Version
6.8.0.202311291450-r
Operating System
MacOS
Bug description
If JGit is configured to use a custom JschConfigSessionFactory to connect to a locally running ssh-agent instance via proxy like this:
val factory = object : JschConfigSessionFactory() {
@Throws(JSchException::class)
override fun createDefaultJSch(fs: FS): JSch {
val jsch: JSch = super.createDefaultJSch(fs)
if (SSHAgentConnector.isConnectorAvailable()) {
val factory = ConnectorFactory.getDefault()
val identityRepository = RemoteIdentityRepository(factory.createConnector())
jsch.identityRepository = identityRepository
}
return jsch
}
}
SshSessionFactory.setInstance(factory)then this RemoteIdentityRepository will not be used if the user who is running a program with JGit has a local .ssh/config file that contains one or more references to IdentityFiles:
IdentityFile ~/.ssh/id_first
IdentityFile ~/.ssh/id_second
The reason for that misbehavior is the following code in org.eclipse.jgit.transport.ssh.jsch.JschConfigSessionFactory with inline comments what's going on:
protected JSch getJSch(OpenSshConfig.Host hc, FS fs) throws JSchException {
if (defaultJSch == null) {
defaultJSch = createDefaultJSch(fs);
if (defaultJSch.getConfigRepository() == null) {
defaultJSch.setConfigRepository(
new JschBugFixingConfigRepository(config));
}
for (Object name : defaultJSch.getIdentityNames())
byIdentityFile.put((String) name, defaultJSch);
// ^^^ the identities coming from the agent are identified by their name (comment), e.g. "my-first-identity"
}
final File identityFile = hc.getIdentityFile();
// ^^^ here the first identity file from .ssh/config is returned, i.e. /absolute/path/to/.ssh/id_first
if (identityFile == null)
return defaultJSch;
// ^^^ no identity file, no problem, our JSch instance with the remote identity repository is used
final String identityKey = identityFile.getAbsolutePath();
JSch jsch = byIdentityFile.get(identityKey);
// ^^^ now that can never succeed, because the comment of the identity is of course unequal to the path of it's file
if (jsch == null) {
jsch = new JSch();
configureJSch(jsch);
if (jsch.getConfigRepository() == null) {
jsch.setConfigRepository(defaultJSch.getConfigRepository());
}
jsch.setHostKeyRepository(defaultJSch.getHostKeyRepository());
jsch.addIdentity(identityKey);
byIdentityFile.put(identityKey, jsch);
}
return jsch;
}Actual behavior
The overridden JSch instance is thrown away.
Expected behavior
The overriden JSch instance should take precedence.
Relevant log output
No response
Other information
No response
Version
6.8.0.202311291450-r
Operating System
MacOS
Bug description
If JGit is configured to use a custom
JschConfigSessionFactoryto connect to a locally runningssh-agentinstance via proxy like this:then this
RemoteIdentityRepositorywill not be used if the user who is running a program with JGit has a local.ssh/configfile that contains one or more references toIdentityFiles:The reason for that misbehavior is the following code in
org.eclipse.jgit.transport.ssh.jsch.JschConfigSessionFactorywith inline comments what's going on:Actual behavior
The overridden JSch instance is thrown away.
Expected behavior
The overriden JSch instance should take precedence.
Relevant log output
No response
Other information
No response