Community
Participate
Working Groups
ed25519 is becoming more and more mainstream and there is still no sign of Jsco implementing it. There is a feature request, which is from 2015 and no sign of someone reading it. (https://sourceforge.net/p/jsch/feature-requests/7/) There is an other implementation at https://github.com/hierynomus/sshj which supports ed25519. It seems to be an old GSOC Project which was labeled as "SSH and SCP for Apache Commons-Net".(old repo: https://code.google.com/archive/p/commons-net-ssh/) I'm in no way affiliated with any of these implementations or implementors. I just searched for alternative after several hours of debugging when trying to connect to a git repo via ssh and an ed25519 key.
+1 for this feature. It would be highly appreciated!
+1 We switched from rsa to ed25519 keys completely.
Apache Mina sshd would be another candidate. An older version is in Orbit already, but Jgit should probably synchronize with Gerrit on the version and version range. Note that ECDSA keys also don't work; see https://www.eclipse.org/forums/index.php/t/1093889/ .
I'll chime in with a +1 as well. RSA comes under more scrutiny from the security community. Not only will it suffer when using Shor's algorithm becomes feasible. As well any implementation is more complicated and error prone compared to ECDSA and ed25519. Therefore the latter are more favorable.
As Thomas suggested, one can use the GIT_SSH environment variable to point to an ssh executable. One can use the executable which comes with msysgit (Git for Windows): <path to msysgit>/usr/bin/ssh.exe. I assume on Windows most of the users have this installed.
I'll give this a try. But it's a lot of work; so don't hold your breath. Steps involved: 1. Implement ssh tests using a simple Apache MINA sshd git server. 2. Test the Jsch ssh implementation against that. 3. Get rid of JSch dependencies in the OpenSsh config file parser. 4. Get rid of Jsch dependencies in TransportSftp. 5. Re-implement a SshSessionFactory based on the chosen new ssh client library. 6. Test that using the same ssh tests. 7. Provide an option in the JGit command-line commands to choose the ssh implementation (probably defaulting to JSch for the time being). 8. Once we're satisfied with the stability of the new ssh implementation, switch the default. That's only for JGit. For Egit, more has to be done once we have step 6 completed. We need to provide a bundle that integrates the new ssh implementation in JGit with Eclipse. 9. Read preferences from the org.eclipse.jsch preferences to configure the new SshSessionFactory accordingly. 10. Add listeners to the org.eclipse.jsch preference nodes to be able to react to changes in the General->Network Connections->SSH2 preference page and reconfigure the new SshSessionFactory accordingly. 11. Provide a user preference for switching the ssh implementation between JSch (default) and the new one(switching is just installing a new SshSessionFactory instance). We might set the default implementation for EGit nightly to the new one, and decide before we release whether we can ship it, or whether we should still use JSch as default. At that point we could then start thinking about how to support ed25519, which means getting Bouncy Castle into Eclipse (it's already in Orbit, and would be needed for signed commits, too?). Step (1) requires having a modern Apache MINA sshd in Orbit. At that point, there's only be a test dependency on it. Before step (5) starts, we should decide which library to use. I'm aware of three serious candidates: * Apache MINA sshd:[1], bugtracker at [2], source on Apache[3] mirrored to Github[4]. APL 2.0. 2 main developers; project is actively maintained. Comes with the recommendation that at least its server part is good enough to be used in Gerrit :-) so hopefully the client code should also work well. Latest version on maven central 2.0.0; Github shows a 2.1.0... claims to be able to handle ed25519 if Bouncy Castle is present. (Can't handle yet encrypted ed25519 private keys, though). Also seems to rely on net.i2p.crypto.eddsa 0.3.0 for ed25519 support (optional dependency).[5] * sshj:[6] Basically one developer (project originator appears to be no longer active). Latest version 0.26.0. Contains some crypto code (custom implementation of Curve25519 and a copy of org.mindrot.jbcrypt 0.2 -- maven has 0.4 with an ISC license[7]). Depends on net.i2p.crypto.eddsa 0.2.0 and on com.jcraft.jzlib. After a quick glance, I didn't see any support for reading ~/.ssh/config, so we'd have to use our own (existing). * ganymede:[8] was originally developed at ETH Zurich by a single developer, but appears to be abandoned. There is a fork[9], but that looks equally unmaintained. License looks BSD-style, but is a bit confusing (3 different licenses, and apparently some Bouncy Castle code included). [1] https://mina.apache.org/sshd-project/ [2] https://issues.apache.org/jira/projects/SSHD/issues/?filter=allopenissues [3] https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=summary [4] https://github.com/apache/mina-sshd [5] https://search.maven.org/artifact/net.i2p.crypto/eddsa/0.3.0/bundle [6] https://github.com/hierynomus/sshj [7] https://opensource.org/licenses/isc-license [8] https://github.com/maxd/ganymed-ssh-2/issues/55 [9] https://github.com/hudson/ganymed-ssh-2 I'd say ganymede is out since unmaintained. sshj might be candidate; would have to try it, but I'm wary of the crypto code and license review for getting it into Orbit. IMO the best bet is Apache MINA sshd. Conflicts with the Apache MINA sshd version used in Gerrit can be avoided if we implement the JGit SSH support based on Apache MINA sshd in a separate bundle that Gerrit just doesn't install. So no new dependencies on the core org.eclipse.jgit bundle. I do have a working prototype up to and including step (6) above using Apache MINA sshd. (Still needs a lot of clean-up work -- it's just a prototype.) But before we can go on with this, we need to get a modern Apache MINA sshd into Orbit (it currently has only 0.7.0). Needed: * sshd-core 2.0.0: https://search.maven.org/artifact/org.apache.sshd/sshd-core/2.0.0/jar * sshd-stfp 2.0.0: https://search.maven.org/artifact/org.apache.sshd/sshd-sftp/2.0.0/jar * For ed25519 support (optional): net.i2p.crypto.eddsa 0.3.0: https://search.maven.org/artifact/net.i2p.crypto/eddsa/0.3.0/bundle Bouncy Castle is already in Orbit. Just in case sshd 2.1.0 appears on maven and we'd like to go with that: then we'd also need sshd-common 2.1.0. If I've seen this right they've factored out some common stuff into a separate artifact.
I forgot: sshd-core and sshd-sftp are needed in Orbit already for step (1). Having ssh tests is a must before we implement something new.
Thanks for working on this. I agree to your conclusion that we should go for mina. Apache is a proper home, the project is maintained by more than 1 person (we have been bitten with jsch where the only maintainer disappeared and we have no repository we could fork) and server-side works for Gerrit, AFAIK there were also some contributions from Gerrit developers so community seems to also work. I can create the necessary CQs and care for the Orbit bundles. Just need to decide on the versions. Bouncycastle we also need for signed commits/tags/pushes. That was the reason why I added it to orbit.
(In reply to Matthias Sohn from comment #8) > I can create the necessary CQs and care for the Orbit bundles. That'd be great. As I wrote above, we'd need org.apache.sshd:sshd-core:2.0.0 and org.apache.sshd:sshd-sftp:2.0.0. Both have no further required dependencies except org.slf4j. That one, however, is needed in version 1.7.25. In Orbit I see only 1.7.10... I wonder if that causes trouble. If you could also already start a CQ for net.i2p.crypto:eddsa:0.3.0 that'd be great. We won't need it until we start doing ed25519, but then we will need it. It's an optional dependency of sshd-core. > Just need to decide on the versions. I did my prototype with sshd 2.0.0. It appears that Gerrit master also uses this.[1] Maybe one of the Gerrit devs could confirm; but as I wrote above, I don't think it matters if it's done outside of our core org.eclipse.jgit bundle. I still don't see any 2.1.0 in the maven repos, despite [2]. So I'd suggest we go with 2.0.0 [1] https://gerrit.googlesource.com/gerrit/+/master/WORKSPACE#780 [2] https://github.com/apache/mina-sshd/releases/tag/sshd-2.1.0
(In reply to Thomas Wolf from comment #9) > I still don't see any 2.1.0 in the maven repos, despite [2]. So I'd suggest > we go with 2.0.0 > > [1] https://gerrit.googlesource.com/gerrit/+/master/WORKSPACE#780 > [2] https://github.com/apache/mina-sshd/releases/tag/sshd-2.1.0 I just sent this question to the mina mailing list [3] [3] https://www.mail-archive.com/users@mina.apache.org/msg06621.html
(In reply to Matthias Sohn from comment #10) > [3] https://www.mail-archive.com/users@mina.apache.org/msg06621.html 2.1.0 is available now on maven, but it seems they introduced a split package with that: [1] So probably best to stick with 2.0.0 for now? [1] https://issues.apache.org/jira/browse/SSHD-847
(In reply to Thomas Wolf from comment #11) > (In reply to Matthias Sohn from comment #10) > > [3] https://www.mail-archive.com/users@mina.apache.org/msg06621.html > > 2.1.0 is available now on maven, but it seems they introduced a split > package with that: [1] > > So probably best to stick with 2.0.0 for now? yes, I'll create the CQ for 2.0.0. > [1] https://issues.apache.org/jira/browse/SSHD-847
I filed the following CQs for sshd and dependencies [CQ 17799] Apache Mina sshd-core 2.0.0 http://dev.eclipse.org/ipzilla/show_bug.cgi?id=17799 [CQ 17801] Apache Mina sshd-sftp 2.0.0 http://dev.eclipse.org/ipzilla/show_bug.cgi?id=17801 [CQ 17804] EdDSA-Java 0.3.0 http://dev.eclipse.org/ipzilla/show_bug.cgi?id=17804
(In reply to Matthias Sohn from comment #13) > I filed the following CQs for sshd and dependencies > > [CQ 17799] Apache Mina sshd-core 2.0.0 > http://dev.eclipse.org/ipzilla/show_bug.cgi?id=17799 > > [CQ 17801] Apache Mina sshd-sftp 2.0.0 > http://dev.eclipse.org/ipzilla/show_bug.cgi?id=17801 > > [CQ 17804] EdDSA-Java 0.3.0 > http://dev.eclipse.org/ipzilla/show_bug.cgi?id=17804 The first two are approved. With those two in Orbit we could do a full-fledged sshd client except for the ed25519 support.
