JGit/New and Noteworthy/6.1
- Apache MINA sshd has been updated to version 2.8.0 (previously 2.7.0).
- Affected JGit bundles:
org.eclipse.jgit.ssh.apache.agent. As always, these bundles may not work with other versions of Apache MINA sshd because of possible incompatible upstream API changes.
- Affected JGit bundles:
- Logging: JGit only uses
org.slf4j.api, version 1.7.30. The tests and the command-line program from
org.eclipse.jgit.pgmnow use the
org.slf4j.binding.simplelogging back-end; log4j has been removed. (Previously, JGit used log4j 1.2.15 in tests and in the command-line program: i.e., the old log4j, not the newer log4j2.)
The (optional) bundle
org.eclipse.jgit.ssh.apache.agent newly also supports communicating with the SSH agent of Microsoft's port of OpenSSH, Win32-OpenSSH, via a Windows named pipe.
org.eclipse.jgit.ssh.apache fully implements the SSH configuration properties IdentityAgent and AddKeysToAgent.
SSH Agent Support on Linux, OS X, BSD
On Linux, OS X, and BSD, the only agent communication mechanism supported is the usual communication via a Unix domain socket. This is the only protocol the OpenSSH SSH agent supports. A Unix domain socket appears as a special file in the file system; this file name is typically available in the environment variable SSH_AUTH_SOCK.
The SSH config IdentityAgent can be set to this socket filename to specify exactly which Unix domain socket to use, or it can be set to SSH_AUTH_SOCK to use the value from that environment variable. If IdentityAgent is not set at all, JGit uses SSH_AUTH_SOCK by default. If the variable is not set, no SSH agent will be used. IdentityAgent can also be set to none to not use any SSH agent.
SSH Agent Support on Windows
On Windows, two different agent communication mechanisms are supported:
- A transport over a Windows named pipe. This is used by Win32-OpenSSH, and is available for Pageant since version 0.75.
- A Pageant-specific legacy transport via shared memory; useful for Pageant and GPG's gpg-agent.
Possible settings of IdentityAgent to select a particular transport are
- //./pipe/openssh-ssh-agent: the Windows named pipe of Win32-OpenSSH.
- //./pageant: the shared-memory mechanism of Pageant (can also be used for gpg-agent).
- none: do not use any SSH agent.
- //./pipe/<any_valid_pipe_name>: use a specific Windows named pipe.
The default transport on Windows if IdentityAgent is not set at all is the Pageant shared-memory transport. Environment variable SSH_AUTH_SOCK needs not be set for Pageant, and must not be set for Win32-OpenSSH.
Neither Pageant (as of version 0.76) nor Win32-OpenSSH (as of version 8.6) support the confirm or lifetime constraints for AddKeysToAgent. Do not use these configurations on Windows with these agents. gpg-agent apparently does support these settings.
To use gpg-agent, choose the Pageant shared memory communication, and run gpg-agent with option enable-putty-support.
The complete list of new features and bug fixes is available in the release notes.
The following 20 developers worked on this release:
Alina Djamankulova, Andre Bossert, Antonio Barone, Darius Jokilehto, David Ostrovsky, Fabio Ponciroli, Han-Wen Nienhuys, Ivan Frade, Kaushik Lingarkar, Kyle Zhao, Luca Milanesio, Marcin Czech, Matthias Fromme, Matthias Sohn, Nail Samatov, Nasser Grainawi, Rolf Theunissen, Sebastian Schuberth, Simeon Andreev, Thomas Wolf