Skip to content

Commit 4af2be1

Browse files
committed
fix(ssh): add support for modern SSH key algorithms
- Added support for ed25519 and rsa-sha2 SSH deploy keys - Verified locally that connections now work using the new SSH key algorithms supported by GitHub - Built Docker image and tested it on existing ECR - Verified by deploying to current ECS cluster, replacing old image with the freshly built one Fix #607
1 parent d228ab6 commit 4af2be1

5 files changed

Lines changed: 88 additions & 1 deletion

File tree

.dockerignore

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
1-
target
1+
#target
22
node_modules

Dockerfile

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
FROM eclipse-temurin:11-jre-focal
2+
VOLUME /tmp
3+
COPY target/*.jar app.jar
4+
ENTRYPOINT ["java","-jar","/app.jar"]

jgit-dependency.xml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
<dependency>
2+
<groupId>org.eclipse.jgit</groupId>
3+
<artifactId>org.eclipse.jgit</artifactId>
4+
<version>5.13.1.202206130422-r</version>
5+
<scope>runtime</scope>
6+
</dependency>

pom.xml

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,7 @@
5050
<spring-boot.version>2.7.3</spring-boot.version>
5151
<archunit-junit5.version>0.22.0</archunit-junit5.version>
5252
<mapstruct.version>1.5.2.Final</mapstruct.version>
53+
<jgit.version>5.13.1.202206130422-r</jgit.version>
5354
<!-- Plugin versions -->
5455
<maven-clean-plugin.version>3.2.0</maven-clean-plugin.version>
5556
<maven-site-plugin.version>3.12.1</maven-site-plugin.version>
@@ -79,6 +80,7 @@
7980
<properties-maven-plugin.version>1.1.0</properties-maven-plugin.version>
8081
<sonar-maven-plugin.version>3.9.1.2184</sonar-maven-plugin.version>
8182
<!-- jhipster-needle-maven-property -->
83+
<spring-cloud.version>2021.0.8</spring-cloud.version>
8284
</properties>
8385

8486
<dependencyManagement>
@@ -90,6 +92,21 @@
9092
<type>pom</type>
9193
<scope>import</scope>
9294
</dependency>
95+
<dependency>
96+
<groupId>org.springframework.cloud</groupId>
97+
<artifactId>spring-cloud-context</artifactId>
98+
<version>3.1.8</version>
99+
</dependency>
100+
<dependency>
101+
<groupId>org.springframework.cloud</groupId>
102+
<artifactId>spring-cloud-config-server</artifactId>
103+
<version>3.1.8</version>
104+
</dependency>
105+
<dependency>
106+
<groupId>org.springframework.cloud</groupId>
107+
<artifactId>spring-cloud-starter-config</artifactId>
108+
<version>3.1.8</version>
109+
</dependency>
93110
<!-- jhipster-needle-maven-add-dependency-management -->
94111
</dependencies>
95112
</dependencyManagement>
@@ -253,6 +270,21 @@
253270
<groupId>org.springframework.cloud</groupId>
254271
<artifactId>spring-cloud-config-server</artifactId>
255272
</dependency>
273+
<dependency>
274+
<groupId>org.eclipse.jgit</groupId>
275+
<artifactId>org.eclipse.jgit</artifactId>
276+
<version>${jgit.version}</version>
277+
</dependency>
278+
<dependency>
279+
<groupId>org.eclipse.jgit</groupId>
280+
<artifactId>org.eclipse.jgit.http.apache</artifactId>
281+
<version>${jgit.version}</version>
282+
</dependency>
283+
<dependency>
284+
<groupId>org.eclipse.jgit</groupId>
285+
<artifactId>org.eclipse.jgit.ssh.apache</artifactId>
286+
<version>${jgit.version}</version>
287+
</dependency>
256288
<dependency>
257289
<groupId>io.micrometer</groupId>
258290
<artifactId>micrometer-registry-prometheus</artifactId>
Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
package tech.jhipster.registry.config;
2+
3+
import javax.annotation.PostConstruct;
4+
import javax.annotation.PreDestroy;
5+
import org.eclipse.jgit.transport.SshSessionFactory;
6+
import org.eclipse.jgit.transport.sshd.DefaultProxyDataFactory;
7+
import org.eclipse.jgit.transport.sshd.JGitKeyCache;
8+
import org.eclipse.jgit.transport.sshd.KeyCache;
9+
import org.eclipse.jgit.transport.sshd.SshdSessionFactory;
10+
import org.eclipse.jgit.transport.sshd.SshdSessionFactoryBuilder;
11+
import org.slf4j.Logger;
12+
import org.slf4j.LoggerFactory;
13+
import org.springframework.context.annotation.Configuration;
14+
15+
/**
16+
* Configures JGit to use the Apache MINA based SSH implementation so modern key algorithms are supported.
17+
*/
18+
@Configuration
19+
public class JGitSshConfiguration {
20+
21+
private static final Logger log = LoggerFactory.getLogger(JGitSshConfiguration.class);
22+
23+
private final KeyCache keyCache = new JGitKeyCache();
24+
25+
@PostConstruct
26+
void configureSshClient() {
27+
SshSessionFactory currentFactory = SshSessionFactory.getInstance();
28+
if (currentFactory instanceof SshdSessionFactory) {
29+
log.debug("JGit already uses Apache MINA SSHD session factory");
30+
return;
31+
}
32+
33+
SshdSessionFactory sshdSessionFactory = new SshdSessionFactoryBuilder()
34+
.setProxyDataFactory(new DefaultProxyDataFactory())
35+
.build(keyCache);
36+
37+
SshSessionFactory.setInstance(sshdSessionFactory);
38+
log.info("Configured JGit to use Apache MINA SSHD for SSH connections");
39+
}
40+
41+
@PreDestroy
42+
void shutdownSshClient() {
43+
keyCache.close();
44+
}
45+
}

0 commit comments

Comments
 (0)