public class SshdSessionFactory extends SshSessionFactory implements java.io.Closeable
SshSessionFactory
that uses Apache MINA sshd. Classes from Apache
MINA sshd are kept private to avoid API evolution problems when Apache MINA
sshd interfaces change.Modifier and Type | Class and Description |
---|---|
private static class |
SshdSessionFactory.Tuple
A simple general map key.
|
Modifier and Type | Field and Description |
---|---|
private java.util.concurrent.atomic.AtomicBoolean |
closing |
private java.util.Map<SshdSessionFactory.Tuple,org.apache.sshd.client.config.hosts.HostConfigEntryResolver> |
defaultHostConfigEntryResolver |
private java.util.Map<SshdSessionFactory.Tuple,java.lang.Iterable<java.security.KeyPair>> |
defaultKeys |
private java.util.Map<SshdSessionFactory.Tuple,org.apache.sshd.client.keyverifier.ServerKeyVerifier> |
defaultServerKeyVerifier |
private java.io.File |
homeDirectory |
private KeyCache |
keyCache |
private ProxyDataFactory |
proxies |
private java.util.Set<SshdSession> |
sessions |
private java.io.File |
sshDirectory |
Constructor and Description |
---|
SshdSessionFactory()
Creates a new
SshdSessionFactory without key cache and a
DefaultProxyDataFactory . |
SshdSessionFactory(KeyCache keyCache,
ProxyDataFactory proxies)
|
Modifier and Type | Method and Description |
---|---|
void |
close() |
private org.apache.sshd.common.config.keys.FilePasswordProvider |
createFilePasswordProvider(KeyPasswordProvider provider)
Creates a
FilePasswordProvider for a new session. |
protected KeyPasswordProvider |
createKeyPasswordProvider(CredentialsProvider provider)
Creates a
KeyPasswordProvider for a new session. |
protected java.util.List<java.nio.file.Path> |
getDefaultIdentities(java.io.File sshDir)
Gets a list of default identities, i.e., private key files that shall
always be tried for public key authentication.
|
protected java.lang.Iterable<java.security.KeyPair> |
getDefaultKeys(java.io.File sshDir)
Determines the default keys.
|
protected java.util.List<java.nio.file.Path> |
getDefaultKnownHostsFiles(java.io.File sshDir)
Gets the list of default user known hosts files.
|
protected java.lang.String |
getDefaultPreferredAuthentications()
Gets the list of default preferred authentication mechanisms.
|
java.io.File |
getHomeDirectory()
Retrieves the global user home directory
|
private org.apache.sshd.client.config.hosts.HostConfigEntryResolver |
getHostConfigEntryResolver(java.io.File homeDir,
java.io.File sshDir)
Obtain a
HostConfigEntryResolver to read the ssh config file and
to determine host entries for connections. |
protected KeyCache |
getKeyCache()
Obtains the
KeyCache to use to cache loaded keys. |
private org.apache.sshd.client.keyverifier.ServerKeyVerifier |
getServerKeyVerifier(java.io.File homeDir,
java.io.File sshDir)
Obtain a
ServerKeyVerifier to read known_hosts files and to
verify server host keys. |
SshdSession |
getSession(URIish uri,
CredentialsProvider credentialsProvider,
FS fs,
int tms)
Open (or reuse) a session to a host.
|
java.io.File |
getSshDirectory()
Retrieves the global .ssh directory
|
private java.util.List<org.apache.sshd.common.NamedFactory<org.apache.sshd.client.auth.UserAuth>> |
getUserAuthFactories()
Gets the user authentication mechanisms (or rather, factories for them).
|
private void |
register(SshdSession newSession) |
void |
setHomeDirectory(java.io.File homeDir)
Set a global directory to use as the user's home directory
|
void |
setSshDirectory(java.io.File sshDir)
Set a global directory to use as the .ssh directory
|
private org.apache.sshd.common.keyprovider.KeyIdentityProvider |
toKeyIdentityProvider(java.lang.Iterable<java.security.KeyPair> keys)
Converts an
Iterable of {link KeyPair}s into a
KeyIdentityProvider . |
private void |
unregister(SshdSession oldSession) |
getInstance, getLocalUserName, releaseSession, setInstance
private final java.util.concurrent.atomic.AtomicBoolean closing
private final java.util.Set<SshdSession> sessions
private final java.util.Map<SshdSessionFactory.Tuple,org.apache.sshd.client.config.hosts.HostConfigEntryResolver> defaultHostConfigEntryResolver
private final java.util.Map<SshdSessionFactory.Tuple,org.apache.sshd.client.keyverifier.ServerKeyVerifier> defaultServerKeyVerifier
private final java.util.Map<SshdSessionFactory.Tuple,java.lang.Iterable<java.security.KeyPair>> defaultKeys
private final KeyCache keyCache
private final ProxyDataFactory proxies
private java.io.File sshDirectory
private java.io.File homeDirectory
public SshdSessionFactory()
SshdSessionFactory
without key cache and a
DefaultProxyDataFactory
.public SshdSessionFactory(KeyCache keyCache, ProxyDataFactory proxies)
SshdSessionFactory
using the given KeyCache
and ProxyDataFactory
. The keyCache
is used for all sessions
created through this session factory; cached keys are destroyed when the
session factory is closed
.