yep, also CQ CQ 17851 and 17852 for Orbit were approved. I'll try to find time this week.
pushed https://git.eclipse.org/r/#/c/130955/ https://git.eclipse.org/r/#/c/130956/ for review
My prototype now includes everything up to and including step 11 from comment 6. I forgot one step: 12. Implement proxy support for sshd sshd has _no_ built-in client-side proxy code. There's one interface for it, but no implementations, and in general that bit looks like it was never actually used. Since we need to support HTTP(S) and SOCKS5 proxies, we'll have to roll our own implementations of the ClientProxyConnector interface. :-( It's a bit of work to get this right. I see currently only ways to do HTTP and SOCKS. I see no way to dynamically select between SOCKS5 and SOCKS4, nor do HTTPS, or SOCKS5 with SSL auth. JSch has code to support HTTP proxies with basic auth, and SOCKS5 proxies with user/password auth. An additional problem is that I don't know how I could test an implementation for this.
[CQ 17804] EdDSA-Java 0.3.0 http://dev.eclipse.org/ipzilla/show_bug.cgi?id=17804 is approved, too!
(In reply to Thomas Wolf from comment #18) > [CQ 17804] EdDSA-Java 0.3.0 > http://dev.eclipse.org/ipzilla/show_bug.cgi?id=17804 > > is approved, too! will look into this. I'll also try to grab Gunnar at EclipseCon to educate me on the open ends with adding mina to Orbit
BTW: note that eddsa-java contains a JCE SecurtityProvider that sshd will try to register. I think that means the bundle must be signed like we do for the bouncy castle bundles, otherwise we'll get certificate problems. Don't know if the eddsa-java maven artifact already is properly signed.
(In reply to Thomas Wolf from comment #17) > My prototype now includes everything up to and including step 11 from > comment 6. > > I forgot one step: > > 12. Implement proxy support for sshd Done now, too. HTTP and SOCKS5 proxies. > An additional problem is that I don't know how I could test an > implementation for this. And tested with ssh -D (SOCKS5, anonymous), tinyproxy (HTTP, anonymous), and 3proxy (HTTP + SOCKS5, with username-password auth (known as Basic auth in HTTP)).
You can use this new target platform "jgit-4.10-latest-I.target" which uses the latest Orbit I-build until it gets promoted to a S-build: https://git.eclipse.org/r/#/c/131725/
latest Orbit I-build including the following fixes - https://git.eclipse.org/r/#/c/131829/ Add missing : in optional dependency of org.apache.sshd.core - https://git.eclipse.org/r/#/c/131827/ Relax JavaSE requirement for org.apache.sshd.* - https://git.eclipse.org/r/#/c/131828/ Relax JavaSE requirement for net.i2p.crypto.eddsa is now available here http://download.eclipse.org/tools/orbit/downloads/drops/I20181102163257/
New Gerrit change created: https://git.eclipse.org/r/131879
New Gerrit change created: https://git.eclipse.org/r/131882
New Gerrit change created: https://git.eclipse.org/r/131880
New Gerrit change created: https://git.eclipse.org/r/131883
New Gerrit change created: https://git.eclipse.org/r/131886
New Gerrit change created: https://git.eclipse.org/r/131884
New Gerrit change created: https://git.eclipse.org/r/131890
New Gerrit change created: https://git.eclipse.org/r/131888
New Gerrit change created: https://git.eclipse.org/r/131889
New Gerrit change created: https://git.eclipse.org/r/131887
New Gerrit change created: https://git.eclipse.org/r/131885
New Gerrit change created: https://git.eclipse.org/r/131891
New Gerrit change created: https://git.eclipse.org/r/131892
New Gerrit change created: https://git.eclipse.org/r/131893
Gerrit change https://git.eclipse.org/r/131880 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=cc000f93a84b22e692a9c234486978703fdb8f30
Gerrit change https://git.eclipse.org/r/131879 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=08b0a8632d54a24d92075b94d0b0134b69146ba2
Gerrit change https://git.eclipse.org/r/131883 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=0173b25415fb334490396a2fa4150db888c56947
Gerrit change https://git.eclipse.org/r/131882 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=705691ee517900d3359868212a50d4dc7f048245
Gerrit change https://git.eclipse.org/r/131884 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=488d95571fbe5b896c929dc3f65dc0c0a7161d00
