Apache MINA sshd client

Add a new ssh client implementation based on Apach MINA sshd 2.0.0.

This implementation uses JGit's own config file parser and host entry
resolver. Code inspection of the Apache MINA implementation revealed
a few bugs or idiosyncrasies that immediately would re-introduce bugs
already fixed in the past in JGit.

Apache MINA sshd is not without quirks either, and I had to configure
and override more than I had expected. But at least it was all doable
in clean ways.

Apache MINA boasts support for Bouncy Castle, so in theory this should
open the way to using more ssh key algorithms, such as ed25519.

The implementation is in a separate bundle and is still not used in
the core org.eclipse.jgit bundle. The tests re-use the ssh tests from
the core test bundle.

Bug: 520927
Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>

2 files changed, 1048 insertions, 0 deletions

diff --git a/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java b/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java
new file mode 100644
index 0000000000..2f623e3305
--- /dev/null
+++ b/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java
@@ -0,0 +1,614 @@
+/*
+ * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch>
+ * and other copyright owners as documented in the project's IP log.
+ *
+ * This program and the accompanying materials are made available
+ * under the terms of the Eclipse Distribution License v1.0 which
+ * accompanies this distribution, is reproduced below, and is
+ * available at http://www.eclipse.org/org/documents/edl-v10.php
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ * - Neither the name of the Eclipse Foundation, Inc. nor the
+ *   names of its contributors may be used to endorse or promote
+ *   products derived from this software without specific prior
+ *   written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+package org.eclipse.jgit.transport.ssh;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeTrue;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.util.List;
+import java.util.Map;
+
+import org.eclipse.jgit.api.errors.TransportException;
+import org.eclipse.jgit.transport.CredentialItem;
+import org.eclipse.jgit.transport.JschConfigSessionFactory;
+import org.eclipse.jgit.transport.URIish;
+import org.junit.Test;
+import org.junit.experimental.theories.DataPoints;
+import org.junit.experimental.theories.Theory;
+
+/**
+ * The ssh tests. Concrete subclasses can re-use these tests by implementing the
+ * abstract operations from {@link SshTestHarness}. This gives a way to test
+ * different ssh clients against a unified test suite.
+ */
+public abstract class SshTestBase extends SshTestHarness {
+
+	@DataPoints
+	public static String[] KEY_RESOURCES = { //
+			"id_dsa", //
+			"id_rsa_1024", //
+			"id_rsa_2048", //
+			"id_rsa_3072", //
+			"id_rsa_4096", //
+			"id_ecdsa_256", //
+			"id_ecdsa_384", //
+			"id_ecdsa_521", //
+			// And now encrypted. Passphrase is "testpass".
+			"id_dsa_testpass", //
+			"id_rsa_1024_testpass", //
+			"id_rsa_2048_testpass", //
+			"id_rsa_3072_testpass", //
+			"id_rsa_4096_testpass", //
+			"id_ecdsa_256_testpass", //
+			"id_ecdsa_384_testpass", //
+			"id_ecdsa_521_testpass" };
+
+	protected File defaultCloneDir;
+
+	@Override
+	public void setUp() throws Exception {
+		super.setUp();
+		defaultCloneDir = new File(getTemporaryDirectory(), "cloned");
+	}
+
+	@Test(expected = TransportException.class)
+	public void testSshWithoutConfig() throws Exception {
+		cloneWith("ssh://" + TEST_USER + "@localhost:" + testPort
+				+ "/doesntmatter", defaultCloneDir, null);
+	}
+
+	@Test
+	public void testSshWithGlobalIdentity() throws Exception {
+		cloneWith(
+				"ssh://" + TEST_USER + "@localhost:" + testPort
+						+ "/doesntmatter",
+				defaultCloneDir, null,
+				"IdentityFile " + privateKey1.getAbsolutePath());
+	}
+
+	@Test
+	public void testSshWithDefaultIdentity() throws Exception {
+		File idRsa = new File(privateKey1.getParentFile(), "id_rsa");
+		Files.copy(privateKey1.toPath(), idRsa.toPath());
+		// We expect the session factory to pick up these keys...
+		cloneWith("ssh://" + TEST_USER + "@localhost:" + testPort
+				+ "/doesntmatter", defaultCloneDir, null);
+	}
+
+	@Test
+	public void testSshWithConfig() throws Exception {
+		cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath());
+	}
+
+	@Test
+	public void testSshWithConfigEncryptedUnusedKey() throws Exception {
+		// Copy the encrypted test key from the bundle.
