Class SshdSessionFactory
- java.lang.Object
-
- org.eclipse.jgit.transport.SshSessionFactory
-
- org.eclipse.jgit.transport.sshd.SshdSessionFactory
-
- All Implemented Interfaces:
java.io.Closeable
,java.lang.AutoCloseable
- Direct Known Subclasses:
SshdSessionFactoryBuilder.State.SessionFactory
public class SshdSessionFactory extends SshSessionFactory implements java.io.Closeable
ASshSessionFactory
that uses Apache MINA sshd. Classes from Apache MINA sshd are kept private to avoid API evolution problems when Apache MINA sshd interfaces change.- Since:
- 5.2
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static class
SshdSessionFactory.Tuple
A simple general map key.
-
Field Summary
Fields Modifier and Type Field Description private java.util.concurrent.atomic.AtomicBoolean
closing
private java.util.Map<SshdSessionFactory.Tuple,org.apache.sshd.client.config.hosts.HostConfigEntryResolver>
defaultHostConfigEntryResolver
private java.util.Map<SshdSessionFactory.Tuple,java.lang.Iterable<java.security.KeyPair>>
defaultKeys
private java.util.Map<SshdSessionFactory.Tuple,ServerKeyDatabase>
defaultServerKeyDatabase
private java.io.File
homeDirectory
private KeyCache
keyCache
private static java.lang.String
MINA_SSHD
private ProxyDataFactory
proxies
private java.util.Set<SshdSession>
sessions
private java.io.File
sshDirectory
-
Constructor Summary
Constructors Constructor Description SshdSessionFactory()
Creates a newSshdSessionFactory
without key cache and aDefaultProxyDataFactory
.SshdSessionFactory(KeyCache keyCache, ProxyDataFactory proxies)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
close()
private org.apache.sshd.common.config.keys.FilePasswordProvider
createFilePasswordProvider(java.util.function.Supplier<KeyPasswordProvider> providerFactory)
Creates aFilePasswordProvider
for a new session.protected KeyPasswordProvider
createKeyPasswordProvider(CredentialsProvider provider)
Creates aKeyPasswordProvider
for a new session.protected ServerKeyDatabase
createServerKeyDatabase(java.io.File homeDir, java.io.File sshDir)
Creates aServerKeyDatabase
to verify server host keys.protected SshConfigStore
createSshConfigStore(java.io.File homeDir, java.io.File configFile, java.lang.String localUserName)
Obtains aSshConfigStore
, ornull
if not SSH config is to be used.protected java.util.List<java.nio.file.Path>
getDefaultIdentities(java.io.File sshDir)
Gets a list of default identities, i.e., private key files that shall always be tried for public key authentication.protected java.lang.Iterable<java.security.KeyPair>
getDefaultKeys(java.io.File sshDir)
Determines the default keys.protected java.util.List<java.nio.file.Path>
getDefaultKnownHostsFiles(java.io.File sshDir)
Gets the list of default user known hosts files.protected java.lang.String
getDefaultPreferredAuthentications()
Gets the list of default preferred authentication mechanisms.java.io.File
getHomeDirectory()
Retrieves the global user home directoryprivate org.apache.sshd.client.config.hosts.HostConfigEntryResolver
getHostConfigEntryResolver(java.io.File homeDir, java.io.File sshDir)
Obtain aHostConfigEntryResolver
to read the ssh config file and to determine host entries for connections.protected KeyCache
getKeyCache()
Obtains theKeyCache
to use to cache loaded keys.protected ServerKeyDatabase
getServerKeyDatabase(java.io.File homeDir, java.io.File sshDir)
Obtains aServerKeyDatabase
to verify server host keys.SshdSession
getSession(URIish uri, CredentialsProvider credentialsProvider, FS fs, int tms)
