Class OpenSshServerKeyDatabase
- All Implemented Interfaces:
ServerKeyDatabase
StrictHostKeyChecking
and
UserKnownHostsFile
values from the ssh configuration.
The verifier can be given default known_hosts files in the constructor, which
will be used if the ssh config does not specify a UserKnownHostsFile
.
If the ssh config does set UserKnownHostsFile
, the verifier
uses the given files in the order given. Non-existing or unreadable files are
ignored.
StrictHostKeyChecking
accepts the following values:
- ask
- Ask the user whether new or changed keys shall be accepted and be added to the known_hosts file.
- yes/true
- Accept only keys listed in the known_hosts file.
- no/false
- Silently accept all new or changed keys, add new keys to the known_hosts file.
- accept-new
- Silently accept keys for new hosts and add them to the known_hosts file.
If StrictHostKeyChecking
is not set, or set to any other value, the
default value ask is active.
This implementation relies on the ClientSession
being a
JGitClientSession
. By default Apache MINA sshd does not forward the
config file host entry to the session, so it would be unknown here which
entry it was and what setting of StrictHostKeyChecking
should be
used. If used with some other session type, the implementation assumes
"ask".
Asking the user is done via a CredentialsProvider
obtained from the
session. If none is set, the implementation falls back to strict host key
checking ("yes").
Note that adding a key to the known hosts file may create the file. You can specify in the constructor whether the user shall be asked about that, too. If the user declines updating the file, but the key was otherwise accepted (user confirmed for "ask", or "no" or "accept-new" are active), the key is accepted for this session only.
If several known hosts files are specified, a new key is always added to the first file (even if it doesn't exist yet; see the note about file creation above).
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate static class
private static class
private static class
Nested classes/interfaces inherited from interface org.eclipse.jgit.transport.sshd.ServerKeyDatabase
ServerKeyDatabase.Configuration
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final boolean
private final List
<OpenSshServerKeyDatabase.HostKeyFile> private final Map
<Path, OpenSshServerKeyDatabase.HostKeyFile> private static final org.slf4j.Logger
private static final String
Can be used to mark revoked known host lines. -
Constructor Summary
ConstructorsConstructorDescriptionOpenSshServerKeyDatabase
(boolean askAboutNewFile, List<Path> defaultFiles) Creates a newOpenSshServerKeyDatabase
. -
Method Summary
Modifier and TypeMethodDescriptionboolean
accept
(String connectAddress, InetSocketAddress remoteAddress, PublicKey serverKey, ServerKeyDatabase.Configuration config, CredentialsProvider provider) Determines whether to accept a received server host key.private List
<OpenSshServerKeyDatabase.HostKeyFile> addUserHostKeyFiles
(List<String> fileNames) private String
createHostKeyLine
(Collection<org.apache.sshd.common.util.net.SshdSocketAddress> patterns, PublicKey key, ServerKeyDatabase.Configuration config) private boolean
find
(Collection<org.apache.sshd.common.util.net.SshdSocketAddress> candidates, PublicKey serverKey, List<org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier.HostEntryPair> entries, org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier.HostEntryPair[] modified) private Collection
<org.apache.sshd.common.util.net.SshdSocketAddress> getCandidates
(String connectAddress, InetSocketAddress remoteAddress) private List
<OpenSshServerKeyDatabase.HostKeyFile> lookup
(String connectAddress, InetSocketAddress remoteAddress, ServerKeyDatabase.Configuration config) Retrieves all known host keys for the given addresses.private int
private org.apache.sshd.common.util.net.SshdSocketAddress
toSshdSocketAddress
(String address) private String
updateHostKeyLine
(String line, PublicKey newKey) private void
updateKnownHostsFile
(Collection<org.apache.sshd.common.util.net.SshdSocketAddress> candidates, PublicKey serverKey, Path path, ServerKeyDatabase.Configuration config) private void
updateModifiedServerKey
(PublicKey serverKey, org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier.HostEntryPair entry, Path path)
-
Field Details
-
LOG
private static final org.slf4j.Logger LOG -
MARKER_REVOKED
Can be used to mark revoked known host lines.- See Also:
-
askAboutNewFile
private final boolean askAboutNewFile -
knownHostsFiles
-
defaultFiles
-
-
Constructor Details
-
OpenSshServerKeyDatabase
Creates a newOpenSshServerKeyDatabase
.- Parameters:
askAboutNewFile
- whether to ask the user, if possible, about creating a new non-existing known_hosts filedefaultFiles
- typically ~/.ssh/known_hosts and ~/.ssh/known_hosts2. May be empty ornull
, in which case no default files are installed. The files need not exist.
-
-
Method Details
-
getFilesToUse
private List<OpenSshServerKeyDatabase.HostKeyFile> getFilesToUse(@NonNull ServerKeyDatabase.Configuration config) -
lookup
public List<PublicKey> lookup(@NonNull String connectAddress, @NonNull InetSocketAddress remoteAddress, @NonNull ServerKeyDatabase.Configuration config) Description copied from interface:ServerKeyDatabase
Retrieves all known host keys for the given addresses.- Specified by:
lookup
in interfaceServerKeyDatabase
- Parameters:
connectAddress
- IP address the session tried to connect toremoteAddress
- IP address as reported for the remote end pointconfig
- giving access to potentially interesting configuration settings- Returns:
- the list of known keys for the given addresses
-
accept
public boolean accept(@NonNull String connectAddress, @NonNull InetSocketAddress remoteAddress, @NonNull PublicKey serverKey, @NonNull ServerKeyDatabase.Configuration config, CredentialsProvider provider) Description copied from interface:ServerKeyDatabase
Determines whether to accept a received server host key.- Specified by:
accept
in interfaceServerKeyDatabase
- Parameters:
connectAddress
- IP address the session tried to connect toremoteAddress
- IP address as reported for the remote end pointserverKey
- received from the remote endconfig
- giving access to potentially interesting configuration settingsprovider
- for interacting with the user, if required; may benull
- Returns:
true
if the serverKey is accepted,false
otherwise
-
find
private boolean find(Collection<org.apache.sshd.common.util.net.SshdSocketAddress> candidates, PublicKey serverKey, List<org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier.HostEntryPair> entries, org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier.HostEntryPair[] modified) throws OpenSshServerKeyDatabase.RevokedKeyException -
addUserHostKeyFiles
-
updateKnownHostsFile
private void updateKnownHostsFile(Collection<org.apache.sshd.common.util.net.SshdSocketAddress> candidates, PublicKey serverKey, Path path, ServerKeyDatabase.Configuration config) throws Exception - Throws:
Exception
-
updateModifiedServerKey
private void updateModifiedServerKey(PublicKey serverKey, org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier.HostEntryPair entry, Path path) throws IOException - Throws:
IOException
-
parsePort
-
toSshdSocketAddress
-
getCandidates
private Collection<org.apache.sshd.common.util.net.SshdSocketAddress> getCandidates(@NonNull String connectAddress, @NonNull InetSocketAddress remoteAddress) -
createHostKeyLine
private String createHostKeyLine(Collection<org.apache.sshd.common.util.net.SshdSocketAddress> patterns, PublicKey key, ServerKeyDatabase.Configuration config) throws Exception - Throws:
Exception
-
updateHostKeyLine
- Throws:
IOException
-