Closed schmidti159 closed 1 month ago
Because jgit project have already moved to switch ssh library to apache-mina-sshd
, I think it is no active reason for jgit project to work for it. You can use mwiede/jsch
with your own risk by configuring your software project, for example in Gradle,
implementation 'org.eclipse.jgit:org.eclipse.jgit:5.13.1.202206130422-r'
// Original JSch is unmaintained and dead, so we use forked version, mwiede/jsch
// to fix BUGS#1075, and to support elliptic curve ciphers and improved ssh agent
implementation 'com.github.mwiede:jsch:0.2.3'
// https://mvnrepository.com/artifact/org.eclipse.jgit/org.eclipse.jgit.ssh.jsch
implementation ('org.eclipse.jgit:org.eclipse.jgit.ssh.jsch:5.13.1.202206130422-r') {
exclude module: 'jsch'
}
It works well at least in version 5.13.1.
Thanks for the update.
Description
com.jcraft:jsch is effectively dead (last release from november 2018), but there is an actively maintained fork: https://github.com/mwiede/jsch.
Please consider switching to this fork.
Motivation
As jcraft:jsch is not maintained any more, it will not receive any new encryption ciphers and will continue to support outdated potentially insecure ciphers.
Alternatives considered
No response
Additional context
I stumbled upon this whole situation when I wanted to connect to a git server using a ssh url and it did not work because I used a newer open ssh version to generate my private key.
The new fork does not support this new format as well, but there is at least an issue for it: https://github.com/mwiede/jsch/issues/31