Class SshdSessionFactory
- All Implemented Interfaces:
Closeable
,AutoCloseable
- Direct Known Subclasses:
SshdSessionFactoryBuilder.State.SessionFactory
SshSessionFactory
that uses Apache MINA sshd. Classes from Apache
MINA sshd are kept private to avoid API evolution problems when Apache MINA
sshd interfaces change.- Since:
- 5.2
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate static final class
A simple general map key. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final AtomicBoolean
private final Map
<SshdSessionFactory.Tuple, org.apache.sshd.client.config.hosts.HostConfigEntryResolver> private final Map
<SshdSessionFactory.Tuple, Iterable<KeyPair>> private final Map
<SshdSessionFactory.Tuple, ServerKeyDatabase> private File
private final KeyCache
private static final String
private final ProxyDataFactory
private final Set
<SshdSession> private File
-
Constructor Summary
ConstructorsConstructorDescriptionCreates a newSshdSessionFactory
without key cache and aDefaultProxyDataFactory
.SshdSessionFactory
(KeyCache keyCache, ProxyDataFactory proxies) -
Method Summary
Modifier and TypeMethodDescriptionvoid
close()
private org.apache.sshd.common.config.keys.FilePasswordProvider
createFilePasswordProvider
(Supplier<KeyPasswordProvider> providerFactory) Creates aFilePasswordProvider
for a new session.protected KeyPasswordProvider
createKeyPasswordProvider
(CredentialsProvider provider) Creates aKeyPasswordProvider
for a new session.protected ServerKeyDatabase
createServerKeyDatabase
(File homeDir, File sshDir) Creates aServerKeyDatabase
to verify server host keys.protected SshConfigStore
createSshConfigStore
(File homeDir, File configFile, String localUserName) Obtains aSshConfigStore
, ornull
if not SSH config is to be used.getDefaultIdentities
(File sshDir) Gets a list of default identities, i.e., private key files that shall always be tried for public key authentication.getDefaultKeys
(File sshDir) Determines the default keys.getDefaultKnownHostsFiles
(File sshDir) Gets the list of default user known hosts files.protected String
Gets the list of default preferred authentication mechanisms.Retrieves the global user home directoryprivate org.apache.sshd.client.config.hosts.HostConfigEntryResolver
getHostConfigEntryResolver
(File homeDir, File sshDir) Obtain aHostConfigEntryResolver
to read the ssh config file and to determine host entries for connections.protected final KeyCache
Obtains theKeyCache
to use to cache loaded keys.protected ServerKeyDatabase
getServerKeyDatabase
(File homeDir, File sshDir) Obtains aServerKeyDatabase
to verify server host keys.getSession
(URIish uri, CredentialsProvider credentialsProvider, FS fs, int tms) Opens (or reuses) a session to a host.private static List
<org.apache.sshd.common.NamedFactory<org.apache.sshd.common.signature.Signature>> Apache MINA sshd 2.6.0 has removed DSA, DSA_CERT and RSA_CERT.protected File
getSshConfig
(File sshDir) Determines the ssh config file.Retrieves the global .ssh directorygetType()
The name of the type of session factory.private List
<org.apache.sshd.client.auth.UserAuthFactory> Gets the user authentication mechanisms (or rather, factories for them).private void
register
(SshdSession newSession) void
setHomeDirectory
(File homeDir) Set a global directory to use as the user's home directoryvoid
setSshDirectory
(File sshDir) Set a global directory to use as the .ssh directoryprivate org.apache.sshd.common.keyprovider.KeyIdentityProvider
toKeyIdentityProvider
(Iterable<KeyPair> keys) Converts anIterable
of {link KeyPair}s into aKeyIdentityProvider
.private void
unregister
(SshdSession oldSession) Methods inherited from class org.eclipse.jgit.transport.SshSessionFactory
getInstance, getLocalUserName, releaseSession, setInstance
-
Field Details
-
MINA_SSHD
- See Also:
-
closing
-
sessions
-
defaultHostConfigEntryResolver
private final Map<SshdSessionFactory.Tuple,org.apache.sshd.client.config.hosts.HostConfigEntryResolver> defaultHostConfigEntryResolver -
defaultServerKeyDatabase
-
defaultKeys
-
keyCache
-
proxies
-
sshDirectory
-
homeDirectory
-
-
Constructor Details
-
SshdSessionFactory
public SshdSessionFactory()Creates a newSshdSessionFactory
without key cache and aDefaultProxyDataFactory
. -
SshdSessionFactory
Creates a newSshdSessionFactory
using the givenKeyCache
andProxyDataFactory
. ThekeyCache
is used for all sessions created through this session factory; cached keys are destroyed when the session factory isclosed
.Caching ssh keys in memory for an extended period of time is generally considered bad practice, but there may be circumstances where using a
KeyCache
is still the right choice, for instance to avoid that a user gets prompted several times for the same password for the same key. In general, however, it is preferable not to use a key cache but to use aKeyPasswordProvider
that has access to some secure storage and can save and retrieve passwords from there without user interaction. Another approach is to use an ssh agent.Note that the underlying ssh library (Apache MINA sshd) may or may not keep ssh keys in memory for unspecified periods of time irrespective of the use of a
KeyCache
.- Parameters:
keyCache
-KeyCache
to use for caching ssh keys, ornull
to not use a key cacheproxies
-ProxyDataFactory
to use, ornull
to not use a proxy database (in which case connections through proxies will not be possible)
-
-
Method Details
-
getType
Description copied from class:SshSessionFactory
The name of the type of session factory.- Specified by:
getType
in classSshSessionFactory
- Returns:
- the name of the type of session factory.