+		File encryptedKey = new File(sshDir, "id_dsa");
+		copyTestResource("id_dsa_testpass", encryptedKey);
+		TestCredentialsProvider provider = new TestCredentialsProvider(
+				"testpass");
+		cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath());
+		assertEquals("CredentialsProvider should not have been called", 0,
+				provider.getLog().size());
+	}
+
+	@Test
+	public void testSshWithConfigEncryptedUnusedKeyInConfigLast()
+			throws Exception {
+		// Copy the encrypted test key from the bundle.
+		File encryptedKey = new File(sshDir, "id_dsa_test_key");
+		copyTestResource("id_dsa_testpass", encryptedKey);
+		TestCredentialsProvider provider = new TestCredentialsProvider(
+				"testpass");
+		cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath(),
+				"IdentityFile " + encryptedKey.getAbsolutePath());
+		// This test passes with JSch per chance because JSch completely ignores
+		// the second IdentityFile
+		assertEquals("CredentialsProvider should not have been called", 0,
+				provider.getLog().size());
+	}
+
+	@Test
+	public void testSshWithConfigEncryptedUnusedKeyInConfigFirst()
+			throws Exception {
+		// Test cannot pass with JSch; it handles only one IdentityFile.
+		// assumeTrue(!(getSessionFactory() instanceof
+		// JschConfigSessionFactory)); gives in bazel a failure with "Never
+		// found parameters that satisfied method assumptions."
+		// In maven it's fine!?
+		if (getSessionFactory() instanceof JschConfigSessionFactory) {
+			return;
+		}
+		// Copy the encrypted test key from the bundle.
+		File encryptedKey = new File(sshDir, "id_dsa_test_key");
+		copyTestResource("id_dsa_testpass", encryptedKey);
+		TestCredentialsProvider provider = new TestCredentialsProvider(
+				"testpass");
+		cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + encryptedKey.getAbsolutePath(),
+				"IdentityFile " + privateKey1.getAbsolutePath());
+		assertEquals("CredentialsProvider should have been called once", 1,
+				provider.getLog().size());
+	}
+
+	@Test
+	public void testSshEncryptedUsedKeyCached() throws Exception {
+		// Make sure we are asked for the password only once if we do several
+		// operations with an encrypted key.
+		File encryptedKey = new File(sshDir, "id_dsa_test_key");
+		copyTestResource("id_dsa_testpass", encryptedKey);
+		File encryptedPublicKey = new File(sshDir, "id_dsa_test_key.pub");
+		copyTestResource("id_dsa_testpass.pub", encryptedPublicKey);
+		server.setTestUserPublicKey(encryptedPublicKey.toPath());
+		TestCredentialsProvider provider = new TestCredentialsProvider(
+				"testpass");
+		pushTo(provider,
+				cloneWith("ssh://localhost/doesntmatter", //
+						defaultCloneDir, provider, //
+						"Host localhost", //
+						"HostName localhost", //
+						"Port " + testPort, //
+						"User " + TEST_USER, //
+						"IdentityFile " + encryptedKey.getAbsolutePath()));
+		assertEquals("CredentialsProvider should have been called once", 1,
+				provider.getLog().size());
+	}
+
+	@Test(expected = TransportException.class)
+	public void testSshWithoutKnownHosts() throws Exception {
+		assertTrue("Could not delete known_hosts", knownHosts.delete());
+		cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath());
+	}
+
+	@Test
+	public void testSshWithoutKnownHostsWithProviderAsk()
+			throws Exception {
+		File copiedHosts = new File(knownHosts.getParentFile(),
+				"copiedKnownHosts");
+		assertTrue("Failed to rename known_hosts",
+				knownHosts.renameTo(copiedHosts));
+		// The provider will answer "yes" to all questions, so we should be able
+		// to connect and end up with a new known_hosts file with the host key.
+		TestCredentialsProvider provider = new TestCredentialsProvider();
+		cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath());
+		Map<URIish, List<CredentialItem>> messages = provider.getLog();
+		assertFalse("Expected user interaction", messages.isEmpty());
+		if (getSessionFactory() instanceof JschConfigSessionFactory) {
+			// JSch doesn't create a non-existing file.
