SSH ProxyJump connections fail due to shared sshClient authentication state #3942
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… and multiple credentials (#3925) Signed-off-by: Love yadav <[email protected]>
…3926) fix(ssh): isolate SSH identities per session to avoid auth failures The previous implementation allowed SSH identities to accumulate across connections when ProxyJump was used, causing mixed authentication attempts and triggering MaxAuthTries errors. This change: - Disables connection reuse for ProxyJump sessions - Prevents global SSH client identity leakage - Ensures credentials are applied per ClientSession Signed-off-by: Love yadav <[email protected]>
Refactor SSH connection handling and authentication process, ensuring proper session management and error handling. Signed-off-by: Love yadav <[email protected]>
- Disable connection reuse when ProxyJump is enabled - Scope SSH identities to ClientSession only - Prevent mixed authentication attempts causing auth failures - Ensure proper SSH client lifecycle cleanup Signed-off-by: Love yadav <[email protected]>
Signed-off-by: Love yadav <[email protected]>
…vice/impl/NoticeConfigServiceImpl.java Signed-off-by: Love yadav <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes SSH authentication issues when using ProxyJump by improving session isolation and connection lifecycle management.
Key changes
Disabled connection reuse when ProxyJump is enabled to prevent authentication state leakage.
Scoped SSH credentials strictly to individual ClientSession instances.
Ensured SSH client resources are properly cleaned up for non-cached sessions.
Prevented mixed authentication attempts that could lead to “Too many authentication failures”.
These changes make SSH connections more stable and predictable, especially in proxy-based environments.
Fixes #3926