Class SshdSessionFactory
- All Implemented Interfaces:
Closeable,AutoCloseable
- Direct Known Subclasses:
SshdSessionFactoryBuilder.State.SessionFactory
SshSessionFactory that uses Apache MINA sshd. Classes from Apache
MINA sshd are kept private to avoid API evolution problems when Apache MINA
sshd interfaces change.- Since:
- 5.2
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate static final classA simple general map key. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final AtomicBooleanprivate final Map<SshdSessionFactory.Tuple,org.apache.sshd.client.config.hosts.HostConfigEntryResolver> private final Map<SshdSessionFactory.Tuple,Iterable<KeyPair>> private final Map<SshdSessionFactory.Tuple,ServerKeyDatabase> private Fileprivate final KeyCacheprivate static final Stringprivate final ProxyDataFactoryprivate final Set<SshdSession>private File -
Constructor Summary
ConstructorsConstructorDescriptionCreates a newSshdSessionFactorywithout key cache and aDefaultProxyDataFactory.SshdSessionFactory(KeyCache keyCache, ProxyDataFactory proxies) -
Method Summary
Modifier and TypeMethodDescriptionvoidclose()private org.apache.sshd.common.config.keys.FilePasswordProvidercreateFilePasswordProvider(Supplier<KeyPasswordProvider> providerFactory) Creates aFilePasswordProviderfor a new session.protected KeyPasswordProvidercreateKeyPasswordProvider(CredentialsProvider provider) Creates aKeyPasswordProviderfor a new session.protected ServerKeyDatabasecreateServerKeyDatabase(File homeDir, File sshDir) Creates aServerKeyDatabaseto verify server host keys.protected SshConfigStorecreateSshConfigStore(File homeDir, File configFile, String localUserName) Obtains aSshConfigStore, ornullif not SSH config is to be used.protected ConnectorFactoryGets aConnectorFactory.getDefaultIdentities(File sshDir) Gets a list of default identities, i.e., private key files that shall always be tried for public key authentication.getDefaultKeys(File sshDir) Determines the default keys.getDefaultKnownHostsFiles(File sshDir) Gets the list of default user known hosts files.protected StringGets the list of default preferred authentication mechanisms.Retrieves the global user home directoryprivate org.apache.sshd.client.config.hosts.HostConfigEntryResolvergetHostConfigEntryResolver(File homeDir, File sshDir) Obtain aHostConfigEntryResolverto read the ssh config file and to determine host entries for connections.protected final KeyCacheObtains theKeyCacheto use to cache loaded keys.protected ServerKeyDatabasegetServerKeyDatabase(File homeDir, File sshDir) Obtains aServerKeyDatabaseto verify server host keys.getSession(URIish uri, CredentialsProvider credentialsProvider, FS fs, int tms) Opens (or reuses) a session to a host.private static List<org.apache.sshd.common.NamedFactory<org.apache.sshd.common.signature.Signature>>Apache MINA sshd 2.6.0 has removed DSA, DSA_CERT and RSA_CERT.protected FilegetSshConfig(File sshDir) Determines the ssh config file.Retrieves the global .ssh directorygetType()The name of the type of session factory.private List<org.apache.sshd.client.auth.UserAuthFactory>Gets the user authentication mechanisms (or rather, factories for them).private voidregister(SshdSession newSession) voidsetHomeDirectory(File homeDir) Set a global directory to use as the user's home directoryvoidsetSshDirectory(File sshDir) Set a global directory to use as the .ssh directoryprivate org.apache.sshd.common.keyprovider.KeyIdentityProvidertoKeyIdentityProvider(Iterable<KeyPair> keys) Converts anIterableof {link KeyPair}s into aKeyIdentityProvider.private voidunregister(SshdSession oldSession) Methods inherited from class org.eclipse.jgit.transport.SshSessionFactory
getInstance, getLocalUserName, releaseSession, setInstance
-
Field Details
-
MINA_SSHD
- See Also:
-
closing
-
sessions
-
defaultHostConfigEntryResolver
private final Map<SshdSessionFactory.Tuple,org.apache.sshd.client.config.hosts.HostConfigEntryResolver> defaultHostConfigEntryResolver -
defaultServerKeyDatabase
-
defaultKeys
-
keyCache
-
proxies
-
sshDirectory
-
homeDirectory
-
-
Constructor Details
-
SshdSessionFactory
public SshdSessionFactory()Creates a newSshdSessionFactorywithout key cache and aDefaultProxyDataFactory. -
SshdSessionFactory
Creates a newSshdSessionFactoryusing the givenKeyCacheandProxyDataFactory. ThekeyCacheis used for all sessions created through this session factory; cached keys are destroyed when the session factory isclosed.Caching ssh keys in memory for an extended period of time is generally considered bad practice, but there may be circumstances where using a
KeyCacheis still the right choice, for instance to avoid that a user gets prompted several times for the same password for the same key. In general, however, it is preferable not to use a key cache but to use aKeyPasswordProviderthat has access to some secure storage and can save and retrieve passwords from there without user interaction. Another approach is to use an SSH agent.Note that the underlying ssh library (Apache MINA sshd) may or may not keep ssh keys in memory for unspecified periods of time irrespective of the use of a
KeyCache.By default, the factory uses the