+			assertEquals("Expected to be asked about the key", 1,
+					messages.size());
+			return;
+		}
+		assertEquals(
+				"Expected to be asked about the key, and the file creation",
+				2, messages.size());
+		assertTrue("~/.ssh/known_hosts should exist now", knownHosts.exists());
+		// Instead of checking the file contents, let's just clone again
+		// without provider. If it works, the server host key was written
+		// correctly.
+		File clonedAgain = new File(getTemporaryDirectory(), "cloned2");
+		cloneWith("ssh://localhost/doesntmatter", clonedAgain, provider, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath());
+	}
+
+	@Test
+	public void testSshWithoutKnownHostsWithProviderAcceptNew()
+			throws Exception {
+		File copiedHosts = new File(knownHosts.getParentFile(),
+				"copiedKnownHosts");
+		assertTrue("Failed to rename known_hosts",
+				knownHosts.renameTo(copiedHosts));
+		TestCredentialsProvider provider = new TestCredentialsProvider();
+		cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"StrictHostKeyChecking accept-new", //
+				"IdentityFile " + privateKey1.getAbsolutePath());
+		if (getSessionFactory() instanceof JschConfigSessionFactory) {
+			// JSch doesn't create new files.
+			assertTrue("CredentialsProvider not called",
+					provider.getLog().isEmpty());
+			return;
+		}
+		assertEquals("Expected to be asked about the file creation", 1,
+				provider.getLog().size());
+		assertTrue("~/.ssh/known_hosts should exist now", knownHosts.exists());
+		// Instead of checking the file contents, let's just clone again
+		// without provider. If it works, the server host key was written
+		// correctly.
+		File clonedAgain = new File(getTemporaryDirectory(), "cloned2");
+		cloneWith("ssh://localhost/doesntmatter", clonedAgain, null, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath());
+	}
+
+	@Test(expected = TransportException.class)
+	public void testSshWithoutKnownHostsDeny() throws Exception {
+		File copiedHosts = new File(knownHosts.getParentFile(),
+				"copiedKnownHosts");
+		assertTrue("Failed to rename known_hosts",
+				knownHosts.renameTo(copiedHosts));
+		cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"StrictHostKeyChecking yes", //
+				"IdentityFile " + privateKey1.getAbsolutePath());
+	}
+
+	@Test(expected = TransportException.class)
+	public void testSshModifiedHostKeyDeny()
+			throws Exception {
+		File copiedHosts = new File(knownHosts.getParentFile(),
+				"copiedKnownHosts");
+		assertTrue("Failed to rename known_hosts",
+				knownHosts.renameTo(copiedHosts));
+		// Now produce a new known_hosts file containing some other key.
+		createKnownHostsFile(knownHosts, "localhost", testPort, publicKey1);
+		cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"StrictHostKeyChecking yes", //
+				"IdentityFile " + privateKey1.getAbsolutePath());
+	}
+
+	@Test(expected = TransportException.class)
+	public void testSshModifiedHostKeyWithProviderDeny() throws Exception {
+		File copiedHosts = new File(knownHosts.getParentFile(),
+				"copiedKnownHosts");
+		assertTrue("Failed to rename known_hosts",
+				knownHosts.renameTo(copiedHosts));
+		// Now produce a new known_hosts file containing some other key.
+		createKnownHostsFile(knownHosts, "localhost", testPort, publicKey1);
+		TestCredentialsProvider provider = new TestCredentialsProvider();
+		try {
+			cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
+					"Host localhost", //
+					"HostName localhost", //
+					"Port " + testPort, //
+					"User " + TEST_USER, //
+					"StrictHostKeyChecking yes", //
+					"IdentityFile " + privateKey1.getAbsolutePath());
+		} catch (Exception e) {
+			assertEquals("Expected to be told about the modified key", 1,
+					provider.getLog().size());
+			assertTrue("Only messages expected", provider.getLog().values()
+					.stream().flatMap(List::stream).allMatch(
+							c -> c instanceof CredentialItem.InformationalMessage));
+			throw e;
+		}
+	}
+
+	private void checkKnownHostsModifiedHostKey(File backup, File newFile,
+			String wrongKey) throws IOException {
+		List<String> oldLines = Files.readAllLines(backup.toPath(),
+				StandardCharsets.UTF_8);
+		// Find the original entry. We should have that again in known_hosts.
