Class SshdSessionFactory

java.lang.Object
org.eclipse.jgit.transport.SshSessionFactory
org.eclipse.jgit.transport.sshd.SshdSessionFactory
All Implemented Interfaces:
Closeable, AutoCloseable
Direct Known Subclasses:
SshdSessionFactoryBuilder.State.SessionFactory

public class SshdSessionFactory extends SshSessionFactory implements Closeable
A SshSessionFactory that uses Apache MINA sshd. Classes from Apache MINA sshd are kept private to avoid API evolution problems when Apache MINA sshd interfaces change.
Since:
5.2
  • Field Details

  • Constructor Details

    • SshdSessionFactory

      public SshdSessionFactory()
      Creates a new SshdSessionFactory without key cache and a DefaultProxyDataFactory.
    • SshdSessionFactory

      public SshdSessionFactory(KeyCache keyCache, ProxyDataFactory proxies)
      Creates a new SshdSessionFactory using the given KeyCache and ProxyDataFactory. The keyCache is used for all sessions created through this session factory; cached keys are destroyed when the session factory is closed.

      Caching ssh keys in memory for an extended period of time is generally considered bad practice, but there may be circumstances where using a KeyCache is still the right choice, for instance to avoid that a user gets prompted several times for the same password for the same key. In general, however, it is preferable not to use a key cache but to use a KeyPasswordProvider that has access to some secure storage and can save and retrieve passwords from there without user interaction. Another approach is to use an SSH agent.

      Note that the underlying ssh library (Apache MINA sshd) may or may not keep ssh keys in memory for unspecified periods of time irrespective of the use of a KeyCache.

      By default, the factory uses the ServiceLoader to find a ConnectorFactory for creating a Connector to connect to a running SSH agent. If it finds one, the SSH agent is used in publickey authentication. If there is none, no SSH agent will ever be contacted. Note that one can define IdentitiesOnly yes for a host entry in the ~/.ssh/config file to bypass the SSH agent in any case.

      Parameters:
      keyCache - KeyCache to use for caching ssh keys, or null to not use a key cache
      proxies - ProxyDataFactory to use, or null to not use a proxy database (in which case connections through proxies will not be possible)
  • Method Details

    • getType

      public String getType()
      Description copied from class: SshSessionFactory
      The name of the type of session factory.
      Specified by:
      getType in class SshSessionFactory
      Returns:
      the name of the type of session factory.
    • getSession

      public SshdSession getSession(URIish uri, CredentialsProvider credentialsProvider, FS fs, int tms) throws TransportException
      Description copied from class: SshSessionFactory
      Opens (or reuses) a session to a host. The returned session is connected and authenticated and is ready for further use.
      Specified by:
      getSession in class SshSessionFactory
      Parameters:
      uri - URI of the remote host to connect to
      credentialsProvider - provider to support authentication, may be null if no user input for authentication is needed
      fs - the file system abstraction to use for certain file operations, such as reading configuration files
      tms - connection timeout for creating the session, in milliseconds
      Returns:
      a connected and authenticated session for communicating with the remote host given by the uri
      Throws:
      TransportException - if the session could not be created
    • close

      public void close()
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable
    • register

      private void register(SshdSession newSession) throws IOException
      Throws:
      IOException
    • unregister

      private void unregister(SshdSession oldSession)
    • setHomeDirectory

      public void setHomeDirectory(@NonNull File homeDir)
      Set a global directory to use as the user's home directory
      Parameters:
      homeDir - to use
    • getHomeDirectory

      public File getHomeDirectory()
      Retrieves the global user home directory
      Returns:
      the directory, or null if not set
    • setSshDirectory

      public void setSshDirectory(@NonNull File sshDir)
      Set a global directory to use as the .ssh directory
      Parameters:
      sshDir - to use
    • getSshDirectory

      public File getSshDirectory()
      Retrieves the global .ssh directory
      Returns:
      the directory, or null if not set
    • getHostConfigEntryResolver

      @NonNull private org.apache.sshd.client.config.hosts.HostConfigEntryResolver getHostConfigEntryResolver(@NonNull File homeDir, @NonNull File sshDir)
      Obtain a HostConfigEntryResolver to read the ssh config file and to determine host entries for connections.
      Parameters:
      homeDir - home directory to use for ~ replacement
      sshDir - to use for looking for the config file
      Returns:
      the resolver
    • getSshConfig

      protected File getSshConfig(@NonNull File sshDir)
      Determines the ssh config file. The default implementation returns ~/.ssh/config. If the file does not exist and is created later it will be picked up. To not use a config file at all, return null.
      Parameters:
      sshDir - representing ~/.ssh/
      Returns:
      the file (need not exist), or null if no config file shall be used
      Since:
      5.5
    • createSshConfigStore

      protected SshConfigStore createSshConfigStore(@NonNull File homeDir, File configFile, String localUserName)
      Obtains a SshConfigStore, or null if not SSH config is to be used. The default implementation returns null if configFile == null and otherwise an OpenSSH-compatible store reading host entries from the given file.
      Parameters:
      homeDir - may be used for ~-replacements by the returned config store
      configFile - to use, or null if none
      localUserName - user name of the current user on the local OS
      Returns:
      A SshConfigStore, or null if none is to be used
      Since:
      5.8
    • getServerKeyDatabase

