| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Adding Ed25519 keys brings the problem that with the library currently
used, the PublicKey instance of that key is not serialisable. This
results in an exception when wicket tries to cache the UsersPage.
So change the SshKeysPanel so that the PublicKey object is removed
from the `SshKey` when the panel is detached. It can be regenerated from
the raw key data.
|
| |
|
|
|
|
|
|
|
|
| |
Since we now do not generate a DSA host key file anymore, but keep it in
the list of potential keys so that existing keys still work, it can
happen that the files for DSA (and Ed25519) are getting loaded but they
do not exist. This results in an error in the log.
So instead check if the file exists and only try to load files that
exist. This prevents from errors (which are none) being spammed in the
log.
|
| |
|
|
|
|
|
|
|
| |
Create new host keys, one with ECDSA and one with Ed25519 algorithms.
For the Ed25519 currently the EdDSA library from i2p is used. This
requires some quirks, compared to a modern BouncyCastle. But the SSHD
library used cannot use BouncyCastle yet for Ed25519.
No DSA key is generated anymore, but we still support existing ones.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The version 1.69 is chosen instead of 1.70, because the moxie build
would not download the jars, trying to download `...1.7.jar` instead.
Three class deprecations are fixed. `PEMWriter` and `X509Extension`
are replaced with their drop-in replacements `JcaPEMWriter` and
`Extension`. The `PasswordFinder` deprecation note says that "it is
no longer used". It also was never used in Gitblit's code, so it is
removed from the key par provider class.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
(cherry picked from commit d8fbdda2ab3fa48e92bdf37399d4b75c48409c5c@rpardini:master)
# Conflicts:
# .classpath
# build.moxie
# src/test/java/com/gitblit/tests/SshUnitTest.java
|
| | |
|
| | |
|
| |\
| |
| | |
Set list of offered SSH authentication methods.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make the SSH authentication methods used by the server configurable,
so that for example password authentication can be turned off.
For this, a `git.sshAuthenticationMethods` setting is added which is a space
separated list of authentication method names. Only the methods listed will
be enabled in the server.
This is modeled after the option of the same name from sshd_config, but it
does not offer listing multiple required methods. It leaves the door open,
though, for a later extension to support such a multi-factor authentication.
Since this also includes Kerberos authentication with GSS API, this obsoletes
the `git.sshWithKrb5` property. The latter is removed. Instead, to enable
Kerberos5 authentication, add the method name `gssapi-with-mic` to the
authentication methods list.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some public key mangers may be read-only, i.e. not allow to add or
delete keys, or to change the key comment or assigned permissions.
In such a case the respective commands should not be available on the
SSH shell and the SSH Keys panel should also not offer the possibility.
The `IPublicKeyManager` gets three new methods, modelled after the
`AuthenticationManager`:
`supportsWritingKeys`, `supportsCommentChanges` and
`supportsPermissionChanges`. They return true if a key manager allows for
keys to be written or updated.
For example the existing `FileKeyManager` will return true for all three
since it allows to store and update keys in a file.
The new `LdapKeyManager` returns false since it only accesses LDAP and
can not add or update any keys in the directory.
A future key manager might get keys from an LDAP directory but still
keep comments and permissions for it in a local copy.
If writing of keys is not supported:
* the welcome shell does not suggest adding a key,
* the `SshKeysDispatcher` does not offer the "add", "remove", "comment" and
"permission" commands, and
* the SSH keys panel hides the "delete" button in the key list, and the
"Add Key" form.
The hiding of the "Add key" form is not perfect since the surrounding
div is still shown, but I don't know how to hide it and it didn't look
too bad, either.
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
Add new class `LdapPublicKeyManager` which retrieves public SSH keys
from LDAP.
The attribute can be configured with the new configuration option
`realm.ldap.sshPublicKey`. The setting can be a simple attribute name,
like `sshPublicKey`, or an attribute name and a prefix for the value,
like `altSecurityIdentities:SshKey`, in which case attributes are selected
that have the name `altSecurityIdentities` and whose values start with
`SshKey:`.
|
| |
|
|
|
| |
+ Adds standard logging for all authentication providers
+ Updates help page to use default GitBlit SSH port
|
| |\ |
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Running gitblit in a container it's easy to expose the ssh on the default port.
Using git.sshDisplayPort/git.sshDisplayHost you can expose the forwarded address
as the official location.
|
| | |
|
| |
|
|
| |
Adding the possibility to define authentication method order for ssh
|
| |\ |
|
| | | |
|
| |\| |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