+		String oldKeyPart = null;
+		for (String oldLine : oldLines) {
+			if (oldLine.contains("[localhost]:")) {
+				String[] parts = oldLine.split("\\s+");
+				if (parts.length > 2) {
+					oldKeyPart = parts[parts.length - 2] + ' '
+							+ parts[parts.length - 1];
+					break;
+				}
+			}
+		}
+		assertNotNull("Old key not found", oldKeyPart);
+		List<String> newLines = Files.readAllLines(newFile.toPath(),
+				StandardCharsets.UTF_8);
+		assertFalse("Old host key still found in known_hosts file" + newFile,
+				hasHostKey("localhost", testPort, wrongKey, newLines));
+		assertTrue("New host key not found in known_hosts file" + newFile,
+				hasHostKey("localhost", testPort, oldKeyPart, newLines));
+
+	}
+
+	@Test
+	public void testSshModifiedHostKeyAllow() throws Exception {
+		assertTrue("Failed to delete known_hosts", knownHosts.delete());
+		createKnownHostsFile(knownHosts, "localhost", testPort, publicKey1);
+		File backup = new File(getTemporaryDirectory(), "backupKnownHosts");
+		Files.copy(knownHosts.toPath(), backup.toPath());
+		cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"StrictHostKeyChecking no", //
+				"IdentityFile " + privateKey1.getAbsolutePath());
+		// File should not have been updated!
+		String[] oldLines = Files
+				.readAllLines(backup.toPath(), StandardCharsets.UTF_8)
+				.toArray(new String[0]);
+		String[] newLines = Files
+				.readAllLines(knownHosts.toPath(), StandardCharsets.UTF_8)
+				.toArray(new String[0]);
+		assertArrayEquals("Known hosts file should not be modified", oldLines,
+				newLines);
+	}
+
+	@Test
+	public void testSshModifiedHostKeyAsk() throws Exception {
+		File copiedHosts = new File(knownHosts.getParentFile(),
+				"copiedKnownHosts");
+		assertTrue("Failed to rename known_hosts",
+				knownHosts.renameTo(copiedHosts));
+		String wrongKeyPart = createKnownHostsFile(knownHosts, "localhost",
+				testPort, publicKey1);
+		TestCredentialsProvider provider = new TestCredentialsProvider();
+		cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, provider, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath());
+		checkKnownHostsModifiedHostKey(copiedHosts, knownHosts, wrongKeyPart);
+		assertEquals("Expected to be asked about the modified key", 1,
+				provider.getLog().size());
+	}
+
+	@Test
+	public void testSshCloneWithConfigAndPush() throws Exception {
+		pushTo(cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath()));
+	}
+
+	@Test
+	public void testSftpWithConfig() throws Exception {
+		cloneWith("sftp://localhost/.git", defaultCloneDir, null, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath());
+	}
+
+	@Test
+	public void testSftpCloneWithConfigAndPush() throws Exception {
+		pushTo(cloneWith("sftp://localhost/.git", defaultCloneDir, null, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath()));
+	}
+
+	@Test(expected = TransportException.class)
+	public void testSshWithConfigWrongKey() throws Exception {
+		cloneWith("ssh://localhost/doesntmatter", defaultCloneDir, null, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey2.getAbsolutePath());
+	}
+
+	@Test
+	public void testSshWithWrongUserNameInConfig() throws Exception {
+		// Bug 526778
+		cloneWith(
+				"ssh://" + TEST_USER + "@localhost:" + testPort
+						+ "/doesntmatter",
+				defaultCloneDir, null, //
+				"Host localhost", //
+				"HostName localhost", //
+				"User sombody_else", //
+				"IdentityFile " + privateKey1.getAbsolutePath());
+	}
+
+	@Test
+	public void testSshWithWrongPortInConfig() throws Exception {
+		// Bug 526778
+		cloneWith(
+				"ssh://" + TEST_USER + "@localhost:" + testPort
+						+ "/doesntmatter",
+				defaultCloneDir, null, //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port 22", //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath());