ServiceLoaderto find aConnectorFactoryfor creating aConnectorto connect to a running SSH agent. If it finds one, the SSH agent is used in publickey authentication. If there is none, no SSH agent will ever be contacted. Note that one can defineIdentitiesOnly yesfor a host entry in the~/.ssh/configfile to bypass the SSH agent in any case.- Parameters:
keyCache-KeyCacheto use for caching ssh keys, ornullto not use a key cacheproxies-ProxyDataFactoryto use, ornullto not use a proxy database (in which case connections through proxies will not be possible)
-
-
Method Details
-
getType
Description copied from class:SshSessionFactoryThe name of the type of session factory.- Specified by:
getTypein classSshSessionFactory- Returns:
- the name of the type of session factory.
-
getSession
public SshdSession getSession(URIish uri, CredentialsProvider credentialsProvider, FS fs, int tms) throws TransportException Description copied from class:SshSessionFactoryOpens (or reuses) a session to a host. The returned session is connected and authenticated and is ready for further use.- Specified by:
getSessionin classSshSessionFactory- Parameters:
uri- URI of the remote host to connect tocredentialsProvider- provider to support authentication, may benullif no user input for authentication is neededfs- the file system abstraction to use for certain file operations, such as reading configuration filestms- connection timeout for creating the session, in milliseconds- Returns:
- a connected and authenticated session for communicating with the
remote host given by the
uri - Throws:
TransportException- if the session could not be created
-
close
public void close()- Specified by:
closein interfaceAutoCloseable- Specified by:
closein interfaceCloseable
-
register
- Throws:
IOException
-
unregister
-
setHomeDirectory
Set a global directory to use as the user's home directory- Parameters:
homeDir- to use
-
getHomeDirectory
Retrieves the global user home directory- Returns:
- the directory, or
nullif not set
-
setSshDirectory
Set a global directory to use as the .ssh directory- Parameters:
sshDir- to use
-
getSshDirectory
Retrieves the global .ssh directory- Returns:
- the directory, or
nullif not set
-
getHostConfigEntryResolver
@NonNull private org.apache.sshd.client.config.hosts.HostConfigEntryResolver getHostConfigEntryResolver(@NonNull File homeDir, @NonNull File sshDir) Obtain aHostConfigEntryResolverto read the ssh config file and to determine host entries for connections.- Parameters:
homeDir- home directory to use for ~ replacementsshDir- to use for looking for the config file- Returns:
- the resolver
-
getSshConfig
Determines the ssh config file. The default implementation returns ~/.ssh/config. If the file does not exist and is created later it will be picked up. To not use a config file at all, returnnull.- Parameters:
sshDir- representing ~/.ssh/- Returns:
- the file (need not exist), or
nullif no config file shall be used - Since:
- 5.5
-
createSshConfigStore
protected SshConfigStore createSshConfigStore(@NonNull File homeDir, File configFile, String localUserName) Obtains aSshConfigStore, ornullif not SSH config is to be used. The default implementation returnsnullifconfigFile == nulland otherwise an OpenSSH-compatible store reading host entries from the given file.- Parameters:
homeDir- may be used for ~-replacements by the returned config storeconfigFile- to use, ornullif nonelocalUserName- user name of the current user on the local OS- Returns:
- A
SshConfigStore, ornullif none is to be used - Since:
- 5.8
-
getServerKeyDatabase
@NonNull protected ServerKeyDatabase getServerKeyDatabase(@NonNull File homeDir, @NonNull File sshDir) Obtains aServerKeyDatabaseto verify server host keys. The default implementation returns aServerKeyDatabasethat recognizes the two openssh standard files~/.ssh/known_hostsand~/.ssh/known_hosts2as well as any files configured via theUserKnownHostsFileoption in the ssh config file.- Parameters:
homeDir- home directory to use for ~ replacementsshDir- representing ~/.ssh/- Returns:
- the
ServerKeyDatabase - Since:
- 5.5
-
createServerKeyDatabase
@NonNull protected ServerKeyDatabase createServerKeyDatabase(@NonNull File homeDir, @NonNull File sshDir) Creates aServerKeyDatabaseto verify server host keys. The default implementation returns aServerKeyDatabasethat recognizes the two openssh standard files~/.ssh/known_hostsand~/.ssh/known_hosts2as well as any files configured via theUserKnownHostsFileoption in the ssh config file.- Parameters:
homeDir- home directory to use for ~ replacementsshDir- representing ~/.ssh/- Returns:
- the
ServerKeyDatabase - Since:
- 5.8
-
getConnectorFactory
Gets aConnectorFactory. If this returnsnull, SSH agents are not supported.The default implementation uses
ConnectorFactory.getDefault()- Returns:
- the factory, or
nullif no SSH agent support is desired - Since:
- 6.0
-
getDefaultKnownHostsFiles
Gets the list of default user known hosts files. The default returns ~/.ssh/known_hosts and ~/.ssh/known_hosts2. The ssh configUserKnownHostsFileoverrides this default.- Parameters:
sshDir-- Returns:
- the possibly empty list of default known host file paths.
