Make the SSH authentication methods used by the server configurable,
so that for example password authentication can be turned off.
For this, a `git.sshAuthenticationMethods` setting is added which is a space
separated list of authentication method names. Only the methods listed will
be enabled in the server.
This is modeled after the option of the same name from sshd_config, but it
does not offer listing multiple required methods. It leaves the door open,
though, for a later extension to support such a multi-factor authentication.
Since this also includes Kerberos authentication with GSS API, this obsoletes
the `git.sshWithKrb5` property. The latter is removed. Instead, to enable
Kerberos5 authentication, add the method name `gssapi-with-mic` to the
authentication methods list.
Added git.sshDisplay{Port|Host} to hide port forward.
Running gitblit in a container it's easy to expose the ssh on the default port.
Using git.sshDisplayPort/git.sshDisplayHost you can expose the forwarded address
as the official location.
Prevent double authentication for the same public key
Openssh client sends two requests, one without a key signature to verify
that the public key is acceptable and the second one with the signature
after having loaded the private key and signed some data for actual
verification.
To prevent that the PublickeyAuthenticator#authenticate is called twice
cache the authentication status for session and public key. Implement
SessionListener to clean up the cache entry when session is destroyed.
This is a workaround for SSHD bug [1].
Inspired-By: Guillaume Nodet <gnodet@apache.org>
[1] https://issues.apache.org/jira/browse/SSHD-300
Starting from version 0.9.0 Apache SSHD project added support for NIO2
IoSession. To use the new NIO2 session the `backend` option must be set
to `NIO2`.
By default, `NIO2`.
Change-Id: I06cf92b02e80ecf9e8bfbd9f6d6d623dfe3ccff3
DispatchCommand is supposed to be nested:
ssh server gitblit version --verbose --format json
means that first the command that is seen by dispatching process is
"gitblit". Dispatch command look in its commands map for this command
and dispatch the rest of the command and options and arguments to this
command, version in this example.
Change-Id: I8ef8e0e369922c793ca7ad36c1a8f76b0206baa7
Eliminate use of Dagger and do not create inner classes
This change outlines somethings I'd like to see in your latest code.
1. Elimination of Dagger
2. Less noise from inner class instantiation
3. Formalizing filesystem location for keys instead of Unix-y /tmp/
4. Password authentication as alternative to Key authentication
Change-Id: I7a76e1811ad7cd545444fd8b59bbe8c4f45ccfec
Support serving repositories over the SSH transport
Gitblit would greatly benefit from an integrated SSH server. This would
complete the transport trifecta.
Change-Id: I6fb95abe65655fa74d47ea71522d8d9a1541450c