-
Notifications
You must be signed in to change notification settings - Fork 51
New and Noteworthy 5.2
There is a new bundle org.eclipse.jgit.ssh.apache that implements a
new SSH session factory based on Apache MINA
sshd. It's available as maven
artifact org.eclipse.jgit:org.eclipse.jgit.ssh.apache:5.2.0.
The default SSH session factory used for fetching and pushing with git
via SSH is still based on the JSch 0.1.54 library. To use the new
implementation based on Apache MINA sshd, include the new artifact in
your dependencies, and install a new
org.eclipse.jgit.ssh.apache.SshdSessionFactory. Example usages can be
found in JGit in org.eclipse.jgit.pgm.TextBuiltin.execute() and in
EGit org.eclipse.egit.core.Activator.setupSSH().
The bundle requires Apache MINA sshd 2.0.0. Because the upstream interfaces of sshd change in later versions it will not work with sshd versions >= 2.1.0. We plan to move to sshd 2.2.0 once that is released; hopefully in time for the next JGit release 5.3.0.
Benefits of the new SSH implementation are that more kinds of SSH keys
work: ECDSA-384 and ECDSA-521 keys work, and ed25519 keys now also
work! It also properly reads private key files generated by modern
OpenSSH (or older OpenSSH ssh-keygen -o), if they are not
password-protected. Encrypted new-style OpenSSH private keys are not
supported by Apache MINA sshd yet. Keys in the older PEM format are
read fine.
- Supported authentication mechanisms: gssapi-with-mic, publickey, password, keyboard-interactive.
- Supported private keys: DSA, RSA, ECDSA (256, 384, and 521 bits), ed25519.
- Supported proxy types: SOCKS5 and HTTP, with anonymous access or GSSAPI or username-password (Basic) authentication.
There is no support yet for ssh-agent or for Pageant with the new SSH library.
The previously existing mechanism for using an external SSH executable
by setting the GIT_SSH environment variable is still available.
Support for reading encrypted OpenSSH keys is on the roadmap for the next JGit 5.3.0 release.
Using this new bundle is completely optional; the core JGit
org.eclipse.jgit bundle has no dependencies on it.
The JGit command-line tools have a new command-line option to select the SSH library to use:
-
--ssh (jsch|apache)
-
Selects the SSH library.
jschis the default and makes the commands use the old JSch library.apacheselects the new Apache MINA sshd implementation.
Find the complete list of new features and bug fixes in the release notes.
The following 18 developers worked on this release:
Christian Halstrick, Dave Borowitz, David Ostrovsky, David Pursehouse, Gunnar Wagenknecht, Han-Wen Nienhuys, Ivan Frade, Jonathan Nieder, Jonathan Tan, Marc Strapetz, Markus Keller, Masaya Suzuki, Matthias Sohn, Michael Keppler, Minh Thai, Ned Twigg, René Scheibe, and Thomas Wolf.