Opens (or reuses) a session to a host.protected java.io.File
getSshConfig(java.io.File sshDir)
Determines the ssh config file.java.io.File
getSshDirectory()
Retrieves the global .ssh directoryjava.lang.String
getType()
The name of the type of session factory.private java.util.List<org.apache.sshd.client.auth.UserAuthFactory>
getUserAuthFactories()
Gets the user authentication mechanisms (or rather, factories for them).private void
register(SshdSession newSession)
void
setHomeDirectory(java.io.File homeDir)
Set a global directory to use as the user's home directoryvoid
setSshDirectory(java.io.File sshDir)
Set a global directory to use as the .ssh directoryprivate org.apache.sshd.common.keyprovider.KeyIdentityProvider
toKeyIdentityProvider(java.lang.Iterable<java.security.KeyPair> keys)
Converts anIterable
of {link KeyPair}s into aKeyIdentityProvider
.private void
unregister(SshdSession oldSession)
-
Methods inherited from class org.eclipse.jgit.transport.SshSessionFactory
getInstance, getLocalUserName, releaseSession, setInstance
-
-
-
-
Field Detail
-
MINA_SSHD
private static final java.lang.String MINA_SSHD
- See Also:
- Constant Field Values
-
closing
private final java.util.concurrent.atomic.AtomicBoolean closing
-
sessions
private final java.util.Set<SshdSession> sessions
-
defaultHostConfigEntryResolver
private final java.util.Map<SshdSessionFactory.Tuple,org.apache.sshd.client.config.hosts.HostConfigEntryResolver> defaultHostConfigEntryResolver
-
defaultServerKeyDatabase
private final java.util.Map<SshdSessionFactory.Tuple,ServerKeyDatabase> defaultServerKeyDatabase
-
defaultKeys
private final java.util.Map<SshdSessionFactory.Tuple,java.lang.Iterable<java.security.KeyPair>> defaultKeys
-
keyCache
private final KeyCache keyCache
-
proxies
private final ProxyDataFactory proxies
-
sshDirectory
private java.io.File sshDirectory
-
homeDirectory
private java.io.File homeDirectory
-
-
Constructor Detail
-
SshdSessionFactory
public SshdSessionFactory()
Creates a newSshdSessionFactory
without key cache and aDefaultProxyDataFactory
.
-
SshdSessionFactory
public SshdSessionFactory(KeyCache keyCache, ProxyDataFactory proxies)
Creates a newSshdSessionFactory
using the givenKeyCache
andProxyDataFactory
. ThekeyCache
is used for all sessions created through this session factory; cached keys are destroyed when the session factory isclosed
.Caching ssh keys in memory for an extended period of time is generally considered bad practice, but there may be circumstances where using a
KeyCache
is still the right choice, for instance to avoid that a user gets prompted several times for the same password for the same key. In general, however, it is preferable not to use a key cache but to use aKeyPasswordProvider
that has access to some secure storage and can save and retrieve passwords from there without user interaction. Another approach is to use an ssh agent.Note that the underlying ssh library (Apache MINA sshd) may or may not keep ssh keys in memory for unspecified periods of time irrespective of the use of a
KeyCache
.- Parameters:
keyCache
-KeyCache
to use for caching ssh keys, ornull
to not use a key cacheproxies
-ProxyDataFactory
to use, ornull
to not use a proxy database (in which case connections through proxies will not be possible)
-
-
Method Detail
-
getType
public java.lang.String getType()
Description copied from class:SshSessionFactory
The name of the type of session factory.- Specified by:
getType
in classSshSessionFactory
- Returns:
- the name of the type of session factory.