Gerrit change https://git.eclipse.org/r/131885 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=9b31969f3c8b10747ee4af4fff83e9f45c6b41b0
Gerrit change https://git.eclipse.org/r/131886 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=06387d4bfdddf96e0d590649cdc6b7f89a53e341
Gerrit change https://git.eclipse.org/r/131887 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=8001f4c1fe441ec2eb7416851e933e9dc347abd7
Gerrit change https://git.eclipse.org/r/131888 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=63a87b398ff67584069ab8cf6a17824f009a7102
Gerrit change https://git.eclipse.org/r/131889 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=ec1116627f251dbc434111840111a417263403ee
Gerrit change https://git.eclipse.org/r/131890 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=c56fa51709278f2be4e155ae5fbad270188cbe64
Gerrit change https://git.eclipse.org/r/131891 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=a151190bef8769bb644f08e6fa423c7fe423a1dd
New Gerrit change created: https://git.eclipse.org/r/132500
Does the current state already provide ssh-agent support (https://github.com/apache/mina-sshd/blob/master/README.md#proxy-agent)? If not, is this planned as well?
(In reply to Konrad Windszus from comment #51) > Does the current state already provide ssh-agent support > (https://github.com/apache/mina-sshd/blob/master/README.md#proxy-agent)? If > not, is this planned as well? No, it does not. The Java code is prepared for it, but sshd uses the tomcat APR native library (libraries actually, different for different systems, Mac OS, Linux, Windows) for this. Those are not in Eclipse yet. Yes, _eventually_ it would be nice if we could support this. I know Gunnar once did an Eclipse plug-in for this,[1] but I don't know if that could be adapted easily for sshd. See also bug 179924; the upshot from that is that the underlying JSch JNA stuff never made it into Eclipse because it uses JDK internals. It's not going to be easy; doing this properly such that it can be maintained will require getting the Tomcat APR into Eclipse (which requires CQ to get legal clearance), and may need significant build infrastructure changes (if we have to build the JNA libraries from sources, we'd need to able to build native code on Jenkins for Mac OS, Linux, and Windows). And then we'd have to figure out how to package this correctly. And how it all needs to be hooked up such that it works. [1] https://github.com/eclipseguru/eclipse-jsch-agent-proxy
New Gerrit change created: https://git.eclipse.org/r/132581
Gerrit change https://git.eclipse.org/r/132500 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=7aaeb6489f9819227fa8ebe122a849b6029242b7
Gerrit change https://git.eclipse.org/r/132581 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=00b235f0b86769ec6781a8114cd741f3cba08de5
Gerrit change https://git.eclipse.org/r/131892 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=6c14d273faa89ab1657e818315b68f3bd672ff87
New Gerrit change created: https://git.eclipse.org/r/132615
Gerrit change https://git.eclipse.org/r/132615 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=c567b6ecde6b055441f52f0f36dcf8b9d0fe5068
Gerrit change https://git.eclipse.org/r/131893 was merged to [master]. Commit: http://git.eclipse.org/c/egit/egit.git/commit/?id=33cc25fcead0ed86bd61c0f87625aac1dcaf6b90
Changes are available now via the EGit nightly update site http://download.eclipse.org/egit/updates-nightly as of versions EGit 5.2.0.201811172010 and JGit 5.2.0.201811171917. Closing now; I'll create follow-up issues for the loose ends: ed25519 support, reading PuTTY keys, ssh-agent and Pageant support.
Does anyone know if switching to Mina fixed the problems with setting GIT_SSH in Egit? https://bugs.eclipse.org/bugs/buglist.cgi?quicksearch=GIT_SSH
(In reply to Sven Selberg from comment #61) > Does anyone know if switching to Mina fixed the problems with setting > GIT_SSH in Egit? > https://bugs.eclipse.org/bugs/buglist.cgi?quicksearch=GIT_SSH Don't know. If GIT_SSH is set, an *external* ssh executable is used, not one of the internal Java SSH implementations (Jsch or Apache MINA sshd). So I would be surprised if introducing Apache MINA sshd had changed anything regarding GIT_SSH.