Class SshdSessionFactory

  • All Implemented Interfaces:
    java.io.Closeable, java.lang.AutoCloseable
    Direct Known Subclasses:
    SshdSessionFactoryBuilder.State.SessionFactory

    public class SshdSessionFactory
    extends SshSessionFactory
    implements java.io.Closeable
    A SshSessionFactory that uses Apache MINA sshd. Classes from Apache MINA sshd are kept private to avoid API evolution problems when Apache MINA sshd interfaces change.
    Since:
    5.2
    • Field Detail

      • closing

        private final java.util.concurrent.atomic.AtomicBoolean closing
      • sessions

        private final java.util.Set<SshdSession> sessions
      • defaultHostConfigEntryResolver

        private final java.util.Map<SshdSessionFactory.Tuple,​org.apache.sshd.client.config.hosts.HostConfigEntryResolver> defaultHostConfigEntryResolver
      • defaultKeys

        private final java.util.Map<SshdSessionFactory.Tuple,​java.lang.Iterable<java.security.KeyPair>> defaultKeys
      • keyCache

        private final KeyCache keyCache
      • sshDirectory

        private java.io.File sshDirectory
      • homeDirectory

        private java.io.File homeDirectory
    • Constructor Detail

      • SshdSessionFactory

        public SshdSessionFactory​(KeyCache keyCache,
                                  ProxyDataFactory proxies)
        Creates a new SshdSessionFactory using the given KeyCache and ProxyDataFactory. The keyCache is used for all sessions created through this session factory; cached keys are destroyed when the session factory is closed.

        Caching ssh keys in memory for an extended period of time is generally considered bad practice, but there may be circumstances where using a KeyCache is still the right choice, for instance to avoid that a user gets prompted several times for the same password for the same key. In general, however, it is preferable not to use a key cache but to use a KeyPasswordProvider that has access to some secure storage and can save and retrieve passwords from there without user interaction. Another approach is to use an SSH agent.

        Note that the underlying ssh library (Apache MINA sshd) may or may not keep ssh keys in memory for unspecified periods of time irrespective of the use of a KeyCache.

        By default, the factory uses the ServiceLoader to find a ConnectorFactory for creating a Connector to connect to a running SSH agent. If it finds one, the SSH agent is used in publickey authentication. If there is none, no SSH agent will ever be contacted. Note that one can define IdentitiesOnly yes for a host entry in the ~/.ssh/config file to bypass the SSH agent in any case.

        Parameters:
        keyCache - KeyCache to use for caching ssh keys, or null to not use a key cache
        proxies - ProxyDataFactory to use, or null to not use a proxy database (in which case connections through proxies will not be possible)
    • Method Detail

      • getType

        public java.lang.String getType()
        Description copied from class: SshSessionFactory
        The name of the type of session factory.
        Specified by:
        getType in class SshSessionFactory
        Returns:
        the name of the type of session factory.
      • getSession

        public SshdSession getSession​(URIish uri,
                                      CredentialsProvider credentialsProvider,
                                      FS fs,
                                      int tms)
                               throws TransportException
        Description copied from class: SshSessionFactory
        Opens (or reuses) a session to a host. The returned session is connected and authenticated and is ready for further use.
        Specified by:
        getSession in class SshSessionFactory
        Parameters:
        uri - URI of the remote host to connect to
        credentialsProvider - provider to support authentication, may be null if no user input for authentication is needed
        fs - the file system abstraction to use for certain file operations, such as reading configuration files
        tms - connection timeout for creating the session, in milliseconds
        Returns:
        a connected and authenticated session for communicating with the remote host given by the uri
        Throws:
        TransportException - if the session could not be created
      • close

        public void close()
        Specified by:
        close in interface java.lang.AutoCloseable
        Specified by:
        close in interface java.io.Closeable
      • register

        private void register​(SshdSession newSession)
                       throws java.io.IOException
        Throws:
        java.io.IOException
      • unregister