Caching ssh keys in memory for an extended period of time is generally
considered bad practice, but there may be circumstances where using a
KeyCache
is still the right choice, for instance to avoid that a
user gets prompted several times for the same password for the same key.
In general, however, it is preferable not to use a key cache but
to use a KeyPasswordProvider
that has access to some secure storage and can save
and retrieve passwords from there without user interaction. Another
approach is to use an ssh agent.
Note that the underlying ssh library (Apache MINA sshd) may or may not
keep ssh keys in memory for unspecified periods of time irrespective of
the use of a KeyCache
.
keyCache
- KeyCache
to use for caching ssh keys, or null
to not use a key cacheproxies
- ProxyDataFactory
to use, or null
to not use a
proxy database (in which case connections through proxies will
not be possible)public SshdSession getSession(URIish uri, CredentialsProvider credentialsProvider, FS fs, int tms) throws TransportException
SshSessionFactory
A reasonable UserInfo that can interact with the end-user (if necessary) is installed on the returned session by this method.
The caller must connect the session by invoking connect()
if
it has not already been connected.
getSession
in class SshSessionFactory
uri
- URI information about the remote hostcredentialsProvider
- provider to support authentication, may be null.fs
- the file system abstraction which will be necessary to perform
certain file system operations.tms
- Timeout value, in milliseconds.TransportException
- the session could not be created.public void close()
close
in interface java.io.Closeable
close
in interface java.lang.AutoCloseable
private void register(SshdSession newSession) throws java.io.IOException
java.io.IOException
private void unregister(SshdSession oldSession)
public void setHomeDirectory(@NonNull java.io.File homeDir)
homeDir
- to usepublic java.io.File getHomeDirectory()
null
if not setpublic void setSshDirectory(@NonNull java.io.File sshDir)
sshDir
- to usepublic java.io.File getSshDirectory()
null
if not set@NonNull private org.apache.sshd.client.config.hosts.HostConfigEntryResolver getHostConfigEntryResolver(@NonNull java.io.File homeDir, @NonNull java.io.File sshDir)
HostConfigEntryResolver
to read the ssh config file and
to determine host entries for connections.homeDir
- home directory to use for ~ replacementsshDir
- to use for looking for the config file@NonNull private org.apache.sshd.client.keyverifier.ServerKeyVerifier getServerKeyVerifier(@NonNull java.io.File homeDir, @NonNull java.io.File sshDir)
ServerKeyVerifier
to read known_hosts files and to
verify server host keys. The default implementation returns a
ServerKeyVerifier
that recognizes the two openssh standard files
~/.ssh/known_hosts
and ~/.ssh/known_hosts2
as well as any
files configured via the UserKnownHostsFile
option in the ssh
config file.homeDir
- home directory to use for ~ replacementsshDir
- representing ~/.ssh/@NonNull protected java.util.List<java.nio.file.Path> getDefaultKnownHostsFiles(@NonNull java.io.File sshDir)
UserKnownHostsFile
overrides this default.sshDir
- @NonNull protected java.lang.Iterable<java.security.KeyPair> getDefaultKeys(@NonNull java.io.File sshDir)
default identity files
.
Subclasses may override and return an Iterable
of whatever keys
are appropriate. If the returned iterable lazily loads keys, it should be
an instance of
AbstractResourceKeyPairProvider
so that the session can later pass it
the password
provider
wrapped as a FilePasswordProvider
via
AbstractResourceKeyPairProvider#setPasswordFinder(FilePasswordProvider)
so that encrypted, password-protected keys can be loaded.
The default implementation uses exactly this mechanism; class
CachingKeyPairProvider
may serve as a model for a customized
lazy-loading Iterable
implementation
If the Iterable
returned has the keys already pre-loaded or
otherwise doesn't need to decrypt encrypted keys, it can be any
Iterable
, for instance a simple List
.
sshDir
- to look in for keysIterable
over the default keysprivate org.apache.sshd.common.keyprovider.KeyIdentityProvider toKeyIdentityProvider(java.lang.Iterable<java.security.KeyPair> keys)
Iterable
of {link KeyPair}s into a
KeyIdentityProvider
.keys
- to provide via the returned KeyIdentityProvider
KeyIdentityProvider
that provides the given
keys
@NonNull protected java.util.List<java.nio.file.Path> getDefaultIdentities(@NonNull java.io.File sshDir)
SshConstants.DEFAULT_IDENTITIES
.sshDir
- the directory that represents ~/.ssh/protected final KeyCache getKeyCache()
KeyCache
to use to cache loaded keys.KeyCache
, or null
if none.@NonNull protected KeyPasswordProvider createKeyPasswordProvider(CredentialsProvider provider)
KeyPasswordProvider
for a new session.provider
- the CredentialsProvider
to delegate to for user
interactionsKeyPasswordProvider
@NonNull private org.apache.sshd.common.config.keys.FilePasswordProvider createFilePasswordProvider(KeyPasswordProvider provider)
FilePasswordProvider
for a new session.provider
- the KeyPasswordProvider
to delegate toFilePasswordProvider
@NonNull private java.util.List<org.apache.sshd.common.NamedFactory<org.apache.sshd.client.auth.UserAuth>> getUserAuthFactories()
PreferredAuthentications
; if it
is set, the order defined there will be taken.protected java.lang.String getDefaultPreferredAuthentications()
null
is returned the openssh default list will be in effect. If
the ssh config defines PreferredAuthentications
the value from
the ssh config takes precedence.null
if
none