summaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit.ssh.apache/README.md
Commit message (Collapse)AuthorAgeFilesLines
* ssh: PKCS#11 supportThomas Wolf2023-07-171-1/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support PKCS#11 HSMs (like YubiKey PIV) for SSH authentication. Use the SunPKCS11 provider as described at [1]. This provider dynamically loads the library from the PKCS11Provider SSH configuration and creates a Java KeyStore with that provider. A Java CallbackHandler is needed to feed PIN prompts from the KeyStore into the JGit CredentialsProvider framework. Because the JGit CredentialsProvider may be specific to a SSH session but the PKCS11Provider may be used by several sessions, the CallbackHandler needs to be configurable per session. PIN prompts respect the NumberOfPasswordPrompts SSH configuration. As long as the library asks only for a PIN, we use the KeyPasswordProvider to prompt for it. This gives automatic integration in Eclipse with the Eclipse secure storage, so a user has even the option to store the PIN there. (Eclipse will then ask for the secure storage master password on first access, so the usefulness of this is debatable.) By default the provider uses the first PKCS#11 token (slot list index zero). This can be overridden by a non-standard PKCS11SlotListIndex ssh configuration entry. (For OpenSSH interoperability, also set "IgnoreUnknown PKCS11SlotListIndex" in the SSH config file then.) Once loaded, the provider and its shared library and the keys contained remain available until the application exits. Manually tested using SoftHSM. See file manual_tests.txt. Kudos to Christopher Lamb for additional manual testing with a real YubiKey, also on Windows.[2] [1] https://docs.oracle.com/en/java/javase/11/security/pkcs11-reference-guide1.html [2] https://www.eclipse.org/forums/index.php/t/1113295/ Change-Id: I544c97e1e24d05e28a9f0e803fd4b9151a76ed11 Signed-off-by: Thomas Wolf <twolf@apache.org>
* sshd: Add README.md for SSH agentsThomas Wolf2022-01-301-0/+47
| | | | | | | | Explain SSH agent protocols, what transports are available and how to choose them in ~/.ssh/config. For Windows, add some information on which commonly used SSH agents can be used. Change-Id: I0b08a95654fd76643512606edb1ed74d9980aa85 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* Typo fix in o.e.j.ssh.{jsch,apache}/README.mdThomas Wolf2021-11-151-1/+1
| | | | Change-Id: Ia7da92421f8fecb2a175eb23ecfd04a67e0ca8cc Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
* [doc] Add README and package-info to the SSH bundlesThomas Wolf2021-10-311-0/+61
Explain in the JSch bundle that it is essentially unmaintained. Add descriptions in both bundles explaining how to use it, or how to use an alternate implementation. Change-Id: Idaf46c33b14543279f78a55cb7c6bd42b06ee6b8 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-24 15:42:10 +0000