NEW DATE! Bugzilla will undergo maintenance 2024-03-28 18h00 CET. Bugzilla will be placed in read-only mode at that time.

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 577053 - ssh: support config IdentityAgent
Summary: ssh: support config IdentityAgent
Status: RESOLVED FIXED
Alias: None
Product: JGit
Classification: Technology
Component: JGit (show other bugs)
Version: 6.0   Edit
Hardware: All All
: P3 enhancement (vote)
Target Milestone: 6.1   Edit
Assignee: Project Inbox CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on: 577542
Blocks:
  Show dependency tree
 
Reported: 2021-11-04 04:12 EDT by Thomas Wolf CLA
Modified: 2022-01-30 12:04 EST (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Wolf CLA 2021-11-04 04:12:57 EDT
A boolean yes/no setting controlling whether an SSH agent shall be used at all.

This can be implemented properly only once Apache MINA sshd 2.8.0 is released. Currently the framework is too opinionated to do this.
Comment 1 Thomas Wolf CLA 2021-11-11 06:56:28 EST
(In reply to Thomas Wolf from comment #0)
> A boolean yes/no setting controlling whether an SSH agent shall be used at
> all.

I must have been asleep when I wrote this. It's not a yes/no setting.

* 'none': don't use an agent.
* 'SSH_AUTH_SOCK': use environment variable SSH_AUTH_SOCK.
* otherwise (in OpenSSH): path to Unix socket file, with ~ and environment
  variable expansion.

For Windows, it makes sense to support additionally:

* 'pageant': use Pageant via its shared memory mechanism.
* '\\.\pipe\*' : use a windows named pipe instead of an AF_UNIX socket (this is
  used by Win32-OpenSSH, the Microsoft port of OpenSSH available on modern
  Windows.) Maybe even allow 'openssh' as a shorthand for the default named
  pipe Win32-OpenSSH uses: \\.\pipe\openssh-ssh-agent.

Note that on Windows, %SSH_AUTH_SOCK% _must not_ be set if Win32-OpenSSH is to be used. But that's a problem for the user, who has to set up his environment correctly. We might perhaps support 'SSH_AUTH_SOCK' to use a WinSocket2 AF_UNIX socket and try to talk to the git bash ssh-agent, even if the environment variable is not set.
Comment 2 Thomas Wolf CLA 2021-11-13 12:39:12 EST
Note: beware of backslash handling in OpenSSH config file parsing. It handles some backslash-escapes and collapes \\ to a single \. We might need to compensate for this, or users would need to do the escaping ("\\\\.\pipe\...") or use forward slashes on Windows. Also double-check what our "tilde expansion and relative filename" code does with a string starting with "\\" or "//": are these properly recognized as absolute (UNC) filenames on Windows and thus left unchanged?

(OpenSSH handles backslash as an escape only for \\, \', and \", and outside of strings delimited by " or ' also for \ followed by a blank. All other backslashes are left alone, so \foo remains unchanged.)
Comment 3 Eclipse Genie CLA 2022-01-07 04:49:53 EST
New Gerrit change created: https://git.eclipse.org/r/c/jgit/jgit/+/189372
Comment 4 Eclipse Genie CLA 2022-01-07 04:49:55 EST
New Gerrit change created: https://git.eclipse.org/r/c/jgit/jgit/+/189373
Comment 5 Eclipse Genie CLA 2022-01-07 04:50:07 EST
New Gerrit change created: https://git.eclipse.org/r/c/jgit/jgit/+/189375
Comment 6 Eclipse Genie CLA 2022-01-07 04:50:12 EST
New Gerrit change created: https://git.eclipse.org/r/c/jgit/jgit/+/189374
Comment 7 Eclipse Genie CLA 2022-01-23 12:20:56 EST
New Gerrit change created: https://git.eclipse.org/r/c/egit/egit/+/189924