      @NonNull protected ServerKeyDatabase getServerKeyDatabase(@NonNull File homeDir, @NonNull File sshDir)
      Obtains a ServerKeyDatabase to verify server host keys. The default implementation returns a ServerKeyDatabase that recognizes the two openssh standard files ~/.ssh/known_hosts and ~/.ssh/known_hosts2 as well as any files configured via the UserKnownHostsFile option in the ssh config file.
      Parameters:
      homeDir - home directory to use for ~ replacement
      sshDir - representing ~/.ssh/
      Returns:
      the ServerKeyDatabase
      Since:
      5.5
    • createServerKeyDatabase

      @NonNull protected ServerKeyDatabase createServerKeyDatabase(@NonNull File homeDir, @NonNull File sshDir)
      Creates a ServerKeyDatabase to verify server host keys. The default implementation returns a ServerKeyDatabase that recognizes the two openssh standard files ~/.ssh/known_hosts and ~/.ssh/known_hosts2 as well as any files configured via the UserKnownHostsFile option in the ssh config file.
      Parameters:
      homeDir - home directory to use for ~ replacement
      sshDir - representing ~/.ssh/
      Returns:
      the ServerKeyDatabase
      Since:
      5.8
    • getConnectorFactory

      protected ConnectorFactory getConnectorFactory()
      Gets a ConnectorFactory. If this returns null, SSH agents are not supported.

      The default implementation uses ConnectorFactory.getDefault()

      Returns:
      the factory, or null if no SSH agent support is desired
      Since:
      6.0
    • getDefaultKnownHostsFiles

      @NonNull protected List<Path> getDefaultKnownHostsFiles(@NonNull File sshDir)
      Gets the list of default user known hosts files. The default returns ~/.ssh/known_hosts and ~/.ssh/known_hosts2. The ssh config UserKnownHostsFile overrides this default.
      Parameters:
      sshDir -
      Returns:
      the possibly empty list of default known host file paths.
    • getDefaultKeys

      @NonNull protected Iterable<KeyPair> getDefaultKeys(@NonNull File sshDir)
      Determines the default keys. The default implementation will lazy load the default identity files.

      Subclasses may override and return an Iterable of whatever keys are appropriate. If the returned iterable lazily loads keys, it should be an instance of AbstractResourceKeyPairProvider so that the session can later pass it the password provider wrapped as a FilePasswordProvider via AbstractResourceKeyPairProvider#setPasswordFinder(FilePasswordProvider) so that encrypted, password-protected keys can be loaded.

      The default implementation uses exactly this mechanism; class CachingKeyPairProvider may serve as a model for a customized lazy-loading Iterable implementation

      If the Iterable returned has the keys already pre-loaded or otherwise doesn't need to decrypt encrypted keys, it can be any Iterable, for instance a simple List.

      Parameters:
      sshDir - to look in for keys
      Returns:
      an Iterable over the default keys
      Since:
      5.3
    • toKeyIdentityProvider

      private org.apache.sshd.common.keyprovider.KeyIdentityProvider toKeyIdentityProvider(Iterable<KeyPair> keys)
      Converts an Iterable of {link KeyPair}s into a KeyIdentityProvider.
      Parameters:
      keys - to provide via the returned KeyIdentityProvider
      Returns:
      a KeyIdentityProvider that provides the given keys
    • getDefaultIdentities

      @NonNull protected List<Path> getDefaultIdentities(@NonNull File sshDir)
      Gets a list of default identities, i.e., private key files that shall always be tried for public key authentication. Typically those are ~/.ssh/id_dsa, ~/.ssh/id_rsa, and so on. The default implementation returns the files defined in SshConstants.DEFAULT_IDENTITIES.
      Parameters:
      sshDir - the directory that represents ~/.ssh/
      Returns:
      a possibly empty list of paths containing default identities (private keys)
    • getKeyCache

      protected final KeyCache getKeyCache()
      Obtains the KeyCache to use to cache loaded keys.
      Returns:
      the KeyCache, or null if none.
    • createKeyPasswordProvider

      @NonNull protected KeyPasswordProvider createKeyPasswordProvider(CredentialsProvider provider)
      Creates a KeyPasswordProvider for a new session.
      Parameters:
      provider - the CredentialsProvider to delegate to for user interactions
      Returns:
      a new KeyPasswordProvider
    • createFilePasswordProvider

      @NonNull private org.apache.sshd.common.config.keys.FilePasswordProvider createFilePasswordProvider(Supplier<KeyPasswordProvider> providerFactory)
      Creates a FilePasswordProvider for a new session.
      Parameters:
      providerFactory - providing the KeyPasswordProvider to delegate to
      Returns:
      a new FilePasswordProvider
    • getUserAuthFactories

      @NonNull private List<org.apache.sshd.client.auth.UserAuthFactory> getUserAuthFactories()
      Gets the user authentication mechanisms (or rather, factories for them). By default this returns gssapi-with-mic, public-key, password, and keyboard-interactive, in that order. The order is only significant if the ssh config does not set PreferredAuthentications; if it is set, the order defined there will be taken.
      Returns:
      the non-empty list of factories.
    • getDefaultPreferredAuthentications

      protected String getDefaultPreferredAuthentications()
      Gets the list of default preferred authentication mechanisms. If null is returned the openssh default list will be in effect. If the ssh config defines PreferredAuthentications the value from the ssh config takes precedence.
      Returns:
      a comma-separated list of mechanism names, or null if none
    • getSignatureFactories

      private static List<org.apache.sshd.common.NamedFactory<org.apache.sshd.common.signature.Signature>> getSignatureFactories()
      Apache MINA sshd 2.6.0 has removed DSA, DSA_CERT and RSA_CERT. We have to set it up explicitly to still allow users to connect with DSA keys.
      Returns:
      a list of supported signature factories