StrictHostKeyChecking property allows to specify ssh behavior
when ssh client encounters a new host or a change of the host key.
Thus in addition to the default policy "ask", it is now possible to specify
"yes" and "no" policies that automatically reject and accept new host
keys.
Signed-off-by: Constantine Plotnikov <constantine.plotnikov@xxxxxxxxx>
---
This patch is needed for running JGit in the application server context.
The property allows suppressing appearance of known hosts message box
that does not makes sense in this context.
I'm working on more extensive patch that allows more flexible
configuration of SSH, but this is a minimal change required.
.../jgit/transport/DefaultSshSessionFactory.java | 4 +++-
.../org/spearce/jgit/transport/OpenSshConfig.java | 19 +++++++++++++++++++
2 files changed, 22 insertions(+), 1 deletions(-)
diff --git a/org.spearce.jgit/src/org/spearce/jgit/transport/DefaultSshSessionFactory.java
b/org.spearce.jgit/src/org/spearce/jgit/transport/DefaultSshSessionFactory.java
index 0d522df..c9050fa 100644
--- a/org.spearce.jgit/src/org/spearce/jgit/transport/DefaultSshSessionFactory.java
+++ b/org.spearce.jgit/src/org/spearce/jgit/transport/DefaultSshSessionFactory.java
@@ -103,7 +103,9 @@ public synchronized Session getSession(String
user, String pass,
session.setPassword(pass);
else if (!hc.isBatchMode())
session.setUserInfo(new AWT_UserInfo());
-
+ final String strictHostKeyCheckingPolicy = hc.getStrictHostKeyChecking();
+ if (strictHostKeyCheckingPolicy != null)
+ session.setConfig("StrictHostKeyChecking", strictHostKeyCheckingPolicy);
final String pauth = hc.getPreferredAuthentications();
if (pauth != null)
session.setConfig("PreferredAuthentications", pauth);
diff --git a/org.spearce.jgit/src/org/spearce/jgit/transport/OpenSshConfig.java
b/org.spearce.jgit/src/org/spearce/jgit/transport/OpenSshConfig.java
index 0d9f12f..eadcfd0 100644
--- a/org.spearce.jgit/src/org/spearce/jgit/transport/OpenSshConfig.java
+++ b/org.spearce.jgit/src/org/spearce/jgit/transport/OpenSshConfig.java
@@ -221,6 +221,11 @@ public Host lookup(final String hostName) {
for (final Host c : current)
if (c.batchMode == null)
c.batchMode = yesno(dequote(argValue));
+ } else if ("StrictHostKeyChecking".equalsIgnoreCase(keyword)) {
+ String value = dequote(argValue);
+ for (final Host c : current)
+ if (c.strictHostKeyChecking == null)
+ c.strictHostKeyChecking = value;
}
}
@@ -298,6 +303,8 @@ private File toFile(final String path) {
Boolean batchMode;
+ String strictHostKeyChecking;
+
void copyFrom(final Host src) {
if (hostName == null)
hostName = src.hostName;
@@ -311,9 +318,21 @@ void copyFrom(final Host src) {
preferredAuthentications = src.preferredAuthentications;
if (batchMode == null)
batchMode = src.batchMode;
+ if (strictHostKeyChecking == null)
+ strictHostKeyChecking = src.strictHostKeyChecking;
}
/**
+ * @return the value StrictHostKeyChecking property, the valid values
+ * are "yes" (unknown hosts are not accepted), "no" (unknown
+ * hosts are always accepted), and "ask" (user should be asked
+ * before accepting the host)
+ */
+ public String getStrictHostKeyChecking() {
+ return strictHostKeyChecking;
+ }
+
+ /**
* @return the real IP address or host name to connect to; never null.
*/
public String getHostName() {
--
1.6.0.2.1172.ga5ed0
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html