+	}
+
+	@Test
+	public void testSshWithAliasInConfig() throws Exception {
+		// Bug 531118
+		cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
+				"Host git", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath(), "", //
+				"Host localhost", //
+				"HostName localhost", //
+				"Port 22", //
+				"User someone_else", //
+				"IdentityFile " + privateKey2.getAbsolutePath());
+	}
+
+	@Test
+	public void testSshWithUnknownCiphersInConfig() throws Exception {
+		// Bug 535672
+		cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
+				"Host git", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath(), //
+				"Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr");
+	}
+
+	@Test
+	public void testSshWithUnknownHostKeyAlgorithmsInConfig()
+			throws Exception {
+		// Bug 535672
+		cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
+				"Host git", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath(), //
+				"HostKeyAlgorithms foobar,ssh-rsa,ssh-dss");
+	}
+
+	@Test
+	public void testSshWithUnknownKexAlgorithmsInConfig()
+			throws Exception {
+		// Bug 535672
+		cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
+				"Host git", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath(), //
+				"KexAlgorithms foobar,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521");
+	}
+
+	@Test
+	public void testSshWithMinimalHostKeyAlgorithmsInConfig()
+			throws Exception {
+		// Bug 537790
+		cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
+				"Host git", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath(), //
+				"HostKeyAlgorithms ssh-rsa,ssh-dss");
+	}
+
+	@Theory
+	public void testSshKeys(String keyName) throws Exception {
+		// JSch fails on ECDSA 384/521 keys. Compare
+		// https://sourceforge.net/p/jsch/patches/10/
+		assumeTrue(!(getSessionFactory() instanceof JschConfigSessionFactory
+				&& (keyName.startsWith("id_ecdsa_384")
+						|| keyName.startsWith("id_ecdsa_521"))));
+		File cloned = new File(getTemporaryDirectory(), "cloned");
+		String keyFileName = keyName + "_key";
+		File privateKey = new File(sshDir, keyFileName);
+		copyTestResource(keyName, privateKey);
+		File publicKey = new File(sshDir, keyFileName + ".pub");
+		copyTestResource(keyName + ".pub", publicKey);
+		server.setTestUserPublicKey(publicKey.toPath());
+		TestCredentialsProvider provider = new TestCredentialsProvider(
+				"testpass");
+		pushTo(provider,
+				cloneWith("ssh://localhost/doesntmatter", //
+						cloned, provider, //
+						"Host localhost", //
+						"HostName localhost", //
+						"Port " + testPort, //
+						"User " + TEST_USER, //
+						"IdentityFile " + privateKey.getAbsolutePath()));
+		int expectedCalls = keyName.endsWith("testpass") ? 1 : 0;
+		assertEquals("Unexpected calls to CredentialsProvider", expectedCalls,
+				provider.getLog().size());
+		// Should now also work without credentials provider, even if the key
+		// was encrypted.
+		cloned = new File(getTemporaryDirectory(), "cloned2");
+		pushTo(null,
+				cloneWith("ssh://localhost/doesntmatter", //
+						cloned, null, //
+						"Host localhost", //
+						"HostName localhost", //
+						"Port " + testPort, //
+						"User " + TEST_USER, //
+						"IdentityFile " + privateKey.getAbsolutePath()));
+	}
+}
diff --git a/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestHarness.java b/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestHarness.java
new file mode 100644
index 0000000000..347c72b3d7
--- /dev/null
+++ b/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestHarness.java
@@ -0,0 +1,434 @@
+/*
+ * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch>
+ * and other copyright owners as documented in the project's IP log.
