git: add support for SSH authentication with ed25519 or ed25519-sk

This makes it possible to use ed25519 and ed25519-sk keys by trying them one at a time. However, it still fails if one of them is password-protected; we don't try the next key in that case.
2024-09-20 18:29:49 +03:00 · 2023-08-08 10:51:42 -07:00 · 2023-08-08 10:51:42 -07:00 · 56472297f0
commit 56472297f0
parent 1d2324ae5c
3 changed files with 14 additions and 7 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -50,8 +50,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ### Fixed bugs

-* SSH authentication could hang when ssh-agent couldn't be reached 
+* SSH authentication could hang when ssh-agent couldn't be reached
  [#1970](https://github.com/martinvonz/jj/issues/1970)
+  
+* SSH authentication can now use ed25519 and ed25519-sk keys. They still need
+  to be password-less.

 ## [0.8.0] - 2023-07-09

--- a/cli/src/commands/git.rs
+++ b/cli/src/commands/git.rs
@ -593,10 +593,13 @@ fn decode_assuan_data(encoded: &str) -> Option<String> {
 fn get_ssh_keys(_username: &str) -> Vec<PathBuf> {
    let mut paths = vec![];
    if let Ok(home_dir) = std::env::var("HOME") {
-        let key_path = Path::new(&home_dir).join(".ssh").join("id_rsa");
-        if key_path.is_file() {
-            tracing::info!(path = ?key_path, "found ssh key");
-            paths.push(key_path);
+        let ssh_dir = Path::new(&home_dir).join(".ssh");
+        for filename in ["id_ed25519_sk", "id_ed25519", "id_rsa"] {
+            let key_path = ssh_dir.join(filename);
+            if key_path.is_file() {
+                tracing::info!(path = ?key_path, "found ssh key");
+                paths.push(key_path);
+            }
        }
    }
    if paths.is_empty() {
--- a/docs/git-compatibility.md
+++ b/docs/git-compatibility.md
@ -20,8 +20,9 @@ a comparison with Git, including how workflows are different, see the
  you miss any particular configuration options.
  * The configuration of remotes (`[remote "<name>"]`).
  * `core.excludesFile`
-* **Authentication: Partial.** Only `ssh-agent`, a password-less key file at
-  `~/.ssh/id_rsa` (and only at exactly that path), or a `credential.helper`.
+* **Authentication: Partial.** Only `ssh-agent`, a password-less key (
+  only `~/.ssh/id_rsa`, `~/.ssh/id_ed25519` or `~/.ssh/id_ed25519_sk`), or
+  a `credential.helper`.
 * **Branches: Yes.** You can read more about
  [how branches work in Jujutsu](branches.md)
  and [how they interoperate with Git](#branches).