Ken Swanson created NIFIREG-346:
-----------------------------------
Summary: Update JGit to use Apache MINA sshd
Key: NIFIREG-346
URL: https://issues.apache.org/jira/browse/NIFIREG-346
Project: NiFi Registry
Issue Type: Wish
Reporter: Ken Swanson
I mentioned this earlier in the Slack, but I didn't get around to making this
issue until now.
The current NiFi registry uses JGit to control Git functionality, specifically
(to my concern) to implement the `GitFlowPersistenceProvider` functionality.
When using JGit, it is using the default setup of JGit, and by default JGit
uses the JSch library to implement the SSH Factory.
JSch is an older library, and as a consequence it does not interoperate with
some newer SSH protocols. Specifically, newer SSH keys (like ed25519) do not
appear to work with JSch.
There is an alternate, and newer, SSH library available to JGit: the Apache
MINA sshd library. Using the new library only requires creating a new
SshdSessionFactory. Details can be found here:
[https://wiki.eclipse.org/JGit/New_and_Noteworthy/5.2]
I'd like to suggest moving to use Apache MINA sshd in the NiFi Registry. I
recently had a problem with my registry where I wanted to use SSH keys to
commit back to a repo, and the registry could not access the repo due to the
underlying JSch library not being able to use the ed25519 keys. I was able to
get around this by setting the GIT_SSH environment variable, but I think it
would be a good idea to use the newer library.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