-
getSession
public SshdSession getSession(URIish uri, CredentialsProvider credentialsProvider, FS fs, int tms) throws TransportException
Description copied from class:SshSessionFactory
Opens (or reuses) a session to a host. The returned session is connected and authenticated and is ready for further use.- Specified by:
getSession
in classSshSessionFactory
- Parameters:
uri
- URI of the remote host to connect tocredentialsProvider
- provider to support authentication, may benull
if no user input for authentication is neededfs
- the file system abstraction to use for certain file operations, such as reading configuration filestms
- connection timeout for creating the session, in milliseconds- Returns:
- a connected and authenticated session for communicating with the
remote host given by the
uri
- Throws:
TransportException
- if the session could not be created
-
close
public void close()
- Specified by:
close
in interfacejava.lang.AutoCloseable
- Specified by:
close
in interfacejava.io.Closeable
-
register
private void register(SshdSession newSession) throws java.io.IOException
- Throws:
java.io.IOException
-
unregister
private void unregister(SshdSession oldSession)
-
setHomeDirectory
public void setHomeDirectory(@NonNull java.io.File homeDir)
Set a global directory to use as the user's home directory- Parameters:
homeDir
- to use
-
getHomeDirectory
public java.io.File getHomeDirectory()
Retrieves the global user home directory- Returns:
- the directory, or
null
if not set
-
setSshDirectory
public void setSshDirectory(@NonNull java.io.File sshDir)
Set a global directory to use as the .ssh directory- Parameters:
sshDir
- to use
-
getSshDirectory
public java.io.File getSshDirectory()
Retrieves the global .ssh directory- Returns:
- the directory, or
null
if not set
-
getHostConfigEntryResolver
@NonNull private org.apache.sshd.client.config.hosts.HostConfigEntryResolver getHostConfigEntryResolver(@NonNull java.io.File homeDir, @NonNull java.io.File sshDir)
Obtain aHostConfigEntryResolver
to read the ssh config file and to determine host entries for connections.- Parameters:
homeDir
- home directory to use for ~ replacementsshDir
- to use for looking for the config file- Returns:
- the resolver
-
getSshConfig
protected java.io.File getSshConfig(@NonNull java.io.File sshDir)
Determines the ssh config file. The default implementation returns ~/.ssh/config. If the file does not exist and is created later it will be picked up. To not use a config file at all, returnnull
.- Parameters:
sshDir
- representing ~/.ssh/- Returns:
- the file (need not exist), or
null
if no config file shall be used - Since:
- 5.5
-
createSshConfigStore
protected SshConfigStore createSshConfigStore(@NonNull java.io.File homeDir, java.io.File configFile, java.lang.String localUserName)
Obtains aSshConfigStore
, ornull
if not SSH config is to be used. The default implementation returnsnull
ifconfigFile == null
and otherwise an OpenSSH-compatible store reading host entries from the given file.- Parameters:
homeDir
- may be used for ~-replacements by the returned config storeconfigFile
- to use, ornull
if nonelocalUserName
- user name of the current user on the local OS- Returns:
- A
SshConfigStore
, ornull
if none is to be used - Since:
- 5.8
-
getServerKeyDatabase
@NonNull protected ServerKeyDatabase getServerKeyDatabase(@NonNull java.io.File homeDir, @NonNull java.io.File sshDir)
Obtains aServerKeyDatabase
to verify server host keys. The default implementation returns aServerKeyDatabase
that recognizes the two openssh standard files~/.ssh/known_hosts
and~/.ssh/known_hosts2
as well as any files configured via theUserKnownHostsFile
option in the ssh config file.- Parameters:
homeDir
- home directory to use for ~ replacementsshDir
- representing ~/.ssh/- Returns:
- the
ServerKeyDatabase
- Since:
- 5.5
-
createServerKeyDatabase
@NonNull protected ServerKeyDatabase createServerKeyDatabase(@NonNull java.io.File homeDir, @NonNull java.io.File sshDir)
Creates aServerKeyDatabase
to verify server host keys. The default implementation returns aServerKeyDatabase
that recognizes the two openssh standard files~/.ssh/known_hosts
and~/.ssh/known_hosts2
as well as any files configured via theUserKnownHostsFile
option in the ssh config file.- Parameters:
homeDir
- home directory to use for ~ replacementsshDir
- representing ~/.ssh/- Returns:
- the
ServerKeyDatabase
- Since:
- 5.8
-
getDefaultKnownHostsFiles
@NonNull protected java.util.List<java.nio.file.Path> getDefaultKnownHostsFiles(@NonNull java.io.File sshDir)
Gets the list of default user known hosts files. The default returns ~/.ssh/known_hosts and ~/.ssh/known_hosts2. The ssh configUserKnownHostsFile
overrides this default.- Parameters:
sshDir
-- Returns:
- the possibly empty list of default known host file paths.
