Community
Participate
Working Groups
See also bug 179924. The main problem is that this will need native code to access a unix domain socket. Apache MINA sshd uses Tomcat APR for this.
See also bug 541275 for Pageant support on Windows.
Further references about the agent support in Mina SSHD: https://github.com/apache/mina-sshd#proxy-agent. The actual code which leverages Tomcat APR is at https://github.com/apache/mina-sshd/blob/52b8553db683514ba65a3e8b482cc1ef760091cc/sshd-core/src/main/java/org/apache/sshd/agent/unix/AgentClient.java#L62.
I think with Java 16 there should be SSH Agent client support possible without a native code dependency (thanks for https://openjdk.java.net/jeps/380). I opened https://issues.apache.org/jira/browse/SSHD-1139 for that.
I have a prototype using JNA for this. Needs more (manual) testing, though.
Basic support added in https://git.eclipse.org/r/c/jgit/jgit/+/186859 . Limitations: * ssh config AddKeysToAgent is not supported yet. * ssh config IdentityAgent is not supported yet. * Agent keys are not used at all when "IdentitiesOnly yes" is set. * No integration with native keystore (on Mac, ssh config UseKeychain) The first three will be done properly once Apache MINA sshd 2.8.0 is released. We need upstream improvements for this. For now, use of agent keys is suppressed with "IdentitiesOnly yes" instead of "IdentityAgent none". Keychain integration is a long way off.
Any chance for a backport to 5.13? I would like to leverage that for Maven SCM.
Not from my side. 1. JGit 5.13 is in maintenance mode; it gets critical bug and performance fixes, but not completely new features. 2. JGit 5.13 uses Apache MINA sshd 2.7.0, which means AddKeysToAgent and IdentityAgent cannot be supported properly.
To tie up a loose end here: OS X keychain integration is not doable. Technically it would be possible, but it'll fail on security policy grounds. See bug 577078 comment 3.