+ *
+ * This program and the accompanying materials are made available
+ * under the terms of the Eclipse Distribution License v1.0 which
+ * accompanies this distribution, is reproduced below, and is
+ * available at http://www.eclipse.org/org/documents/edl-v10.php
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * - Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ * - Neither the name of the Eclipse Foundation, Inc. nor the
+ *   names of its contributors may be used to endorse or promote
+ *   products derived from this software without specific prior
+ *   written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+package org.eclipse.jgit.transport.ssh;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.eclipse.jgit.api.CloneCommand;
+import org.eclipse.jgit.api.Git;
+import org.eclipse.jgit.api.PushCommand;
+import org.eclipse.jgit.api.ResetCommand.ResetType;
+import org.eclipse.jgit.errors.UnsupportedCredentialItem;
+import org.eclipse.jgit.junit.RepositoryTestCase;
+import org.eclipse.jgit.junit.ssh.SshTestGitServer;
+import org.eclipse.jgit.lib.Constants;
+import org.eclipse.jgit.lib.Repository;
+import org.eclipse.jgit.revwalk.RevCommit;
+import org.eclipse.jgit.transport.CredentialItem;
+import org.eclipse.jgit.transport.CredentialsProvider;
+import org.eclipse.jgit.transport.PushResult;
+import org.eclipse.jgit.transport.RemoteRefUpdate;
+import org.eclipse.jgit.transport.SshSessionFactory;
+import org.eclipse.jgit.transport.URIish;
+import org.eclipse.jgit.util.FS;
+import org.junit.After;
+
+import com.jcraft.jsch.JSch;
+import com.jcraft.jsch.KeyPair;
+
+/**
+ * Root class for ssh tests. Sets up the ssh test server. A set of pre-computed
+ * keys for testing is provided in the bundle and can be used in test cases via
+ * {@link #copyTestResource(String, File)}. These test key files names have four
+ * components, separated by a single underscore: "id", the algorithm, the bits
+ * (if variable), and the password if the private key is encrypted. For instance
+ * "{@code id_ecdsa_384_testpass}" is an encrypted ECDSA-384 key. The passphrase
+ * to decrypt is "testpass". The key "{@code id_ecdsa_384}" is the same but
+ * unencrypted. All keys were generated and encrypted via ssh-keygen. Note that
+ * DSA and ec25519 have no "bits" component. Available keys are listed in
+ * {@link SshTestBase#KEY_RESOURCES}.
+ */
+public abstract class SshTestHarness extends RepositoryTestCase {
+
+	protected static final String TEST_USER = "testuser";
+
+	protected File sshDir;
+
+	protected File privateKey1;
+
+	protected File privateKey2;
+
+	protected File publicKey1;
+
+	protected SshTestGitServer server;
+
+	private SshSessionFactory factory;
+
+	protected int testPort;
+
+	protected File knownHosts;
+
+	private File homeDir;
+
+	@Override
+	public void setUp() throws Exception {
+		super.setUp();
+		writeTrashFile("file.txt", "something");
+		try (Git git = new Git(db)) {
+			git.add().addFilepattern("file.txt").call();
+			git.commit().setMessage("Initial commit").call();
+		}
+		mockSystemReader.setProperty("user.home",
+				getTemporaryDirectory().getAbsolutePath());
+		mockSystemReader.setProperty("HOME",
+				getTemporaryDirectory().getAbsolutePath());
+		homeDir = FS.DETECTED.userHome();
+		FS.DETECTED.setUserHome(getTemporaryDirectory().getAbsoluteFile());
+		sshDir = new File(getTemporaryDirectory(), ".ssh");
+		assertTrue(sshDir.mkdir());
+		File serverDir = new File(getTemporaryDirectory(), "srv");
+		assertTrue(serverDir.mkdir());
+		// Create two key pairs. Let's not call them "id_rsa".
+		privateKey1 = new File(sshDir, "first_key");
+		privateKey2 = new File(sshDir, "second_key");
+		publicKey1 = createKeyPair(privateKey1);
+		createKeyPair(privateKey2);
+		ByteArrayOutputStream publicHostKey = new ByteArrayOutputStream();
+		// Start a server with our test user and the first key.
+		server = new SshTestGitServer(TEST_USER, publicKey1.toPath(), db,
+				createHostKey(publicHostKey));
+		testPort = server.start();
+		assertTrue(testPort > 0);
+		knownHosts = new File(sshDir, "known_hosts");
+		Files.write(knownHosts.toPath(), Collections.singleton("[localhost]:"
+				+ testPort + ' '
+				+ publicHostKey.toString(StandardCharsets.US_ASCII.name())));
+		factory = createSessionFactory();
+		SshSessionFactory.setInstance(factory);
+	}
+
+	private static File createKeyPair(File privateKeyFile) throws Exception {
+		// Found no way to do this with MINA sshd except rolling it all
+		// ourselves...
+		JSch jsch = new JSch();
+		KeyPair pair = KeyPair.genKeyPair(jsch, KeyPair.RSA, 2048);
+		try (OutputStream out = new FileOutputStream(privateKeyFile)) {
+			pair.writePrivateKey(out);
+		}
+		File publicKeyFile = new File(privateKeyFile.getParentFile(),
+				privateKeyFile.getName() + ".pub");
+		try (OutputStream out = new FileOutputStream(publicKeyFile)) {
+			pair.writePublicKey(out, TEST_USER);
+		}
+		return publicKeyFile;
+	}
+
+	private static byte[] createHostKey(OutputStream publicKey)
+			throws Exception {
+		JSch jsch = new JSch();
+		KeyPair pair = KeyPair.genKeyPair(jsch, KeyPair.RSA, 2048);
+		pair.writePublicKey(publicKey, "");
+		try (ByteArrayOutputStream out = new ByteArrayOutputStream()) {
+			pair.writePrivateKey(out);
+			out.flush();
+			return out.toByteArray();
+		}
+	}
+
+	/**
+	 * Creates a new known_hosts file with one entry for the given host and port
+	 * taken from the given public key file.