        private void unregister​(SshdSession oldSession)
      • setHomeDirectory

        public void setHomeDirectory​(@NonNull
                                     java.io.File homeDir)
        Set a global directory to use as the user's home directory
        Parameters:
        homeDir - to use
      • getHomeDirectory

        public java.io.File getHomeDirectory()
        Retrieves the global user home directory
        Returns:
        the directory, or null if not set
      • setSshDirectory

        public void setSshDirectory​(@NonNull
                                    java.io.File sshDir)
        Set a global directory to use as the .ssh directory
        Parameters:
        sshDir - to use
      • getSshDirectory

        public java.io.File getSshDirectory()
        Retrieves the global .ssh directory
        Returns:
        the directory, or null if not set
      • getHostConfigEntryResolver

        @NonNull
        private org.apache.sshd.client.config.hosts.HostConfigEntryResolver getHostConfigEntryResolver​(@NonNull
                                                                                                       java.io.File homeDir,
                                                                                                       @NonNull
                                                                                                       java.io.File sshDir)
        Obtain a HostConfigEntryResolver to read the ssh config file and to determine host entries for connections.
        Parameters:
        homeDir - home directory to use for ~ replacement
        sshDir - to use for looking for the config file
        Returns:
        the resolver
      • getSshConfig

        protected java.io.File getSshConfig​(@NonNull
                                            java.io.File sshDir)
        Determines the ssh config file. The default implementation returns ~/.ssh/config. If the file does not exist and is created later it will be picked up. To not use a config file at all, return null.
        Parameters:
        sshDir - representing ~/.ssh/
        Returns:
        the file (need not exist), or null if no config file shall be used
        Since:
        5.5
      • createSshConfigStore

        protected SshConfigStore createSshConfigStore​(@NonNull
                                                      java.io.File homeDir,
                                                      java.io.File configFile,
                                                      java.lang.String localUserName)
        Obtains a SshConfigStore, or null if not SSH config is to be used. The default implementation returns null if configFile == null and otherwise an OpenSSH-compatible store reading host entries from the given file.
        Parameters:
        homeDir - may be used for ~-replacements by the returned config store
        configFile - to use, or null if none
        localUserName - user name of the current user on the local OS
        Returns:
        A SshConfigStore, or null if none is to be used
        Since:
        5.8
      • getServerKeyDatabase

        @NonNull
        protected ServerKeyDatabase getServerKeyDatabase​(@NonNull
                                                         java.io.File homeDir,
                                                         @NonNull
                                                         java.io.File sshDir)
        Obtains a ServerKeyDatabase to verify server host keys. The default implementation returns a ServerKeyDatabase that recognizes the two openssh standard files ~/.ssh/known_hosts and ~/.ssh/known_hosts2 as well as any files configured via the UserKnownHostsFile option in the ssh config file.
        Parameters:
        homeDir - home directory to use for ~ replacement
        sshDir - representing ~/.ssh/
        Returns:
        the ServerKeyDatabase
        Since:
        5.5
      • createServerKeyDatabase

        @NonNull
        protected ServerKeyDatabase createServerKeyDatabase​(@NonNull
                                                            java.io.File homeDir,
                                                            @NonNull
                                                            java.io.File sshDir)
        Creates a ServerKeyDatabase to verify server host keys. The default implementation returns a ServerKeyDatabase that recognizes the two openssh standard files ~/.ssh/known_hosts and ~/.ssh/known_hosts2 as well as any files configured via the UserKnownHostsFile option in the ssh config file.
        Parameters:
        homeDir - home directory to use for ~ replacement
        sshDir - representing ~/.ssh/
        Returns:
        the ServerKeyDatabase
        Since:
        5.8
      • getDefaultKnownHostsFiles

        @NonNull
        protected java.util.List<java.nio.file.Path> getDefaultKnownHostsFiles​(@NonNull
                                                                               java.io.File sshDir)
        Gets the list of default user known hosts files. The default returns ~/.ssh/known_hosts and ~/.ssh/known_hosts2. The ssh config UserKnownHostsFile overrides this default.
        Parameters:
        sshDir -
        Returns:
        the possibly empty list of default known host file paths.
      • getDefaultKeys

        @NonNull
        protected java.lang.Iterable<java.security.KeyPair> getDefaultKeys​(@NonNull
                                                                           java.io.File sshDir)
        Determines the default keys. The default implementation will lazy load the default identity files.

