Class DefaultAuthorizedKeysAuthenticator
- java.lang.Object
-
- org.apache.sshd.common.util.logging.AbstractLoggingBean
-
- org.apache.sshd.common.util.io.ModifiableFileWatcher
-
- org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator
-
- org.apache.sshd.server.config.keys.DefaultAuthorizedKeysAuthenticator
-
- All Implemented Interfaces:
UsernameHolder,PublickeyAuthenticator
public class DefaultAuthorizedKeysAuthenticator extends AuthorizedKeysAuthenticator implements UsernameHolder
Monitors the~/.ssh/authorized_keysfile of the user currently running the server, re-loading it if necessary. It also (optionally) enforces the same permissions regime asOpenSSHdoes for the file permissions. By default also compares the current username with the authenticated one.
-
-
Field Summary
Fields Modifier and Type Field Description static DefaultAuthorizedKeysAuthenticatorINSTANCEThe default instance that enforces the same permissions regime asOpenSSHprivate booleanstrictprivate java.lang.Stringuser-
Fields inherited from class org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator
STD_AUTHORIZED_KEYS_FILENAME
-
Fields inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher
options, STRICTLY_PROHIBITED_FILE_PERMISSION
-
Fields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean
log
-
-
Constructor Summary
Constructors Constructor Description DefaultAuthorizedKeysAuthenticator(boolean strict)DefaultAuthorizedKeysAuthenticator(java.lang.String user, boolean strict)DefaultAuthorizedKeysAuthenticator(java.lang.String user, java.nio.file.Path path, boolean strict, java.nio.file.LinkOption... options)DefaultAuthorizedKeysAuthenticator(java.nio.file.Path path, boolean strict, java.nio.file.LinkOption... options)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.StringgetUsername()booleanisStrict()protected booleanisValidUsername(java.lang.String username, ServerSession session)protected java.util.Collection<AuthorizedKeyEntry>reloadAuthorizedKeys(java.nio.file.Path path, java.lang.String username, ServerSession session)protected java.nio.file.PathvalidateFilePath(java.nio.file.Path path, java.util.Collection<java.nio.file.attribute.PosixFilePermission> perms, java.util.Collection<java.nio.file.attribute.PosixFilePermission> excluded)-
Methods inherited from class org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator
authenticate, createDelegateAuthenticator, getDefaultAuthorizedKeysFile, getFallbackPublicKeyEntryResolver, readDefaultAuthorizedKeys, resolvePublickeyAuthenticator
-
Methods inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher
checkReloadRequired, exists, getPath, lastModified, resetReloadAttributes, size, toPathResource, toPathResource, toString, updateReloadAttributes, validateStrictConfigFilePermissions
-
-
-
-
Field Detail
-
INSTANCE
public static final DefaultAuthorizedKeysAuthenticator INSTANCE
The default instance that enforces the same permissions regime asOpenSSH
-
strict
private final boolean strict
-
user
private final java.lang.String user
-
-
Constructor Detail
-
DefaultAuthorizedKeysAuthenticator
public DefaultAuthorizedKeysAuthenticator(boolean strict)
- Parameters:
strict- Iftruethen makes sure that the containing folder has 0700 access and the file 0600. Note: for Windows it does not check these permissions
-
DefaultAuthorizedKeysAuthenticator
public DefaultAuthorizedKeysAuthenticator(java.lang.String user, boolean strict)
-
DefaultAuthorizedKeysAuthenticator
public DefaultAuthorizedKeysAuthenticator(java.nio.file.Path path, boolean strict, java.nio.file.LinkOption... options)
-
DefaultAuthorizedKeysAuthenticator
public DefaultAuthorizedKeysAuthenticator(java.lang.String user, java.nio.file.Path path, boolean strict, java.nio.file.LinkOption... options)
-
-
Method Detail
-
getUsername
public final java.lang.String getUsername()
- Specified by:
getUsernamein interfaceUsernameHolder- Returns:
- The attached username - may be
null/empty if holder not yet initialized
-
isStrict
public final boolean isStrict()
-
isValidUsername
protected boolean isValidUsername(java.lang.String username, ServerSession session)- Overrides:
isValidUsernamein classAuthorizedKeysAuthenticator
-
reloadAuthorizedKeys
protected java.util.Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(java.nio.file.Path path, java.lang.String username, ServerSession session) throws java.io.IOException, java.security.GeneralSecurityException
- Overrides:
reloadAuthorizedKeysin classAuthorizedKeysAuthenticator- Throws:
java.io.IOExceptionjava.security.GeneralSecurityException
-
validateFilePath
protected java.nio.file.Path validateFilePath(java.nio.file.Path path, java.util.Collection<java.nio.file.attribute.PosixFilePermission> perms, java.util.Collection<java.nio.file.attribute.PosixFilePermission> excluded) throws java.io.IOException- Parameters:
path- ThePathto be validatedperms- The currentPosixFilePermissionsexcluded- The permissions not allowed to exist- Returns:
- The original path
- Throws:
java.io.IOException- If an excluded permission appears in the current ones
-
-