JGit/New and Noteworthy/5.2
New SSH Bundle
There is a new bundle
org.eclipse.jgit.ssh.apache that implements a new SSH session factory based on Apache MINA sshd. It's available as maven artifact
The default SSH session factory used for fetching and pushing with git via SSH is still based on the JSch 0.1.54 library. To use the new implementation based on Apache MINA sshd, include the new artifact in your dependencies, and install a new
org.eclipse.jgit.ssh.apache.SshdSessionFactory. Example usages can be found in JGit in
org.eclipse.jgit.pgm.TextBuiltin.execute() and in EGit
The bundle requires Apache MINA sshd 2.0.0. Because the upstream interfaces of sshd change in later versions it will not work with sshd versions >= 2.1.0. We plan to move to sshd 2.2.0 once that is released; hopefully in time for the next JGit release 5.3.0.
Benefits of the new SSH implementation are that more kinds of SSH keys work: ECDSA-384 and ECDSA-521 keys work, and ed25519 keys now also work! It also properly reads private key files generated by modern OpenSSH (or older OpenSSH
ssh-keygen -o), if they are not password-protected. Encrypted new-style OpenSSH private keys are not supported by Apache MINA sshd yet. Keys in the older PEM format are read fine.
- Supported authentication mechanisms: gssapi-with-mic, publickey, password, keyboard-interactive.
- Supported private keys: DSA, RSA, ECDSA (256, 384, and 521 bits), ed25519.
- Supported proxy types: SOCKS5 and HTTP, with anonymous access or GSSAPI or username-password (Basic) authentication.
There is no support yet for ssh-agent or for Pageant with the new SSH library.
The previously existing mechanism for using an external SSH executable by setting the
GIT_SSH environment variable is still available.
Support for reading encrypted OpenSSH keys is on the roadmap for the next JGit 5.3.0 release.
Using this new bundle is completely optional; the core JGit
org.eclipse.jgit bundle has no dependencies on it.
New Command-Line Option
The JGit command-line tools have a new command-line option to select the SSH library to use:
- --ssh (jsch|apache)
- Selects the SSH library.
jschis the default and makes the commands use the old JSch library.
apacheselects the new Apache MINA sshd implementation.
Find the complete list of new features and bug fixes in the release notes.
The following 18 developers worked on this release:
Christian Halstrick, Dave Borowitz, David Ostrovsky, David Pursehouse, Gunnar Wagenknecht, Han-Wen Nienhuys, Ivan Frade, Jonathan Nieder, Jonathan Tan, Marc Strapetz, Markus Keller, Masaya Suzuki, Matthias Sohn, Michael Keppler, Minh Thai, Ned Twigg, René Scheibe, and Thomas Wolf.