sshd: backport upstream fix for SSHD-1231
SSHD-1231[1] may lead to exceptions when trying to authenticate first with an RSA key that is rejected by the server. The upstream fix is a one-liner but unfortunately didn't make it into Apache MINA sshd 2.8.0. Incorporate the upstream fix in JGitPublicKeyAuthentication, and add a test case for this. [1] https://issues.apache.org/jira/browse/SSHD-1231 Bug: 577545 Change-Id: Ia744cd4aa569bccd937c855f3bb45c0116915bad Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
This commit is contained in:
parent
709087c582
commit
4c555f0742
|
@ -107,6 +107,32 @@ public void testEd25519HostKey() throws Exception {
|
||||||
"IdentityFile " + privateKey1.getAbsolutePath());
|
"IdentityFile " + privateKey1.getAbsolutePath());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test for SSHD-1231. If authentication is attempted first with an RSA key,
|
||||||
|
* which is rejected, and then with some other key type (here ed25519),
|
||||||
|
* authentication fails in bug SSHD-1231.
|
||||||
|
*
|
||||||
|
* @throws Exception
|
||||||
|
* on errors
|
||||||
|
* @see <a href=
|
||||||
|
* "https://issues.apache.org/jira/browse/SSHD-1231">SSHD-1231</a>
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testWrongKeyFirst() throws Exception {
|
||||||
|
File userKey = new File(getTemporaryDirectory(), "userkey");
|
||||||
|
copyTestResource("id_ed25519", userKey);
|
||||||
|
File publicKey = new File(getTemporaryDirectory(), "userkey.pub");
|
||||||
|
copyTestResource("id_ed25519.pub", publicKey);
|
||||||
|
server.setTestUserPublicKey(publicKey.toPath());
|
||||||
|
cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
|
||||||
|
"Host git", //
|
||||||
|
"HostName localhost", //
|
||||||
|
"Port " + testPort, //
|
||||||
|
"User " + TEST_USER, //
|
||||||
|
"IdentityFile " + privateKey1.getAbsolutePath(), // RSA
|
||||||
|
"IdentityFile " + userKey.getAbsolutePath());
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testHashedKnownHosts() throws Exception {
|
public void testHashedKnownHosts() throws Exception {
|
||||||
assertTrue("Failed to delete known_hosts", knownHosts.delete());
|
assertTrue("Failed to delete known_hosts", knownHosts.delete());
|
||||||
|
|
|
@ -108,4 +108,18 @@ public PublicKeyIdentity next() {
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PublicKeyIdentity resolveAttemptedPublicKeyIdentity(
|
||||||
|
ClientSession session, String service) throws Exception {
|
||||||
|
PublicKeyIdentity result = super.resolveAttemptedPublicKeyIdentity(
|
||||||
|
session, service);
|
||||||
|
// This fixes SSHD-1231. Can be removed once we're using Apache MINA
|
||||||
|
// sshd > 2.8.0.
|
||||||
|
//
|
||||||
|
// See https://issues.apache.org/jira/browse/SSHD-1231
|
||||||
|
currentAlgorithms.clear();
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue