space separated list of authentication method names. Only the methods listed will be enabled in the server. This is modeled after the option of the same name from sshd_config, but it does not offer listing multiple required methods. It leaves the door open, though, for a later extension to support such a multi-factor authentication. Since this also includes Kerberos authentication with GSS API, this obsoletes the `git.sshWithKrb5` property. The latter is removed. Instead, to enable Kerberos5 authentication, add the method name `gssapi-with-mic` to the authentication methods list.
* | The public key manager can disable writing keys, which hides commandsFlorian Zschocke2016-12-061-1/+1
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some public key mangers may be read-only, i.e. not allow to add or delete keys, or to change the key comment or assigned permissions. In such a case the respective commands should not be available on the SSH shell and the SSH Keys panel should also not offer the possibility. The `IPublicKeyManager` gets three new methods, modelled after the `AuthenticationManager`: `supportsWritingKeys`, `supportsCommentChanges` and `supportsPermissionChanges`. They return true if a key manager allows for keys to be written or updated. For example the existing `FileKeyManager` will return true for all three since it allows to store and update keys in a file. The new `LdapKeyManager` returns false since it only accesses LDAP and can not add or update any keys in the directory. A future key manager might get keys from an LDAP directory but still keep comments and permissions for it in a local copy. If writing of keys is not supported: * the welcome shell does not suggest adding a key, * the `SshKeysDispatcher` does not offer the "add", "remove", "comment" and "permission" commands, and * the SSH keys panel hides the "delete" button in the key list, and the "Add Key" form. The hiding of the "Add key" form is not perfect since the surrounding div is still shown, but I don't know how to hide it and it didn't look too bad, either.
* Revert manual specification of ssh user auth factoriesJames Moger2015-10-051-55/+2
|
* Update to SSHD 1.0.0James Moger2015-09-181-12/+11
|
* Renamed ssh.Display(Host|Port) to ssh.Advertised(Host|Port)James Moger2015-06-151-8/+8
|
* Added git.sshDisplay{Port|Host} to hide port forward.Morten Bøgeskov2015-06-151-3/+11
| | | | | | Running gitblit in a container it's easy to expose the ssh on the default port. Using git.sshDisplayPort/git.sshDisplayHost you can expose the forwarded address as the official location.
* Invalid kerberos patches, works now and with a test.Fabrice Bacchella2015-05-261-1/+1
|
* Adding Kerberos5/GSS authentication to sshFabrice Bacchella2015-05-041-1/+57
| | | | Adding the possibility to define authentication method order for ssh
* Merge branch 'ticket/194' into developJames Moger2014-09-301-0/+3
|\
| * Register BouncyCastle as a JCE providerJames Moger2014-09-301-0/+3
| |
* | Renamed class to avoid confusion with FileKeyManagerJames Moger2014-09-261-3/+3
| |
* | Extract authenticate method from CachingPublicKeyAuthenticatorDavid Ostrovsky2014-09-261-1/+2
|/
* Fix invalid generated SSH url for port 22James Moger2014-06-091-1/+1
|
* Fix thread exhaustion in SSH daemonJames Moger2014-05-291-3/+4
|
* Catch UnsatisfiedLinkException when setting filemode of generated SSH keysJames Moger2014-05-121-2/+2
|
* Update headersJames Moger2014-04-131-2/+0
|
* Generate an RSA and a DSA keypair and chmod 600 the pem filesJames Moger2014-04-101-12/+67
|
* Hook-up comprensive command cleanup (destroy)James Moger2014-04-101-0/+1
|
* Revise dispatchers and move command classesJames Moger2014-04-101-0/+1
|
* Elevate the public key manager to a top-level managerJames Moger2014-04-101-105/+2
|
* Add a welcome shellJames Moger2014-04-101-2/+7
| | | | | Conflicts: src/main/java/com/gitblit/transport/ssh/SshDaemon.java
* Add SSH daemon testDavid Ostrovsky2014-04-101-2/+47
|
* Prevent double authentication for the same public keyDavid Ostrovsky2014-04-101-1/+3
