Incomplete SSH integration with Jsch

Jira does fully implement SSH connectivity with Jsch. See the last few comments on the linked issue.

If OpenSSH is configured to such that "PasswordAuthentication=no" for security reasons, Jira is unable to connect to the SSH server. This affects CVS integration (and also seems to affect the SVN plugin as well.) This may also be causing problems with key-pair SSH authentication as well.

Turning the PasswordAuthentication setting off keeps the SSH client from sending the password to the server in cleartext through the negotiated encrypted tunnel, this approach is vulnerable to interception and later brute-force decryption of the tunnel. Turning the setting off causes the SSH client to encrypt the password with the negotiated private key before sending it to the server.

FYI - When this setting is off, a regular command line SSH client uses the "keyboard-interactive" authentication method instead.

The problem appears to be in the Jira's use of the Jsch package. I had originally posted this to Jsch's wiki as a potential issue with their library. However, they modified the result with information about how to configure their product to support keyboard-interactive authentication. The information can be found here: http://wiki.jsch.org/index.php?PasswordAuthentication - it looks like a simple fix and they've provided some links to reference code.

It's also worthwhile to note that Eclipse (both for build-in CVS connectivity and the Subsclipe plugin) uses Jsch and does not have trouble connecting to an SSH server with the PasswordAuthentication setting turned off.