Merge pull request #119 from mwiede/dottwo

Dottwo Integration

.github/workflows/maven.yml

@@ -41,7 +41,7 @@ jobs:
         java-version: ${{ matrix.java }}
         check-latest: true
     - name: Test with Maven
-      run: mvn -B -P coverage verify -Denforcer.skip=true -DskipITs=false --file pom.xml
+      run: mvn -B -P coverage verify -Denforcer.skip=true -Dmaven.resources.skip=true -Dmaven.main.skip=true -Dassembly.skipAssembly=true -Dmaven.javadoc.skip=true -DskipITs=false --file pom.xml
     - uses: actions/upload-artifact@v2
       with:
         name: java-${{ matrix.java }}-testresults

.gitignore

@@ -1,6 +1,7 @@
 # IDE files #
 *.geany
 nb-configuration.xml
+.flattened-pom.xml
 
 # Created by https://www.toptal.com/developers/gitignore/api/intellij+all,netbeans,eclipse,visualstudiocode,vim,emacs,macos,windows,linux,java,maven
 # Edit at https://www.toptal.com/developers/gitignore?templates=intellij+all,netbeans,eclipse,visualstudiocode,vim,emacs,macos,windows,linux,java,maven

ChangeLog.md

@@ -1,3 +1,16 @@
+* [0.2.0](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.0)
+  * Disable RSA/SHA1 signature algorithm by default [#75](https://github.com/mwiede/jsch/issues/75)
+  * Add basic Logger implementations that can be optionally utilized with `JSch.setLogger()`:
+    * JulLogger, using `java.util.logging.Logger`
+    * JplLogger, using [Java 9's JEP 264](https://openjdk.java.net/jeps/264)
+    * Log4j2Logger, using [Apache Log4j 2](https://logging.apache.org/log4j/2.x/)
+    * Slf4jLogger, using [SLF4J](https://www.slf4j.org/)
+  * Fix client version to be compliant with [RFC 4253 section 4.2](https://datatracker.ietf.org/doc/html/rfc4253#section-4.2) by not including minus sign characters [#115](https://github.com/mwiede/jsch/issues/115)
+  * Add `java.util.zip` based compression implementation [#114](https://github.com/mwiede/jsch/issues/114)
+    * This is based upon the [CompressionJUZ implementation](http://www.jcraft.com/jsch/examples/CompressionJUZ.java) posted to the [JSch-users mailing list](https://sourceforge.net/p/jsch/mailman/jsch-users/thread/201202031343.WAA19979%40jcraft.com/#msg28781313) in 2012 by the original JSch author
+    * The existing JZlib implementation remains the default to maintain strict [RFC 4253 section 6.2](https://datatracker.ietf.org/doc/html/rfc4253#section-6.2) compliance
+      * To use the new implementation globally, execute `JSch.setConfig("zlib@openssh.com", "com.jcraft.jsch.juz.Compression")` + `JSch.setConfig("zlib", "com.jcraft.jsch.juz.Compression")`
+      * To use the new implementation per session, execute `session.setConfig("zlib@openssh.com", "com.jcraft.jsch.juz.Compression")` + `session.setConfig("zlib", "com.jcraft.jsch.juz.Compression")`
 * [0.1.72](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.72)
   * Switch chacha20-poly1305@<!-- -->openssh.com algorithm to a pure [Bouncy Castle](https://www.bouncycastle.org/java.html) based implementation
   * implement openssh config behavior to handle append, prepend and removal of algorithms [#104](https://github.com/mwiede/jsch/pull/104) 

