27a1fa1872
Make the used KEX algorithms configurable via the ssh config. Also implement adding algorithms not in the default set: since sshd 2.6.0 deprecated SHA1-based algorithms, it is possible that the default set has not all available algorithms, so adding algorithms makes sense. This enables users who have to use a git server that only supports old SHA1-based key exchange methods to enable those methods in the ssh config: KexAlgorithms +diffie-hellman-group1-sha1 There are two more SHA1 algorithms that are not enabled by default: diffie-hellman-group14-sha1 and diffie-hellman-group-exchange-sha1. KeyAlgorithms accepts a comma-separated list of algorithm names. Since adding algorithms is now supported, adapt the handling of signature algorithms, too. Make sure that definitions for the KEX exchange signature (HostKeyAlgorithms) don't conflict with the definition for signatures for pubkey auth (PubkeyAcceptedAlgorithms). HostKeyAlgorithms updates the signature factories set on the session to include the default factories plus any that might have been added via the SSH config. Move the handling of PubkeyAcceptedAlgorithms from the client to the JGitPubkeyAuthentication, where it can be done only if pubkey auth is attempted at all and where it can store its adapted list of factories locally. Bug: 574636 Change-Id: Ia5d5f174bbc8e5b41e10ec2c25216d861174e7c3 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> |
||
---|---|---|
.. | ||
META-INF/services | ||
org/eclipse/jgit/internal/transport/sshd |