+	 *
+	 * @param file
+	 *            to write the known_hosts file to
+	 * @param host
+	 *            for the entry
+	 * @param port
+	 *            for the entry
+	 * @param publicKey
+	 *            to use
+	 * @return the public-key part of the line
+	 * @throws IOException
+	 */
+	protected static String createKnownHostsFile(File file, String host,
+			int port, File publicKey) throws IOException {
+		List<String> lines = Files.readAllLines(publicKey.toPath(),
+				StandardCharsets.UTF_8);
+		assertEquals("Public key has too many lines", 1, lines.size());
+		String pubKey = lines.get(0);
+		// Strip off the comment.
+		String[] parts = pubKey.split("\\s+");
+		assertTrue("Unexpected key content",
+				parts.length == 2 || parts.length == 3);
+		String keyPart = parts[0] + ' ' + parts[1];
+		String line = '[' + host + "]:" + port + ' ' + keyPart;
+		Files.write(file.toPath(), Collections.singletonList(line));
+		return keyPart;
+	}
+
+	/**
+	 * Checks whether there is a line for the given host and port that also
+	 * matches the given key part in the list of lines.
+	 *
+	 * @param host
+	 *            to look for
+	 * @param port
+	 *            to look for
+	 * @param keyPart
+	 *            to look for
+	 * @param lines
+	 *            to look in
+	 * @return {@code true} if found, {@code false} otherwise
+	 */
+	protected boolean hasHostKey(String host, int port, String keyPart,
+			List<String> lines) {
+		String h = '[' + host + "]:" + port;
+		return lines.stream()
+				.anyMatch(l -> l.contains(h) && l.contains(keyPart));
+	}
+
+	@After
+	public void shutdownServer() throws Exception {
+		if (server != null) {
+			server.stop();
+			server = null;
+		}
+		FS.DETECTED.setUserHome(homeDir);
+		SshSessionFactory.setInstance(null);
+		factory = null;
+	}
+
+	protected abstract SshSessionFactory createSessionFactory();
+
+	protected SshSessionFactory getSessionFactory() {
+		return factory;
+	}
+
+	protected abstract void installConfig(String... config);
+
+	/**
+	 * Copies a test data file contained in the test bundle to the given file.
+	 * Equivalent to {@link #copyTestResource(Class, String, File)} with
+	 * {@code SshTestHarness.class} as first parameter.
+	 *
+	 * @param resourceName
+	 *            of the test resource to copy
+	 * @param to
+	 *            file to copy the resource to
+	 * @throws IOException
+	 *             if the resource cannot be copied
+	 */
+	protected void copyTestResource(String resourceName, File to)
+			throws IOException {
+		copyTestResource(SshTestHarness.class, resourceName, to);
+	}
+
+	/**
+	 * Copies a test data file contained in the test bundle to the given file,
+	 * using {@link Class#getResourceAsStream(String)} to get the test resource.
+	 *
+	 * @param loader
+	 *            {@link Class} to use to load the resource
+	 * @param resourceName
+	 *            of the test resource to copy
+	 * @param to
+	 *            file to copy the resource to
+	 * @throws IOException
+	 *             if the resource cannot be copied
+	 */
+	protected void copyTestResource(Class<?> loader, String resourceName,
+			File to) throws IOException {
+		try (InputStream in = loader.getResourceAsStream(resourceName)) {
+			Files.copy(in, to.toPath());
+		}
+	}
+
+	protected File cloneWith(String uri, File to, CredentialsProvider provider,
+			String... config) throws Exception {
+		installConfig(config);
+		CloneCommand clone = Git.cloneRepository().setCloneAllBranches(true)
+				.setDirectory(to).setURI(uri);
+		if (provider != null) {
+			clone.setCredentialsProvider(provider);
+		}
+		try (Git git = clone.call()) {
+			Repository repo = git.getRepository();
+			assertNotNull(repo.resolve("master"));
+			assertNotEquals(db.getWorkTree(),
+					git.getRepository().getWorkTree());
+			assertTrue(new File(git.getRepository().getWorkTree(), "file.txt")
+					.exists());
+			return repo.getWorkTree();
+		}
+	}
+
+	protected void pushTo(File localClone) throws Exception {
+		pushTo(null, localClone);
+	}
+
+	protected void pushTo(CredentialsProvider provider, File localClone)
+			throws Exception {
+		RevCommit commit;
+		File newFile = null;
+		try (Git git = Git.open(localClone)) {
+			// Write a new file and modify a file.