Readme.md

@@ -67,6 +67,16 @@ As I explained in a [blog post](http://www.matez.de/index.php/2020/06/22/the-fut
     * In order to use chacha20-poly1305@<!-- -->openssh.com, you must add [Bouncy Castle](https://www.bouncycastle.org/java.html) (bcprov-jdk15on) to the classpath.
   * As of the [0.1.66](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.66) release, these algorithms can now be used with older Java releases if [Bouncy Castle](https://www.bouncycastle.org/java.html) (bcprov-jdk15on) is added to the classpath.
     * As of the [0.1.72](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.72) release, chacha20-poly1305@<!-- -->openssh.com can only be used if [Bouncy Castle](https://www.bouncycastle.org/java.html) (bcprov-jdk15on) is added to the classpath.
+* Why do ssh-rsa type keys not work with this JSch fork and my server?
+  * As of the [0.2.0](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.0) release, the RSA/SHA1 signature algorithm is disabled by default.
+    * SHA1 is no longer considered secure by the general cryptographic community and this JSch fork strives to maintain secure choices for default algorithms that it will utilize.
+    * This also follows the lead of the OpenSSH project in which they disabled RSA/SHA1 signatures by default as of [OpenSSH release 8.8](https://www.openssh.com/txt/release-8.8).
+  * ssh-rsa type keys continue to function by default with the RSA/SHA256 (rsa-sha2-256) & RSA/SHA512 (rsa-sha2-512) signature algorithms defined by (RFC 8332)[https://datatracker.ietf.org/doc/html/rfc8332].
+  * If your server only supports RSA/SHA1 signatures and you require their use in your application, then you will need to manually reenable them by one of the following means:
+    * Globally by adding "ssh-rsa" to the `jsch.server_host_key` + `jsch.client_pubkey` properties.
+    * Globally by executing something similar to `JSch.setConfig("server_host_key", JSch.getConfig("server_host_key") + ",ssh-rsa")` + `JSch.setConfig("PubkeyAcceptedAlgorithms", JSch.getConfig("PubkeyAcceptedAlgorithms") + ",ssh-rsa")`.
+    * On a per-session basis by executing something similar to `session.setConfig("server_host_key", session.getConfig("server_host_key") + ",ssh-rsa")` + `session.setConfig("PubkeyAcceptedAlgorithms", session.getConfig("PubkeyAcceptedAlgorithms") + ",ssh-rsa")`.
+    * Adding "ssh-rsa" to your OpenSSH type config file with the "HostKeyAlgorithms" + "PubkeyAcceptedAlgorithms" keywords & then utilizing the `OpenSSHConfig` class.
 
 ## Changes since fork:
 See [ChangeLog.md](ChangeLog.md)

examples/AES.java

@@ -137,7 +137,7 @@ public String[] promptKeyboardInteractive(String destination,
         for(int i=0; i<prompt.length; i++){
           response[i]=texts[i].getText();
         }
-	return response;
+        return response;
       }
       else{
         return null;  // cancel

examples/ChangePassphrase.java

@@ -31,33 +31,33 @@ public static void main(String[] arg){
 
       String passphrase="";
       while(kpair.isEncrypted()){
-	JTextField passphraseField=(JTextField)new JPasswordField(20);
-	Object[] ob={passphraseField};
-	int result=JOptionPane.showConfirmDialog(null, ob, 
-						 "Enter passphrase for "+pkey,
-						 JOptionPane.OK_CANCEL_OPTION);
-	if(result!=JOptionPane.OK_OPTION){
-	  System.exit(-1);
-	}
-	passphrase=passphraseField.getText();
-	if(!kpair.decrypt(passphrase)){
-	  System.out.println("failed to decrypt "+pkey);
-	}
-	else{
-	  System.out.println(pkey+" is decrypted.");
-	}
+        JTextField passphraseField=(JTextField)new JPasswordField(20);
+        Object[] ob={passphraseField};
+        int result=JOptionPane.showConfirmDialog(null, ob, 
+                                                 "Enter passphrase for "+pkey,
+                                                 JOptionPane.OK_CANCEL_OPTION);
+        if(result!=JOptionPane.OK_OPTION){
+          System.exit(-1);
+        }
+        passphrase=passphraseField.getText();
+        if(!kpair.decrypt(passphrase)){
+          System.out.println("failed to decrypt "+pkey);
+        }
+        else{
+          System.out.println(pkey+" is decrypted.");
+        }
       }
 
       passphrase="";
 
       JTextField passphraseField=(JTextField)new JPasswordField(20);
       Object[] ob={passphraseField};
       int result=JOptionPane.showConfirmDialog(null, ob, 
-					       "Enter new passphrase for "+pkey+
-					       " (empty for no passphrase)",
-					       JOptionPane.OK_CANCEL_OPTION);
+                                               "Enter new passphrase for "+pkey+
+                                               " (empty for no passphrase)",
+                                               JOptionPane.OK_CANCEL_OPTION);
       if(result!=JOptionPane.OK_OPTION){
-	System.exit(-1);
+        System.exit(-1);
       }
       passphrase=passphraseField.getText();
 

examples/Compression.java

@@ -75,11 +75,11 @@ public boolean promptYesNo(String str){
     public boolean promptPassword(String message){
       Object[] ob={passwordField}; 
       int result=
-	  JOptionPane.showConfirmDialog(null, ob, message,
-					JOptionPane.OK_CANCEL_OPTION);
+          JOptionPane.showConfirmDialog(null, ob, message,
+                                        JOptionPane.OK_CANCEL_OPTION);
       if(result==JOptionPane.OK_OPTION){
-	passwd=passwordField.getText();
-	return true;
+        passwd=passwordField.getText();
+        return true;
       }
       else{ return false; }
     }
@@ -137,7 +137,7 @@ public String[] promptKeyboardInteractive(String destination,
         for(int i=0; i<prompt.length; i++){
           response[i]=texts[i].getText();
         }
-	return response;
+        return response;
       }
       else{
         return null;  // cancel

examples/Daemon.java

@@ -165,7 +165,7 @@ public String[] promptKeyboardInteractive(String destination,
         for(int i=0; i<prompt.length; i++){
           response[i]=texts[i].getText();
         }
-	return response;
+        return response;
       }
       else{
         return null;  // cancel

examples/Exec.java

@@ -177,7 +177,7 @@ public String[] promptKeyboardInteractive(String destination,
         for(int i=0; i<prompt.length; i++){
           response[i]=texts[i].getText();
         }
-	return response;
+        return response;
       }
       else{
         return null;  // cancel

examples/KeyGen.java

@@ -61,7 +61,7 @@ else if(_type.equals("ecdsa-sha2-nistp521")){
     Object[] ob={passphraseField};
     int result=
       JOptionPane.showConfirmDialog(null, ob, "Enter passphrase (empty for no passphrase)",
-				    JOptionPane.OK_CANCEL_OPTION);
+                                    JOptionPane.OK_CANCEL_OPTION);
     if(result==JOptionPane.OK_OPTION){
       passphrase=passphraseField.getText();
     }

examples/KnownHosts.java

@@ -25,21 +25,21 @@ public static void main(String[] arg){
       int returnVal=chooser.showOpenDialog(null);
       if(returnVal==JFileChooser.APPROVE_OPTION) {
         System.out.println("You chose "+
-			   chooser.getSelectedFile().getAbsolutePath()+".");
-	jsch.setKnownHosts(chooser.getSelectedFile().getAbsolutePath());
+                           chooser.getSelectedFile().getAbsolutePath()+".");
+        jsch.setKnownHosts(chooser.getSelectedFile().getAbsolutePath());
       }
 
       HostKeyRepository hkr=jsch.getHostKeyRepository();
       HostKey[] hks=hkr.getHostKey();
       if(hks!=null){
-	System.out.println("Host keys in "+hkr.getKnownHostsRepositoryID());
-	for(int i=0; i<hks.length; i++){
-	  HostKey hk=hks[i];
-	  System.out.println(hk.getHost()+" "+
-			     hk.getType()+" "+
-			     hk.getFingerPrint(jsch));
-	}
-	System.out.println("");
+        System.out.println("Host keys in "+hkr.getKnownHostsRepositoryID());
+        for(int i=0; i<hks.length; i++){
+          HostKey hk=hks[i];
+          System.out.println(hk.getHost()+" "+
+                             hk.getType()+" "+
+                             hk.getFingerPrint(jsch));
+        }
+        System.out.println("");
       }
 
       String host=null;
@@ -68,11 +68,11 @@ public static void main(String[] arg){
       session.connect();
 
       {
-	HostKey hk=session.getHostKey();
-	System.out.println("HostKey: "+
-			   hk.getHost()+" "+
-			   hk.getType()+" "+
-			   hk.getFingerPrint(jsch));
+        HostKey hk=session.getHostKey();
+        System.out.println("HostKey: "+
+                           hk.getHost()+" "+
+                           hk.getType()+" "+
+                           hk.getFingerPrint(jsch));
       }
 