-
getDefaultKeys
@NonNull protected java.lang.Iterable<java.security.KeyPair> getDefaultKeys(@NonNull java.io.File sshDir)
Determines the default keys. The default implementation will lazy load thedefault identity files
.Subclasses may override and return an
Iterable
of whatever keys are appropriate. If the returned iterable lazily loads keys, it should be an instance ofAbstractResourceKeyPairProvider
so that the session can later pass it thepassword provider
wrapped as aFilePasswordProvider
viaAbstractResourceKeyPairProvider#setPasswordFinder(FilePasswordProvider)
so that encrypted, password-protected keys can be loaded.The default implementation uses exactly this mechanism; class
CachingKeyPairProvider
may serve as a model for a customized lazy-loadingIterable
implementationIf the
Iterable
returned has the keys already pre-loaded or otherwise doesn't need to decrypt encrypted keys, it can be anyIterable
, for instance a simpleList
.- Parameters:
sshDir
- to look in for keys- Returns:
- an
Iterable
over the default keys - Since:
- 5.3
-
toKeyIdentityProvider
private org.apache.sshd.common.keyprovider.KeyIdentityProvider toKeyIdentityProvider(java.lang.Iterable<java.security.KeyPair> keys)
Converts anIterable
of {link KeyPair}s into aKeyIdentityProvider
.- Parameters:
keys
- to provide via the returnedKeyIdentityProvider
- Returns:
- a
KeyIdentityProvider
that provides the givenkeys
-
getDefaultIdentities
@NonNull protected java.util.List<java.nio.file.Path> getDefaultIdentities(@NonNull java.io.File sshDir)
Gets a list of default identities, i.e., private key files that shall always be tried for public key authentication. Typically those are ~/.ssh/id_dsa, ~/.ssh/id_rsa, and so on. The default implementation returns the files defined inSshConstants.DEFAULT_IDENTITIES
.- Parameters:
sshDir
- the directory that represents ~/.ssh/- Returns:
- a possibly empty list of paths containing default identities (private keys)
-
getKeyCache
protected final KeyCache getKeyCache()
Obtains theKeyCache
to use to cache loaded keys.- Returns:
- the
KeyCache
, ornull
if none.
-
createKeyPasswordProvider
@NonNull protected KeyPasswordProvider createKeyPasswordProvider(CredentialsProvider provider)
Creates aKeyPasswordProvider
for a new session.- Parameters:
provider
- theCredentialsProvider
to delegate to for user interactions- Returns:
- a new
KeyPasswordProvider
-
createFilePasswordProvider
@NonNull private org.apache.sshd.common.config.keys.FilePasswordProvider createFilePasswordProvider(java.util.function.Supplier<KeyPasswordProvider> providerFactory)
Creates aFilePasswordProvider
for a new session.- Parameters:
providerFactory
- providing theKeyPasswordProvider
to delegate to- Returns:
- a new
FilePasswordProvider
-
getUserAuthFactories
@NonNull private java.util.List<org.apache.sshd.client.auth.UserAuthFactory> getUserAuthFactories()
Gets the user authentication mechanisms (or rather, factories for them). By default this returns gssapi-with-mic, public-key, password, and keyboard-interactive, in that order. The order is only significant if the ssh config does not setPreferredAuthentications
; if it is set, the order defined there will be taken.- Returns:
- the non-empty list of factories.
-
getDefaultPreferredAuthentications
protected java.lang.String getDefaultPreferredAuthentications()
Gets the list of default preferred authentication mechanisms. Ifnull
is returned the openssh default list will be in effect. If the ssh config definesPreferredAuthentications
the value from the ssh config takes precedence.- Returns:
- a comma-separated list of mechanism names, or
null
if none
-
-