+			Repository local = git.getRepository();
+			newFile = File.createTempFile("new", "sshtest",
+					local.getWorkTree());
+			write(newFile, "something new");
+			File existingFile = new File(local.getWorkTree(), "file.txt");
+			write(existingFile, "something else");
+			git.add().addFilepattern("file.txt")
+					.addFilepattern(newFile.getName())
+					.call();
+			commit = git.commit().setMessage("Local commit").call();
+			// Push
+			PushCommand push = git.push().setPushAll();
+			if (provider != null) {
+				push.setCredentialsProvider(provider);
+			}
+			Iterable<PushResult> results = push.call();
+			for (PushResult result : results) {
+				for (RemoteRefUpdate u : result.getRemoteUpdates()) {
+					assertEquals(
+							"Could not update " + u.getRemoteName() + ' '
+									+ u.getMessage(),
+							RemoteRefUpdate.Status.OK, u.getStatus());
+				}
+			}
+		}
+		// Now check "master" in the remote repo directly:
+		assertEquals("Unexpected remote commit", commit, db.resolve("master"));
+		assertEquals("Unexpected remote commit", commit,
+				db.resolve(Constants.HEAD));
+		File remoteFile = new File(db.getWorkTree(), newFile.getName());
+		assertFalse("File should not exist on remote", remoteFile.exists());
+		try (Git git = new Git(db)) {
+			git.reset().setMode(ResetType.HARD).setRef(Constants.HEAD).call();
+		}
+		assertTrue("File does not exist on remote", remoteFile.exists());
+		checkFile(remoteFile, "something new");
+	}
+
+	protected static class TestCredentialsProvider extends CredentialsProvider {
+
+		private final List<String> stringStore;
+
+		private final Iterator<String> strings;
+
+		public TestCredentialsProvider(String... strings) {
+			if (strings == null || strings.length == 0) {
+				stringStore = Collections.emptyList();
+			} else {
+				stringStore = Arrays.asList(strings);
+			}
+			this.strings = stringStore.iterator();
+		}
+
+		@Override
+		public boolean isInteractive() {
+			return true;
+		}
+
+		@Override
+		public boolean supports(CredentialItem... items) {
+			return true;
+		}
+
+		@Override
+		public boolean get(URIish uri, CredentialItem... items)
+				throws UnsupportedCredentialItem {
+			System.out.println("URI: " + uri);
+			for (CredentialItem item : items) {
+				System.out.println(item.getClass().getSimpleName() + ' '
+						+ item.getPromptText());
+			}
+			logItems(uri, items);
+			for (CredentialItem item : items) {
+				if (item instanceof CredentialItem.InformationalMessage) {
+					continue;
+				}
+				if (item instanceof CredentialItem.YesNoType) {
+					((CredentialItem.YesNoType) item).setValue(true);
+				} else if (item instanceof CredentialItem.CharArrayType) {
+					if (strings.hasNext()) {
+						((CredentialItem.CharArrayType) item)
+								.setValue(strings.next().toCharArray());
+					} else {
+						return false;
+					}
+				} else if (item instanceof CredentialItem.StringType) {
+					if (strings.hasNext()) {
+						((CredentialItem.StringType) item)
+								.setValue(strings.next());
+					} else {
+						return false;
+					}
+				} else {
+					return false;
+				}
+			}
+			return true;
+		}
+
+		private Map<URIish, List<CredentialItem>> log = new LinkedHashMap<>();
+
+		private void logItems(URIish uri, CredentialItem... items) {
+			log.put(uri, Arrays.asList(items));
+		}
+
+		public Map<URIish, List<CredentialItem>> getLog() {
+			return log;
+		}
+	}
+
+}