diff options
author | Thomas Wolf <thomas.wolf@paranor.ch> | 2018-10-05 21:35:16 +0200 |
---|---|---|
committer | Matthias Sohn <matthias.sohn@sap.com> | 2018-11-13 10:49:26 -0800 |
commit | ec1116627f251dbc434111840111a417263403ee (patch) | |
tree | ff7241ac75492d96311a4eca8d79eb09bde5a58d /org.eclipse.jgit.test/src/org/eclipse | |
parent | 63a87b398ff67584069ab8cf6a17824f009a7102 (diff) | |
download | jgit-ec1116627f251dbc434111840111a417263403ee.tar.gz jgit-ec1116627f251dbc434111840111a417263403ee.zip |
Apache MINA sshd client: properly handle HostKeyAlgorithms config
By default sshd will use its default built-in list, which matches
the one of openssh (as far as the algorithms exist in sshd at all).
But it doesn't handle HostKeyAlgorithms from the ssh config at all.
Implement this as in openssh, including the '+' and '-' modifiers
and reordering the default if there are known host keys for a
server already.
Add tests for the reordering.
Also use a more robust reader for the known hosts file. The default
aborts on the first error.
Bug: 520927
Change-Id: Ib1684440bfe2e96140536aa1a93c4bd4a0d35916
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Diffstat (limited to 'org.eclipse.jgit.test/src/org/eclipse')
-rw-r--r-- | org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java b/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java index 3b5aa5adb7..3e4493119e 100644 --- a/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java +++ b/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java @@ -595,6 +595,42 @@ public abstract class SshTestBase extends SshTestHarness { "PreferredAuthentications password"); } + @Test + public void testRsaHostKeySecond() throws Exception { + // See https://git.eclipse.org/r/#/c/130402/ : server has EcDSA + // (preferred), RSA, we have RSA in known_hosts: client and server + // should agree on RSA. + File newHostKey = new File(getTemporaryDirectory(), "newhostkey"); + copyTestResource("id_ecdsa_256", newHostKey); + server.addHostKey(newHostKey.toPath(), true); + cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, // + "Host git", // + "HostName localhost", // + "Port " + testPort, // + "User " + TEST_USER, // + "IdentityFile " + privateKey1.getAbsolutePath()); + } + + @Test + public void testEcDsaHostKey() throws Exception { + // See https://git.eclipse.org/r/#/c/130402/ : server has RSA + // (preferred), EcDSA, we have EcDSA in known_hosts: client and server + // should agree on EcDSA. + File newHostKey = new File(getTemporaryDirectory(), "newhostkey"); + copyTestResource("id_ecdsa_256", newHostKey); + server.addHostKey(newHostKey.toPath(), false); + File newHostKeyPub = new File(getTemporaryDirectory(), + "newhostkey.pub"); + copyTestResource("id_ecdsa_256.pub", newHostKeyPub); + createKnownHostsFile(knownHosts, "localhost", testPort, newHostKeyPub); + cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, // + "Host git", // + "HostName localhost", // + "Port " + testPort, // + "User " + TEST_USER, // + "IdentityFile " + privateKey1.getAbsolutePath()); + } + @Theory public void testSshKeys(String keyName) throws Exception { // JSch fails on ECDSA 384/521 keys. Compare |