分支:
master
master
next
stable-5.10
stable-5.11
stable-5.12
stable-5.2
stable-5.3
stable-5.4
stable-5.5
stable-5.6
stable-5.7
stable-5.8
stable-5.9
stable-0.10
stable-0.11
stable-0.12
stable-0.7
stable-0.8
stable-0.9
stable-1.0
stable-1.1
stable-1.2
stable-1.3
stable-2.0
stable-2.1
stable-2.2
stable-2.3
stable-3.0
stable-3.1
stable-3.2
stable-3.3
stable-3.4
stable-3.5
stable-3.6
stable-3.7
stable-4.0
stable-4.1
stable-4.10
stable-4.11
stable-4.2
stable-4.3
stable-4.4
stable-4.5
stable-4.6
stable-4.7
stable-4.8
stable-4.9
stable-5.0
stable-5.1
v5.12.0.202106021050-rc1
v5.12.0.202106011439-rc1
v5.11.0.202103031150-rc1
v5.10.0.202012021225-rc1
v5.6.0.201912041214-rc1
v5.5.0.201909041048-rc1
v5.3.0.201903061415-rc1
v5.1.0.201809051400-rc1
v5.0.0.201806050710-rc3
v5.0.0.201805301535-rc2
v5.0.0.201805221745-rc1
v4.8.0.201705170830-rc1
v4.4.0.201606011500-rc2
v4.4.0.201605250940-rc1
v4.3.0.201603230630-rc1
v4.0.0.201506020755-rc3
v4.0.0.201505260635-rc2
v4.0.0.201505191015-rc1
v3.7.0.201502031740-rc1
v3.5.0.201409071800-rc1
v3.4.0.201406041058-rc3
v3.4.0.201405281120-rc2
v3.4.0.201405211411-rc1
v3.3.0.201402191814-rc1
v3.1.0.201309270735-rc1
v3.0.2.201309041250-rc2
v3.0.0.201306040240-rc3
v3.0.0.201305281830-rc2
v2.3.0.201302130906
v1.3.0.201202121842-rc4
v1.1.0.201109071825-rc3
v1.1.0.201109011030-rc2
v1.0.0.201106011211-rc3
v0.12.1
v0.11.3
v0.11.1
v0.10.1
v0.9.3
v0.9.1
v0.8.4
v0.8.1
v0.7.1
v0.7.0
v5.12.0.202106070339-r
v5.12.0.202105261145-m3
v5.12.0.202105051250-m2
v5.11.1.202105131744-r
v5.11.0.202103091610-r
v5.11.0.202102240950-m3
v5.11.0.202102031030-m2
v5.10.0.202012080955-r
v5.10.0.202011251205-m3
v5.10.0.202011041322-m2
v5.9.0.202009080501-r
v5.9.0.202008260805-m3
v5.8.1.202007141445-r
v5.8.0.202006091008-r
v5.8.0.202005061305-m2
v5.7.0.202003110725-r
v5.7.0.202003090808-r
v5.7.0.202002241735-m3
v5.7.0.202001151323-m1
v5.6.1.202002131546-r
v5.6.0.201912101111-r
v5.6.0.201911271000-m3
v5.5.1.201910021850-r
v5.5.0.201909110433-r
v5.5.0.201908280940-m3
v5.4.3.201909031940-r
v5.4.2.201908231537-r
v5.4.1.201908211225-r
v5.4.0.201906121030-r
v5.4.0.201905221418-m3
v5.4.0.201905081430-m2
v5.3.9.202012012026-r
v5.3.8.202011260953-r
v5.3.7.202002110540-r
v5.3.6.201910020505-r
v5.3.5.201909031855-r
v5.3.4.201908231101-r
v5.3.3.201908210735-r
v5.3.2.201906051522-r
v5.3.1.201904271842-r
v5.3.0.201903130848-r
v5.3.0.201901162155-m1
v5.3.0.201901161700-m1
v5.2.1.201812262042-r
v5.2.0.201812061821-r
v5.2.0.201811281532-m3
v5.1.16.202106041830-r
v5.1.15.202012011955-r
v5.1.14.202011251942-r
v5.1.13.202002110435-r
v5.1.12.201910011832-r
v5.1.11.201909031202-r
v5.1.10.201908230655-r
v5.1.9.201908210455-r
v5.1.8.201906050907-r
v5.1.7.201904200442-r
v5.1.6.201903130242-r
v5.1.5.201812261915-r
v5.1.4.201812251853-r
v5.1.3.201810200350-r
v5.1.2.201810061102-r
v5.1.1.201809181055-r
v5.1.0.201809111528-r
v5.1.0.201808281540-m3
v5.0.3.201809091024-r
v5.0.2.201807311906-r
v5.0.1.201806211838-r
v5.0.0.201806131550-r
v5.0.0.201805151920-m7
v4.11.9.201909030838-r
v4.11.8.201904181247-r
v4.11.7.201903122105-r
v4.11.6.201812241910-r
v4.11.5.201810191925-r
v4.11.4.201810060650-r
v4.11.3.201809181037-r
v4.11.2.201809100523-r
v4.11.1.201807311124-r
v4.11.0.201803080745-r
v4.10.0.201712302008-r
v4.9.10.201904181027-r
v4.9.9.201903122025-r
v4.9.8.201812241815-r
v4.9.7.201810191756-r
v4.9.6.201810051924-r
v4.9.5.201809180939-r
v4.9.4.201809090327-r
v4.9.3.201807311005-r
v4.9.2.201712150930-r
v4.9.1.201712030800-r
v4.9.0.201710071750-r
v4.8.0.201706111038-r
v4.7.9.201904161809-r
v4.7.8.201903121755-r
v4.7.7.201812240805-r
v4.7.6.201810191618-r
v4.7.5.201810051826-r
v4.7.4.201809180905-r
v4.7.3.201809090215-r
v4.7.2.201807261330-r
v4.7.1.201706071930-r
v4.7.0.201704051617-r
v4.6.1.201703071140-r
v4.6.0.201612231935-r
v4.5.7.201904151645-r
v4.5.6.201903121547-r
v4.5.5.201812240535-r
v4.5.4.201711221230-r
v4.5.3.201708160445-r