       Channel channel=session.openChannel("shell");
@@ -108,11 +108,11 @@ public boolean promptYesNo(String str){
     public boolean promptPassword(String message){
       Object[] ob={passwordField}; 
       int result=
-	  JOptionPane.showConfirmDialog(null, ob, message,
-					JOptionPane.OK_CANCEL_OPTION);
+          JOptionPane.showConfirmDialog(null, ob, message,
+                                        JOptionPane.OK_CANCEL_OPTION);
       if(result==JOptionPane.OK_OPTION){
-	passwd=passwordField.getText();
-	return true;
+        passwd=passwordField.getText();
+        return true;
       }
       else{ return false; }
     }
@@ -170,7 +170,7 @@ public String[] promptKeyboardInteractive(String destination,
         for(int i=0; i<prompt.length; i++){
           response[i]=texts[i].getText();
         }
-	return response;
+        return response;
       }
       else{
         return null;  // cancel

examples/Logger.java

@@ -148,7 +148,7 @@ public String[] promptKeyboardInteractive(String destination,
         for(int i=0; i<prompt.length; i++){
           response[i]=texts[i].getText();
         }
-	return response;
+        return response;
       }
       else{
         return null;  // cancel

examples/PortForwardingL.java

@@ -39,7 +39,7 @@ public static void main(String[] arg){
       Session session=jsch.getSession(user, host, 22);
 
       String foo=JOptionPane.showInputDialog("Enter -L port:host:hostport",
-					     "port:host:hostport");
+                                             "port:host:hostport");
       lport=Integer.parseInt(foo.substring(0, foo.indexOf(':')));
       foo=foo.substring(foo.indexOf(':')+1);
       rhost=foo.substring(0, foo.indexOf(':'));
@@ -83,11 +83,11 @@ public boolean promptYesNo(String str){
     public boolean promptPassword(String message){
       Object[] ob={passwordField}; 
       int result=
-	  JOptionPane.showConfirmDialog(null, ob, message,
-					JOptionPane.OK_CANCEL_OPTION);
+          JOptionPane.showConfirmDialog(null, ob, message,
+                                        JOptionPane.OK_CANCEL_OPTION);
       if(result==JOptionPane.OK_OPTION){
-	passwd=passwordField.getText();
-	return true;
+        passwd=passwordField.getText();
+        return true;
       }
       else{ return false; }
     }
@@ -145,7 +145,7 @@ public String[] promptKeyboardInteractive(String destination,
         for(int i=0; i<prompt.length; i++){
           response[i]=texts[i].getText();
         }
-	return response;
+        return response;
       }
       else{
         return null;  // cancel

examples/PortForwardingR.java

@@ -39,7 +39,7 @@ public static void main(String[] arg){
       Session session=jsch.getSession(user, host, 22);
 
       String foo=JOptionPane.showInputDialog("Enter -R port:host:hostport", 
-					     "port:host:hostport");
+                                             "port:host:hostport");
       rport=Integer.parseInt(foo.substring(0, foo.indexOf(':')));
       foo=foo.substring(foo.indexOf(':')+1);
       lhost=foo.substring(0, foo.indexOf(':'));
@@ -84,11 +84,11 @@ public boolean promptYesNo(String str){
     public boolean promptPassword(String message){
       Object[] ob={passwordField}; 
       int result=
-	  JOptionPane.showConfirmDialog(null, ob, message,
-					JOptionPane.OK_CANCEL_OPTION);
+          JOptionPane.showConfirmDialog(null, ob, message,
+                                        JOptionPane.OK_CANCEL_OPTION);
       if(result==JOptionPane.OK_OPTION){
-	passwd=passwordField.getText();
-	return true;
+        passwd=passwordField.getText();
+        return true;
       }
       else{ return false; }
     }
@@ -146,7 +146,7 @@ public String[] promptKeyboardInteractive(String destination,
         for(int i=0; i<prompt.length; i++){
           response[i]=texts[i].getText();
         }
-	return response;
+        return response;
       }
       else{
         return null;  // cancel