-
getDefaultKeys
Determines the default keys. The default implementation will lazy load thedefault identity files.Subclasses may override and return an
Iterableof whatever keys are appropriate. If the returned iterable lazily loads keys, it should be an instance ofAbstractResourceKeyPairProviderso that the session can later pass it thepassword providerwrapped as aFilePasswordProviderviaAbstractResourceKeyPairProvider#setPasswordFinder(FilePasswordProvider)so that encrypted, password-protected keys can be loaded.The default implementation uses exactly this mechanism; class
CachingKeyPairProvidermay serve as a model for a customized lazy-loadingIterableimplementationIf the
Iterablereturned has the keys already pre-loaded or otherwise doesn't need to decrypt encrypted keys, it can be anyIterable, for instance a simpleList.- Parameters:
sshDir- to look in for keys- Returns:
- an
Iterableover the default keys - Since:
- 5.3
-
toKeyIdentityProvider
private org.apache.sshd.common.keyprovider.KeyIdentityProvider toKeyIdentityProvider(Iterable<KeyPair> keys) Converts anIterableof {link KeyPair}s into aKeyIdentityProvider.- Parameters:
keys- to provide via the returnedKeyIdentityProvider- Returns:
- a
KeyIdentityProviderthat provides the givenkeys
-
getDefaultIdentities
Gets a list of default identities, i.e., private key files that shall always be tried for public key authentication. Typically those are ~/.ssh/id_dsa, ~/.ssh/id_rsa, and so on. The default implementation returns the files defined inSshConstants.DEFAULT_IDENTITIES.- Parameters:
sshDir- the directory that represents ~/.ssh/- Returns:
- a possibly empty list of paths containing default identities (private keys)
-
getKeyCache
Obtains theKeyCacheto use to cache loaded keys.- Returns:
- the
KeyCache, ornullif none.
-
createKeyPasswordProvider
Creates aKeyPasswordProviderfor a new session.- Parameters:
provider- theCredentialsProviderto delegate to for user interactions- Returns:
- a new
KeyPasswordProvider
-
createFilePasswordProvider
@NonNull private org.apache.sshd.common.config.keys.FilePasswordProvider createFilePasswordProvider(Supplier<KeyPasswordProvider> providerFactory) Creates aFilePasswordProviderfor a new session.- Parameters:
providerFactory- providing theKeyPasswordProviderto delegate to- Returns:
- a new
FilePasswordProvider
-
getUserAuthFactories
Gets the user authentication mechanisms (or rather, factories for them). By default this returns gssapi-with-mic, public-key, password, and keyboard-interactive, in that order. The order is only significant if the ssh config does not setPreferredAuthentications; if it is set, the order defined there will be taken.- Returns:
- the non-empty list of factories.
-
getDefaultPreferredAuthentications
Gets the list of default preferred authentication mechanisms. Ifnullis returned the openssh default list will be in effect. If the ssh config definesPreferredAuthenticationsthe value from the ssh config takes precedence.- Returns:
- a comma-separated list of mechanism names, or
nullif none
-
getSignatureFactories
private static List<org.apache.sshd.common.NamedFactory<org.apache.sshd.common.signature.Signature>> getSignatureFactories()Apache MINA sshd 2.6.0 has removed DSA, DSA_CERT and RSA_CERT. We have to set it up explicitly to still allow users to connect with DSA keys.- Returns:
- a list of supported signature factories
-