v4.5.2.201704071617-r
v4.5.1.201703201650-r
v4.5.0.201609210915-r
v4.4.1.201607150455-r
v4.4.0.201606070830-r
v4.4.0.201605041135-m1
v4.3.1.201605051710-r
v4.3.0.201604071810-r
v4.2.0.201601211800-r
v4.2.0.201511101648-m1
v4.1.2.201602141800-r
v4.1.1.201511131810-r
v4.1.0.201509280440-r
v4.0.1.201506240215-r
v4.0.0.201506090130-r
v4.0.0.201505050340-m2
v4.0.0.201503231230-m1
v3.7.1.201504261725-r
v3.7.0.201502260915-r
v3.6.2.201501210735-r
v3.6.1.201501031845-r
v3.6.0.201412230720-r
v3.6.0.201411121045-m1
v3.5.3.201412180710-r
v3.5.2.201411120430-r
v3.5.1.201410131835-r
v3.5.0.201409260305-r
v3.4.2.201412180340-r
v3.4.1.201406201815-r
v3.4.0.201406110918-r
v3.4.0.201405051725-m7
v3.3.2.201404171909-r
v3.3.1.201403241930-r
v3.3.0.201403021825-r
v3.2.0.201312181205-r
v3.2.0.201311130903-m3
v3.1.0.201310021548-r
v3.0.3.201309161630-r
v3.0.2.201311090911-r
v3.0.0.201306101825-r
v3.0.0.201305080800-m7
v2.3.1.201302201838-r
v2.2.0.201212191850-r
v2.1.0.201209190230-r
v2.0.0.201206130900-r
v1.3.0.201202151440-r
v1.2.0.201112221803-r
v1.1.0.201109151100-r
v1.0.0.201106090707-r
v1.0.0.201106081625-r
v1.0.0.201106071701-r
v1.0.0.201106051725-r
spearce-gpg-pub
14 次代码提交 (master)
14 次代码提交 (master)
| 作者 | SHA1 | 备注 | 提交日期 |
|---|---|---|---|
 David Ostrovsky
|
4560bdf7e2 |
Migrate to Apache MINA sshd 2.6.0 and Orbit I20210203173513
Re-enable DSA, DSA_CERT, and RSA_CERT public key authentication. DSA is discouraged for a long time already, but it might still be way too disruptive to completely drop it. RSA is discouraged for far less long, and dropping that would be really disruptive. Adapt to the changed property handling. Remove work-arounds for shortcomings of earlier sshd versions. Use Orbit I20210203173513, which includes sshd 2.6.0. This also bumps apache.httpclient to 4.5.13 and apache.httpcore to 4.4.14. Change-Id: I2d24a1ce4cc9f616a94bb5c4bdaedbf20dc6638e Signed-off-by: David Ostrovsky <david@ostrovsky.org> Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> |
3 年前 |
 Matthias Sohn
|
21262e98fe |
[spotbugs] Silence NP_BOOLEAN_RETURN_NULL in FakeUserAuthGSS#doAuth
Also mark the return value @Nullable to enable null analysis in Eclipse. Change-Id: Ib954b231d743da6ea122adb2cc4880b5f99824cc Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> |
3 年前 |
 Thomas Wolf
|
24fdc1d039 |
Fix JSchProcess.waitFor() with time-out
SshSupport.runSshCommand() had a comment that wait with time-out could not be used because JSchProcess.exitValue() threw the wrong unchecked exception when the process was still running. Fix this and make JSchProcess.exitValue() throw the right exception, then wait with a time-out in SshSupport. The Apache sshd client's SshdExecProcess has always used the correct IllegalThreadStateException. Add tests for SshSupport.runCommand(). Change-Id: Id30893174ae8be3b9a16119674049337b0cf4381 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> |
3 年前 |
|
Thomas Wolf
|
835e3225a8 |
sshd: use PropertyResolver in test
Improve the SshTestGitServer API for accessing the server properties. Instead of returning the raw property map, return the proper sshd API abstraction PropertyResolver. This makes the interface more resilient against upstream changes. Change-Id: Ie5b685bddc4e59f3eb6c121026d3658d57618ca4 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> |
3 年前 |
|
Thomas Wolf
|
eb67862cba |
Remove dependency on JSch from SSH test framework
Use standard java.security to generate test keys, use sshd to write public key files, and write PKCS#8 PEM files for our non-encrypted test private keys. This is a format that both JSch and Apache MINA sshd can read. Change-Id: I6ec55cfd7346b672a7fb6139d51abfb06d81a394 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> |
3 年前 |
|
Thomas Wolf
|
151f0cb82b |
Add a test for upstream bug SSHD-1028
