public class OpenSshServerKeyDatabase extends Object implements ServerKeyDatabase
StrictHostKeyChecking
and
UserKnownHostsFile
values from the ssh configuration.
The verifier can be given default known_hosts files in the constructor, which
will be used if the ssh config does not specify a UserKnownHostsFile
.
If the ssh config does set UserKnownHostsFile
, the verifier
uses the given files in the order given. Non-existing or unreadable files are
ignored.
StrictHostKeyChecking
accepts the following values:
If StrictHostKeyChecking
is not set, or set to any other value, the
default value ask is active.
This implementation relies on the ClientSession
being a
JGitClientSession
. By default Apache MINA sshd does not forward the
config file host entry to the session, so it would be unknown here which
entry it was and what setting of StrictHostKeyChecking
should be
used. If used with some other session type, the implementation assumes
"ask".
Asking the user is done via a CredentialsProvider
obtained from the
session. If none is set, the implementation falls back to strict host key
checking ("yes").
Note that adding a key to the known hosts file may create the file. You can specify in the constructor whether the user shall be asked about that, too. If the user declines updating the file, but the key was otherwise accepted (user confirmed for "ask", or "no" or "accept-new" are active), the key is accepted for this session only.
If several known hosts files are specified, a new key is always added to the first file (even if it doesn't exist yet; see the note about file creation above).
ServerKeyDatabase.Configuration
Constructor and Description |
---|
OpenSshServerKeyDatabase(boolean askAboutNewFile,
List<Path> defaultFiles)
Creates a new
OpenSshServerKeyDatabase . |
Modifier and Type | Method and Description |
---|---|
boolean |
accept(String connectAddress,
InetSocketAddress remoteAddress,
PublicKey serverKey,
ServerKeyDatabase.Configuration config,
CredentialsProvider provider)
Determines whether to accept a received server host key.
|
List<PublicKey> |
lookup(String connectAddress,
InetSocketAddress remoteAddress,
ServerKeyDatabase.Configuration config)
Retrieves all known host keys for the given addresses.
|
public OpenSshServerKeyDatabase(boolean askAboutNewFile, List<Path> defaultFiles)
OpenSshServerKeyDatabase
.askAboutNewFile
- whether to ask the user, if possible, about creating a new
non-existing known_hosts filedefaultFiles
- typically ~/.ssh/known_hosts and ~/.ssh/known_hosts2. May be
empty or null
, in which case no default files are
installed. The files need not exist.public List<PublicKey> lookup(@NonNull String connectAddress, @NonNull InetSocketAddress remoteAddress, @NonNull ServerKeyDatabase.Configuration config)
ServerKeyDatabase
lookup
in interface ServerKeyDatabase
connectAddress
- IP address the session tried to connect toremoteAddress
- IP address as reported for the remote end pointconfig
- giving access to potentially interesting configuration
settingspublic boolean accept(@NonNull String connectAddress, @NonNull InetSocketAddress remoteAddress, @NonNull PublicKey serverKey, @NonNull ServerKeyDatabase.Configuration config, CredentialsProvider provider)
ServerKeyDatabase
accept
in interface ServerKeyDatabase
connectAddress
- IP address the session tried to connect toremoteAddress
- IP address as reported for the remote end pointserverKey
- received from the remote endconfig
- giving access to potentially interesting configuration
settingsprovider
- for interacting with the user, if required; may be
null
true
if the serverKey is accepted, false
otherwiseCopyright © 2019 Eclipse JGit Project. All rights reserved.