        Subclasses may override and return an Iterable of whatever keys are appropriate. If the returned iterable lazily loads keys, it should be an instance of AbstractResourceKeyPairProvider so that the session can later pass it the password provider wrapped as a FilePasswordProvider via AbstractResourceKeyPairProvider#setPasswordFinder(FilePasswordProvider) so that encrypted, password-protected keys can be loaded.

        The default implementation uses exactly this mechanism; class CachingKeyPairProvider may serve as a model for a customized lazy-loading Iterable implementation

        If the Iterable returned has the keys already pre-loaded or otherwise doesn't need to decrypt encrypted keys, it can be any Iterable, for instance a simple List.

        Parameters:
        sshDir - to look in for keys
        Returns:
        an Iterable over the default keys
        Since:
        5.3
      • toKeyIdentityProvider

        private org.apache.sshd.common.keyprovider.KeyIdentityProvider toKeyIdentityProvider​(java.lang.Iterable<java.security.KeyPair> keys)
        Converts an Iterable of {link KeyPair}s into a KeyIdentityProvider.
        Parameters:
        keys - to provide via the returned KeyIdentityProvider
        Returns:
        a KeyIdentityProvider that provides the given keys
      • getDefaultIdentities

        @NonNull
        protected java.util.List<java.nio.file.Path> getDefaultIdentities​(@NonNull
                                                                          java.io.File sshDir)
        Gets a list of default identities, i.e., private key files that shall always be tried for public key authentication. Typically those are ~/.ssh/id_dsa, ~/.ssh/id_rsa, and so on. The default implementation returns the files defined in SshConstants.DEFAULT_IDENTITIES.
        Parameters:
        sshDir - the directory that represents ~/.ssh/
        Returns:
        a possibly empty list of paths containing default identities (private keys)
      • getKeyCache

        protected final KeyCache getKeyCache()
        Obtains the KeyCache to use to cache loaded keys.
        Returns:
        the KeyCache, or null if none.
      • createFilePasswordProvider

        @NonNull
        private org.apache.sshd.common.config.keys.FilePasswordProvider createFilePasswordProvider​(java.util.function.Supplier<KeyPasswordProvider> providerFactory)
        Creates a FilePasswordProvider for a new session.
        Parameters:
        providerFactory - providing the KeyPasswordProvider to delegate to
        Returns:
        a new FilePasswordProvider
      • getUserAuthFactories

        @NonNull
        private java.util.List<org.apache.sshd.client.auth.UserAuthFactory> getUserAuthFactories()
        Gets the user authentication mechanisms (or rather, factories for them). By default this returns gssapi-with-mic, public-key, password, and keyboard-interactive, in that order. The order is only significant if the ssh config does not set PreferredAuthentications; if it is set, the order defined there will be taken.
        Returns:
        the non-empty list of factories.
      • getDefaultPreferredAuthentications

        protected java.lang.String getDefaultPreferredAuthentications()
        Gets the list of default preferred authentication mechanisms. If null is returned the openssh default list will be in effect. If the ssh config defines PreferredAuthentications the value from the ssh config takes precedence.
        Returns:
        a comma-separated list of mechanism names, or null if none
      • getSignatureFactories

        private static java.util.List<org.apache.sshd.common.NamedFactory<org.apache.sshd.common.signature.Signature>> getSignatureFactories()
        Apache MINA sshd 2.6.0 has removed DSA, DSA_CERT and RSA_CERT. We have to set it up explicitly to still allow users to connect with DSA keys.
        Returns:
        a list of supported signature factories