SSHD-1028:[1] server doesn't close server-side sessions properly when client disconnects. [1] https://issues.apache.org/jira/projects/SSHD/issues/SSHD-1028 Change-Id: I0d67f49e35abe8375cb1370a494dc01d0fb2c9b1 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> |
3 年前 |
|
Thomas Wolf
|
5a5d85a4a3 |
In-memory SSH keys for the "no files" sshd tests
Avoid using a key written to a file. This makes it clearer that the test does not rely on files being present. Change-Id: I31cf4f404aab5b891c32fc4bda906b7f8fe03777 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> |
4 年前 |
|
Thomas Wolf
|
fd3778b935 |
Update to org.apache.sshd 2.4.0
Change target platforms to Orbit I20200319180910 and regenerate them. Change package imports to [2.4.0,2.5.0); adapt code to upstream API changes. Maven build: update version in root pom. Bazel build: update version & hash in WORKSPACE file. Proxy functionality verified manually using 3proxy (HTTP & SOCKS, with basic authentication) and ssh -vvv -D7020 localhost (SOCKS, no authentication). Bug: 561078 Change-Id: I582f6b98055b013c006f2c749890fe6db801cbaa Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> |
4 年前 |
|
Matthias Sohn
|
5c5f7c6b14 |
Update EDL 1.0 license headers to new short SPDX compliant format
This is the format given by the Eclipse legal doc generator [1]. [1] https://www.eclipse.org/projects/tools/documentation.php?id=technology.jgit Bug: 548298 Change-Id: I8d8cabc998ba1b083e3f0906a8d558d391ffb6c4 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> |
4 年前 |
|
Thomas Wolf
|
3a3c8de85c |
sshd: add missing javadoc in SshTestGitServer
Change-Id: Ie2e207eb05e0f6da8018153f8a5dd636e8f35f4c Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> |
4 年前 |
|
Thomas Wolf
|
b8a514fdcb |
sshd: correct the protocol version exchange
RFC 4253 section 4.2 allows an ssh server to send additional lines before its server identification string. Apache MINA sshd enforces for these lines the constraints specified for the server identification line, too: no NUL characters and not longer than 255 characters. That is too strict. RFC 4253 doesn't mandate this, and it also doesn't make sense given the rationale for these lines in RFC 4253: a TCP wrapper may not be aware of SSH restrictions, and may not adhere to these constraints. Be more lenient when parsing the server's protocol version. Allow NULs and longer lines in the preamble, and also handle line endings more leniently. Only enforce the restrictions for the actual server identification line. Bug: 545939 Change-Id: I75955e9d8a8daef7c04fc0f39539c2ee93514e1c Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> |
4 年前 |
|
Thomas Wolf
|
86cee68e0d |
Apache MINA sshd client: adapt to sshd 2.2.0
Update target platforms, maven and bazel builds to use sshd 2.2.0. Adapt internal classes to changed sshd interfaces and remove previous work-arounds for asking repeatedly for key passwords and for loading keys lazily; both are now done by sshd. CQ: 19034 CQ: 19035 Bug: 541425 Change-Id: I85e1df6ebb8a94953a912d9b2b8a7b5bdfbd608a Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> |
5 年前 |
|
Thomas Wolf
|
00b235f0b8 |
Apache MINA sshd client: test & fix password authentication
Add tests for password and keyboard-interactive authentication. Implement password authentication; the default provided by sshd is non-interactive, which is not useful for JGit. Make sure the CredentialsProvider gets reset on successive password retrieval attempts. Otherwise it might always return the same non- accepted password from a secure storage. (That one was discovered by actually trying this via EGit; the JGit tests don't catch this.) Change the default order of authentication mechanisms to prefer password over keyboard-interactive. This is a mitigation for upstream bug SSHD-866.[1] Also include a fix for upstream bug SSHD-867.[2] [1] https://issues.apache.org/jira/projects/SSHD/issues/SSHD-866 [2] https://issues.apache.org/jira/projects/SSHD/issues/SSHD-867 Bug: 520927 Change-Id: I423e548f06d3b51531016cf08938c8bd7acaa2a9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> |
