search

eclipse-jgit / jgit

JGit, the Java implementation of git
https://www.eclipse.org/jgit/
Other
92 stars 31 forks source link

Use mwiede/jsch fork of jsch #47

Closed schmidti159 closed 1 month ago

schmidti159 commented 3 months ago

Description

com.jcraft:jsch is effectively dead (last release from november 2018), but there is an actively maintained fork: https://github.com/mwiede/jsch.

Please consider switching to this fork.

Motivation

As jcraft:jsch is not maintained any more, it will not receive any new encryption ciphers and will continue to support outdated potentially insecure ciphers.

Alternatives considered

No response

Additional context

I stumbled upon this whole situation when I wanted to connect to a git server using a ssh url and it did not work because I used a newer open ssh version to generate my private key.

The new fork does not support this new format as well, but there is at least an issue for it: https://github.com/mwiede/jsch/issues/31

miurahr commented 2 months ago

Because jgit project have already moved to switch ssh library to apache-mina-sshd, I think it is no active reason for jgit project to work for it. You can use mwiede/jsch with your own risk by configuring your software project, for example in Gradle, 

        implementation 'org.eclipse.jgit:org.eclipse.jgit:5.13.1.202206130422-r'
        // Original JSch is unmaintained and dead, so we use forked version, mwiede/jsch
        // to fix BUGS#1075, and to support elliptic curve ciphers and improved ssh agent
        implementation 'com.github.mwiede:jsch:0.2.3'
        // https://mvnrepository.com/artifact/org.eclipse.jgit/org.eclipse.jgit.ssh.jsch
        implementation ('org.eclipse.jgit:org.eclipse.jgit.ssh.jsch:5.13.1.202206130422-r') {
            exclude module: 'jsch'
        }

It works well at least in version 5.13.1.

schmidti159 commented 1 month ago

Thanks for the update.