-
getSession
public SshdSession getSession(URIish uri, CredentialsProvider credentialsProvider, FS fs, int tms) throws TransportException Description copied from class:SshSessionFactory
Opens (or reuses) a session to a host. The returned session is connected and authenticated and is ready for further use.- Specified by:
getSession
in classSshSessionFactory
- Parameters:
uri
- URI of the remote host to connect tocredentialsProvider
- provider to support authentication, may benull
if no user input for authentication is neededfs
- the file system abstraction to use for certain file operations, such as reading configuration filestms
- connection timeout for creating the session, in milliseconds- Returns:
- a connected and authenticated session for communicating with the
remote host given by the
uri
- Throws:
TransportException
- if the session could not be created
-
close
public void close()- Specified by:
close
in interfaceAutoCloseable
- Specified by:
close
in interfaceCloseable
-
register
- Throws:
IOException
-
unregister
-
setHomeDirectory
Set a global directory to use as the user's home directory- Parameters:
homeDir
- to use
-
getHomeDirectory
Retrieves the global user home directory- Returns:
- the directory, or
null
if not set
-
setSshDirectory
Set a global directory to use as the .ssh directory- Parameters:
sshDir
- to use
-
getSshDirectory
Retrieves the global .ssh directory- Returns:
- the directory, or
null
if not set
-
getHostConfigEntryResolver
@NonNull private org.apache.sshd.client.config.hosts.HostConfigEntryResolver getHostConfigEntryResolver(@NonNull File homeDir, @NonNull File sshDir) Obtain aHostConfigEntryResolver
to read the ssh config file and to determine host entries for connections.- Parameters:
homeDir
- home directory to use for ~ replacementsshDir
- to use for looking for the config file- Returns:
- the resolver
-
getSshConfig
Determines the ssh config file. The default implementation returns ~/.ssh/config. If the file does not exist and is created later it will be picked up. To not use a config file at all, returnnull
.- Parameters:
sshDir
- representing ~/.ssh/- Returns:
- the file (need not exist), or
null
if no config file shall be used - Since:
- 5.5
-
createSshConfigStore
protected SshConfigStore createSshConfigStore(@NonNull File homeDir, File configFile, String localUserName) Obtains aSshConfigStore
, ornull
if not SSH config is to be used. The default implementation returnsnull
ifconfigFile == null
and otherwise an OpenSSH-compatible store reading host entries from the given file.- Parameters:
homeDir
- may be used for ~-replacements by the returned config storeconfigFile
- to use, ornull
if nonelocalUserName
- user name of the current user on the local OS- Returns:
- A
SshConfigStore
, ornull
if none is to be used - Since:
- 5.8
-
getServerKeyDatabase
@NonNull protected ServerKeyDatabase getServerKeyDatabase(@NonNull File homeDir, @NonNull File sshDir) Obtains aServerKeyDatabase
to verify server host keys. The default implementation returns aServerKeyDatabase
that recognizes the two openssh standard files~/.ssh/known_hosts
and~/.ssh/known_hosts2
as well as any files configured via theUserKnownHostsFile
option in the ssh config file.- Parameters:
homeDir
- home directory to use for ~ replacementsshDir
- representing ~/.ssh/- Returns:
- the
ServerKeyDatabase
- Since:
- 5.5
-
createServerKeyDatabase
@NonNull protected ServerKeyDatabase createServerKeyDatabase(@NonNull File homeDir, @NonNull File sshDir) Creates aServerKeyDatabase
to verify server host keys. The default implementation returns aServerKeyDatabase
that recognizes the two openssh standard files~/.ssh/known_hosts
and~/.ssh/known_hosts2
as well as any files configured via theUserKnownHostsFile
option in the ssh config file.- Parameters:
homeDir
- home directory to use for ~ replacementsshDir
- representing ~/.ssh/- Returns:
- the
ServerKeyDatabase
- Since:
- 5.8
-
getDefaultKnownHostsFiles
Gets the list of default user known hosts files. The default returns ~/.ssh/known_hosts and ~/.ssh/known_hosts2. The ssh configUserKnownHostsFile
overrides this default.- Parameters:
sshDir
-- Returns:
- the possibly empty list of default known host file paths.
