ok/jj
1
0
Fork 0
forked from mirrors/jj

git: add support for SSH authentication with ed25519 or ed25519-sk

This makes it possible to use ed25519 and ed25519-sk keys by trying
them one at a time. However, it still fails if one of them is
password-protected; we don't try the next key in that case.
This commit is contained in:
Martin von Zweigbergk 2023-08-08 10:51:42 -07:00 committed by Martin von Zweigbergk
parent 1d2324ae5c
commit 56472297f0
3 changed files with 14 additions and 7 deletions

View file

@ -50,8 +50,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Fixed bugs
* SSH authentication could hang when ssh-agent couldn't be reached
* SSH authentication could hang when ssh-agent couldn't be reached
[#1970](https://github.com/martinvonz/jj/issues/1970)
* SSH authentication can now use ed25519 and ed25519-sk keys. They still need
to be password-less.
## [0.8.0] - 2023-07-09

View file

@ -593,10 +593,13 @@ fn decode_assuan_data(encoded: &str) -> Option<String> {
fn get_ssh_keys(_username: &str) -> Vec<PathBuf> {
let mut paths = vec![];
if let Ok(home_dir) = std::env::var("HOME") {
let key_path = Path::new(&home_dir).join(".ssh").join("id_rsa");
if key_path.is_file() {
tracing::info!(path = ?key_path, "found ssh key");
paths.push(key_path);
let ssh_dir = Path::new(&home_dir).join(".ssh");
for filename in ["id_ed25519_sk", "id_ed25519", "id_rsa"] {
let key_path = ssh_dir.join(filename);
if key_path.is_file() {
tracing::info!(path = ?key_path, "found ssh key");
paths.push(key_path);
}
}
}
if paths.is_empty() {

View file

@ -20,8 +20,9 @@ a comparison with Git, including how workflows are different, see the
you miss any particular configuration options.
* The configuration of remotes (`[remote "<name>"]`).
* `core.excludesFile`
* **Authentication: Partial.** Only `ssh-agent`, a password-less key file at
`~/.ssh/id_rsa` (and only at exactly that path), or a `credential.helper`.
* **Authentication: Partial.** Only `ssh-agent`, a password-less key (
only `~/.ssh/id_rsa`, `~/.ssh/id_ed25519` or `~/.ssh/id_ed25519_sk`), or
a `credential.helper`.
* **Branches: Yes.** You can read more about
[how branches work in Jujutsu](branches.md)
and [how they interoperate with Git](#branches).