ssh: Handle "ProxyJump none" from SSH config file

Since OpenSSH 7.8, the ProxyJump directive accepts the value "none"[1] to override and clear a setting that might otherwise be contributed by another (wildcard) host entry. [1] https://bugzilla.mindrot.org/show_bug.cgi?id=2869 Change-Id: Ia35e82c6f8c58d5c6b8040cda7a07b220f43fc21 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
2021-11-13 18:10:13 +01:00 · 2021-11-13 18:10:13 +01:00 · 057f1d9123
parent 180bc67e28
commit 057f1d9123
3 changed files with 38 additions and 2 deletions
--- a/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java
+++ b/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java
@ -354,6 +354,21 @@ public void testJumpHost() throws Exception {
 		}
 	}

+	@Test
+	public void testJumpHostNone() throws Exception {
+		// Should not try to go through the non-existing proxy
+		cloneWith("ssh://server/doesntmatter", defaultCloneDir, null, //
+				"Host server", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath(), //
+				"ProxyJump none", //
+				"", //
+				"Host *", //
+				"ProxyJump " + TEST_USER + "@localhost:1234");
+	}
+
 	@Test
 	public void testJumpHostWrongKeyAtProxy() throws Exception {
 		// Test that we find the proxy server's URI in the exception message
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSession.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSession.java
@ -219,7 +219,8 @@ private List<URIish> determineHops(List<URIish> currentHops,
 			HostConfigEntry hostConfig, String host) throws IOException {
 		if (currentHops.isEmpty()) {
 			String jumpHosts = hostConfig.getProperty(SshConstants.PROXY_JUMP);
-			if (!StringUtils.isEmptyOrNull(jumpHosts)) {
+			if (!StringUtils.isEmptyOrNull(jumpHosts)
+					&& !SshConstants.NONE.equals(jumpHosts)) {
 				try {
 					return parseProxyJump(jumpHosts);
 				} catch (URISyntaxException e) {
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/SshConstants.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/SshConstants.java
@ -191,6 +191,26 @@ private SshConstants() {
 	/** Flag value. */
 	public static final String FALSE = "false";

+	/**
+	 * Property value. Some keys accept a special 'none' value to override and
+	 * clear a setting otherwise contributed by another host entry, for instance
+	 * {@link #PROXY_COMMAND} or {@link #PROXY_JUMP}. Example:
+	 *
+	 * <pre>
+	 * Host bastion.example.org
+	 *   ProxyJump none
+	 *
+	 * Host *.example.org
+	 *   ProxyJump bastion.example.org
+	 * </pre>
+	 * <p>
+	 * OpenSSH supports this since OpenSSH 7.8.
+	 * </p>
+	 *
+	 * @since 6.0
+	 */
+	public static final String NONE = "none";
+
 	// Default identity file names

 	/** Name of the default RSA private identity file. */
@ -202,7 +222,7 @@ private SshConstants() {
 	/** Name of the default ECDSA private identity file. */
 	public static final String ID_ECDSA = "id_ecdsa";

-	/** Name of the default ECDSA private identity file. */
+	/** Name of the default ED25519 private identity file. */
 	public static final String ID_ED25519 = "id_ed25519";

 	/** All known default identity file names. */