public class OpenSshServerKeyDatabase extends java.lang.Object implements ServerKeyDatabase
StrictHostKeyChecking
and
UserKnownHostsFile
values from the ssh configuration.
The verifier can be given default known_hosts files in the constructor, which
will be used if the ssh config does not specify a UserKnownHostsFile
.
If the ssh config does set UserKnownHostsFile
, the verifier
uses the given files in the order given. Non-existing or unreadable files are
ignored.
StrictHostKeyChecking
accepts the following values:
If StrictHostKeyChecking
is not set, or set to any other value, the
default value ask is active.
This implementation relies on the ClientSession
being a
JGitClientSession
. By default Apache MINA sshd does not forward the
config file host entry to the session, so it would be unknown here which
entry it was and what setting of StrictHostKeyChecking
should be
used. If used with some other session type, the implementation assumes
"ask".
Asking the user is done via a CredentialsProvider
obtained from the
session. If none is set, the implementation falls back to strict host key
checking ("yes").
Note that adding a key to the known hosts file may create the file. You can specify in the constructor whether the user shall be asked about that, too. If the user declines updating the file, but the key was otherwise accepted (user confirmed for "ask", or "no" or "accept-new" are active), the key is accepted for this session only.
If several known hosts files are specified, a new key is always added to the first file (even if it doesn't exist yet; see the note about file creation above).
Modifier and Type | Class and Description |
---|---|
private static class |
OpenSshServerKeyDatabase.AskUser |
private static class |
OpenSshServerKeyDatabase.HostKeyFile |
private static class |
OpenSshServerKeyDatabase.RevokedKeyException |
ServerKeyDatabase.Configuration
Modifier and Type | Field and Description |
---|---|
private boolean |
askAboutNewFile |
private java.util.List<OpenSshServerKeyDatabase.HostKeyFile> |
defaultFiles |
private java.util.Map<java.nio.file.Path,OpenSshServerKeyDatabase.HostKeyFile> |
knownHostsFiles |
private static org.slf4j.Logger |
LOG |
private static java.lang.String |
MARKER_REVOKED
Can be used to mark revoked known host lines.
|
Constructor and Description |
---|
OpenSshServerKeyDatabase(boolean askAboutNewFile,
java.util.List<java.nio.file.Path> defaultFiles)
Creates a new
OpenSshServerKeyDatabase . |
Modifier and Type | Method and Description |
---|---|
boolean |
accept(java.lang.String connectAddress,
java.net.InetSocketAddress remoteAddress,
java.security.PublicKey serverKey,
ServerKeyDatabase.Configuration config,
CredentialsProvider provider)
Determines whether to accept a received server host key.
|
private java.util.List<OpenSshServerKeyDatabase.HostKeyFile> |
addUserHostKeyFiles(java.util.List<java.lang.String> fileNames) |
private java.lang.String |
createHostKeyLine(java.util.Collection<org.apache.sshd.common.util.net.SshdSocketAddress> patterns,
java.security.PublicKey key,
ServerKeyDatabase.Configuration config) |
private boolean |
find(java.util.Collection<org.apache.sshd.common.util.net.SshdSocketAddress> candidates,
java.security.PublicKey serverKey,
java.util.List<org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier.HostEntryPair> entries,
org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier.HostEntryPair[] modified) |
private java.util.Collection<org.apache.sshd.common.util.net.SshdSocketAddress> |
getCandidates(java.lang.String connectAddress,
java.net.InetSocketAddress remoteAddress) |
private java.util.List<OpenSshServerKeyDatabase.HostKeyFile> |
getFilesToUse(ServerKeyDatabase.Configuration config) |
java.util.List<java.security.PublicKey> |
lookup(java.lang.String connectAddress,
java.net.InetSocketAddress remoteAddress,
ServerKeyDatabase.Configuration config)
Retrieves all known host keys for the given addresses.