-
getDefaultKeys
Determines the default keys. The default implementation will lazy load thedefault identity files
.Subclasses may override and return an
Iterable
of whatever keys are appropriate. If the returned iterable lazily loads keys, it should be an instance ofAbstractResourceKeyPairProvider
so that the session can later pass it thepassword provider
wrapped as aFilePasswordProvider
viaAbstractResourceKeyPairProvider#setPasswordFinder(FilePasswordProvider)
so that encrypted, password-protected keys can be loaded.The default implementation uses exactly this mechanism; class
CachingKeyPairProvider
may serve as a model for a customized lazy-loadingIterable
implementationIf the
Iterable
returned has the keys already pre-loaded or otherwise doesn't need to decrypt encrypted keys, it can be anyIterable
, for instance a simpleList
.- Parameters:
sshDir
- to look in for keys- Returns:
- an
Iterable
over the default keys - Since:
- 5.3
-
toKeyIdentityProvider
private org.apache.sshd.common.keyprovider.KeyIdentityProvider toKeyIdentityProvider(Iterable<KeyPair> keys) Converts anIterable
of {link KeyPair}s into aKeyIdentityProvider
.- Parameters:
keys
- to provide via the returnedKeyIdentityProvider
- Returns:
- a
KeyIdentityProvider
that provides the givenkeys
-
getDefaultIdentities
Gets a list of default identities, i.e., private key files that shall always be tried for public key authentication. Typically those are ~/.ssh/id_dsa, ~/.ssh/id_rsa, and so on. The default implementation returns the files defined inSshConstants.DEFAULT_IDENTITIES
.- Parameters:
sshDir
- the directory that represents ~/.ssh/- Returns:
- a possibly empty list of paths containing default identities (private keys)
-
getKeyCache
Obtains theKeyCache
to use to cache loaded keys.- Returns:
- the
KeyCache
, ornull
if none.
-
createKeyPasswordProvider
Creates aKeyPasswordProvider
for a new session.- Parameters:
provider
- theCredentialsProvider
to delegate to for user interactions- Returns:
- a new
KeyPasswordProvider
-
createFilePasswordProvider
@NonNull private org.apache.sshd.common.config.keys.FilePasswordProvider createFilePasswordProvider(Supplier<KeyPasswordProvider> providerFactory) Creates aFilePasswordProvider
for a new session.- Parameters:
providerFactory
- providing theKeyPasswordProvider
to delegate to- Returns:
- a new
FilePasswordProvider
-
getUserAuthFactories
Gets the user authentication mechanisms (or rather, factories for them). By default this returns gssapi-with-mic, public-key, password, and keyboard-interactive, in that order. The order is only significant if the ssh config does not setPreferredAuthentications
; if it is set, the order defined there will be taken.- Returns:
- the non-empty list of factories.
-
getDefaultPreferredAuthentications
Gets the list of default preferred authentication mechanisms. Ifnull
is returned the openssh default list will be in effect. If the ssh config definesPreferredAuthentications
the value from the ssh config takes precedence.- Returns:
- a comma-separated list of mechanism names, or
null
if none
-
getSignatureFactories
private static List<org.apache.sshd.common.NamedFactory<org.apache.sshd.common.signature.Signature>> getSignatureFactories()Apache MINA sshd 2.6.0 has removed DSA, DSA_CERT and RSA_CERT. We have to set it up explicitly to still allow users to connect with DSA keys.- Returns:
- a list of supported signature factories
-