| | | | | | | | | | | | | | | | Openssh client sends two requests, one without a key signature to verify that the public key is acceptable and the second one with the signature after having loaded the private key and signed some data for actual verification. To prevent that the PublickeyAuthenticator#authenticate is called twice cache the authentication status for session and public key. Implement SessionListener to clean up the cache entry when session is destroyed. This is a workaround for SSHD bug [1]. Inspired-By: Guillaume Nodet <gnodet@apache.org> [1] https://issues.apache.org/jira/browse/SSHD-300
* Move dispatcher creation to SshCommandFactory and revise permissionJames Moger2014-04-101-43/+4
| | | | checks
* Rename server session classesJames Moger2014-04-101-1/+1
|
* Rename authenticators for clarityJames Moger2014-04-101-2/+2
|
* Add add-key and rm-key commands that apply only to the current userJames Moger2014-04-101-7/+11
|
* Rename & simplify SshSession->SshDaemonClientJames Moger2014-04-101-3/+3
|
* Remove unused idGenerator from the SshSessionFactoryJames Moger2014-04-101-1/+1
|
* Display the selected SSH backend in the daemon startup messageJames Moger2014-04-101-5/+5
|
* Add review SSH commandDavid Ostrovsky2014-04-101-0/+2
| | | | Change-Id: Ia03c15608814346522c548ff2439ee672ccb0d28
* Add set account SSH commandDavid Ostrovsky2014-04-101-1/+6
| | | | Change-Id: I33d343dd34f93eaff9581d54f825f8c486e7c17f
* Add support for NIO2 IoSessionDavid Ostrovsky2014-04-101-0/+18
| | | | | | | | | | Starting from version 0.9.0 Apache SSHD project added support for NIO2 IoSession. To use the new NIO2 session the `backend` option must be set to `NIO2`. By default, `NIO2`. Change-Id: I06cf92b02e80ecf9e8bfbd9f6d6d623dfe3ccff3
* Bump SSHD version to 0.10.1David Ostrovsky2014-04-101-1/+1
| | | | Change-Id: Ic7e204fb7ee2eb172f4c8424fc3d4b7e6c631ddd
* Extract key manager interface and implement a file-based key managerJames Moger2014-04-101-3/+59
|
* Move Git daemon into different packageJames Moger2014-04-101-1/+1
|
* SSHD: Add support for git pack commandsDavid Ostrovsky2014-04-101-10/+14
| | | | | | | | | | | Add git-upload-pack and git-receive-pack commands. Conflicts: src/main/java/com/gitblit/manager/ServicesManager.java src/main/java/com/gitblit/transport/ssh/CommandDispatcher.java src/main/java/com/gitblit/transport/ssh/SshCommandFactory.java Change-Id: I8c057b41f1dfad6d004e6aa91f96c8c673be9be2
* Fix command dispatchingDavid Ostrovsky2014-04-101-2/+5
| | | | | | | | | | | | | DispatchCommand is supposed to be nested: ssh server gitblit version --verbose --format json means that first the command that is seen by dispatching process is "gitblit". Dispatch command look in its commands map for this command and dispatch the rest of the command and options and arguments to this command, version in this example. Change-Id: I8ef8e0e369922c793ca7ad36c1a8f76b0206baa7
* Eliminate use of Dagger and do not create inner classesJames Moger2014-04-101-214/+51
| | | | | | | | | | | This change outlines somethings I'd like to see in your latest code. 1. Elimination of Dagger 2. Less noise from inner class instantiation 3. Formalizing filesystem location for keys instead of Unix-y /tmp/ 4. Password authentication as alternative to Key authentication Change-Id: I7a76e1811ad7cd545444fd8b59bbe8c4f45ccfec
* Convert SshDaemon to unix formatDavid Ostrovsky2014-04-101-331/+335
| | | | Change-Id: Icb415c2bc62321ddd0ae08445d97f1f8102adee8
* Factor out methods from SshCommandServer to SshDaemonDavid Ostrovsky2014-04-101-83/+205
| | | | Change-Id: I02d545a8ab68b06d733ad8e7ed476767a34aa244
* SSHD: Add support for generic commandsDavid Ostrovsky2014-04-101-15/+65
| | | | Change-Id: I5a60710323ca674d70e34f7451422ec167105429
* Support serving repositories over the SSH transportEric Myhre2014-04-101-0/+159
Gitblit would greatly benefit from an integrated SSH server. This would complete the transport trifecta. Change-Id: I6fb95abe65655fa74d47ea71522d8d9a1541450c
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-09 20:31:16 +0000