5 年前 |
|
Thomas Wolf
|
1316d43e51 |
Move SshTestGitServer to new bundle org.eclipse.jgit.junit.ssh
Create the bundle and move the SshTestGitServer there. Verified that the Eclipse build still works and ran JSchSshTest and ApacheSshTest as junit tests inside Eclipse. Update maven build and features to account for that. Verified by running full maven build including packaging. Update bazel build files to account for that. Verified by a clean-slate bazel build :all, followed by running the JSchSshTest and the ApacheSshTest via bazel. Change-Id: Ia084942f4425b454529de148e00417e7da786a90 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> |
5 年前 |
|
Thomas Wolf
|
ec1116627f |
Apache MINA sshd client: properly handle HostKeyAlgorithms config
By default sshd will use its default built-in list, which matches the one of openssh (as far as the algorithms exist in sshd at all). But it doesn't handle HostKeyAlgorithms from the ssh config at all. Implement this as in openssh, including the '+' and '-' modifiers and reordering the default if there are known host keys for a server already. Add tests for the reordering. Also use a more robust reader for the known hosts file. The default aborts on the first error. Bug: 520927 Change-Id: Ib1684440bfe2e96140536aa1a93c4bd4a0d35916 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> |
5 年前 |
|
Thomas Wolf
|
8001f4c1fe |
Apache MINA sshd client: add gssapi-with-mic authentication
sshd does support gssapi-with-mic on the server side, but has no built-in client-side support for this authentication mechanism. Add our own implementation for it, following RFC 4462.[1] To avoid needlessly re-trying mechanisms that aren't even configured on the client, we disable mechanisms that fail on the very first attempt to use them. Since we have no real Kerberos5 test setup, this cannot be fully tested in CI. The disabling of the authentication mechanism and that it is skipped when not successful _is_ tested. [1] https://www.ietf.org/rfc/rfc4462.txt Bug: 520927 Change-Id: I5d0cdb14103588a57c52f927df541b589ab88d88 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> |
5 年前 |
|
Thomas Wolf
|
0173b25415 |
Add more ssh tests: pushing, known_host file handling, etc.
Add support for git-receive-pack to the ssh git server and add two new tests for pushing. This actually uncovered an undocumented requirement in TransportSftp: the FTP rename operation assumes POSIX semantics, i.e., that the target is removed. This works as written only for servers that support and advertise the "posix-rename@openssh.com" FTP extension. Our little Apache MINA server does not advertise this extension. Fix the FtpChannel implementation for Jsch to handle this case in a meaningful way so that it can pass the new "push over sftp" test. Add more tests to test the behavior of server host key checking. Also refactor the tests generally to separate better the test framework from the actual tests. Bug: 520927 Change-Id: Ia4bb85e17ddacde7b36ee8c2d5d454bbfa66dfc3 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> |
5 年前 |
|
Thomas Wolf
|
08b0a8632d |
Ssh tests with an Apache MINA sshd test git server
Add a simple ssh git server based on Apache MINA sshd, and use it in new tests that verify ssh operations and in particular a number of bugs that had cropped up over time in JSch. The git server supports fetching only, and sftp access. The tests are all in an abstract base class; the concrete JschSshTest class only provides ssh-specific test setup. So the same tests could be run easily also with some other ssh client. Bug: 520927 Change-Id: Ide6687b717fb497a29fc83f22b07390a26dfce1d Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> |
5 年前 |