|
private int |
parsePort(java.lang.String s) |
private org.apache.sshd.common.util.net.SshdSocketAddress |
toSshdSocketAddress(java.lang.String address) |
private java.lang.String |
updateHostKeyLine(java.lang.String line,
java.security.PublicKey newKey) |
private void |
updateKnownHostsFile(java.util.Collection<org.apache.sshd.common.util.net.SshdSocketAddress> candidates,
java.security.PublicKey serverKey,
java.nio.file.Path path,
ServerKeyDatabase.Configuration config) |
private void |
updateModifiedServerKey(java.security.PublicKey serverKey,
org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier.HostEntryPair entry,
java.nio.file.Path path) |
private static final org.slf4j.Logger LOG
private static final java.lang.String MARKER_REVOKED
private final boolean askAboutNewFile
private final java.util.Map<java.nio.file.Path,OpenSshServerKeyDatabase.HostKeyFile> knownHostsFiles
private final java.util.List<OpenSshServerKeyDatabase.HostKeyFile> defaultFiles
public OpenSshServerKeyDatabase(boolean askAboutNewFile, java.util.List<java.nio.file.Path> defaultFiles)
OpenSshServerKeyDatabase
.askAboutNewFile
- whether to ask the user, if possible, about creating a new
non-existing known_hosts filedefaultFiles
- typically ~/.ssh/known_hosts and ~/.ssh/known_hosts2. May be
empty or null
, in which case no default files are
installed. The files need not exist.private java.util.List<OpenSshServerKeyDatabase.HostKeyFile> getFilesToUse(@NonNull ServerKeyDatabase.Configuration config)
public java.util.List<java.security.PublicKey> lookup(@NonNull java.lang.String connectAddress, @NonNull java.net.InetSocketAddress remoteAddress, @NonNull ServerKeyDatabase.Configuration config)
ServerKeyDatabase
lookup
in interface ServerKeyDatabase
connectAddress
- IP address the session tried to connect toremoteAddress
- IP address as reported for the remote end pointconfig
- giving access to potentially interesting configuration
settingspublic boolean accept(@NonNull java.lang.String connectAddress, @NonNull java.net.InetSocketAddress remoteAddress, @NonNull java.security.PublicKey serverKey, @NonNull ServerKeyDatabase.Configuration config, CredentialsProvider provider)
ServerKeyDatabase
accept
in interface ServerKeyDatabase
connectAddress
- IP address the session tried to connect toremoteAddress
- IP address as reported for the remote end pointserverKey
- received from the remote endconfig
- giving access to potentially interesting configuration
settingsprovider
- for interacting with the user, if required; may be
null
true
if the serverKey is accepted, false
otherwiseprivate boolean find(java.util.Collection<org.apache.sshd.common.util.net.SshdSocketAddress> candidates, java.security.PublicKey serverKey, java.util.List<org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier.HostEntryPair> entries, org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier.HostEntryPair[] modified) throws OpenSshServerKeyDatabase.RevokedKeyException
private java.util.List<OpenSshServerKeyDatabase.HostKeyFile> addUserHostKeyFiles(java.util.List<java.lang.String> fileNames)
private void updateKnownHostsFile(java.util.Collection<org.apache.sshd.common.util.net.SshdSocketAddress> candidates, java.security.PublicKey serverKey, java.nio.file.Path path, ServerKeyDatabase.Configuration config) throws java.lang.Exception
java.lang.Exception
private void updateModifiedServerKey(java.security.PublicKey serverKey, org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier.HostEntryPair entry, java.nio.file.Path path) throws java.io.IOException
java.io.IOException
private int parsePort(java.lang.String s)
private org.apache.sshd.common.util.net.SshdSocketAddress toSshdSocketAddress(@NonNull java.lang.String address)
private java.util.Collection<org.apache.sshd.common.util.net.SshdSocketAddress> getCandidates(@NonNull java.lang.String connectAddress, @NonNull java.net.InetSocketAddress remoteAddress)
private java.lang.String createHostKeyLine(java.util.Collection<org.apache.sshd.common.util.net.SshdSocketAddress> patterns, java.security.PublicKey key, ServerKeyDatabase.Configuration config) throws java.lang.Exception
java.lang.Exception
private java.lang.String updateHostKeyLine(java.lang.String line, java.security.PublicKey newKey) throws java.io.IOException
java.io.IOException