Class SshdSessionFactory
- java.lang.Object
-
- org.eclipse.jgit.transport.SshSessionFactory
-
- org.eclipse.jgit.transport.sshd.SshdSessionFactory
-
- All Implemented Interfaces:
Closeable
,AutoCloseable
public class SshdSessionFactory extends SshSessionFactory implements Closeable
ASshSessionFactory
that uses Apache MINA sshd. Classes from Apache MINA sshd are kept private to avoid API evolution problems when Apache MINA sshd interfaces change.- Since:
- 5.2
-
-
Constructor Summary
Constructors Constructor Description SshdSessionFactory()
Creates a newSshdSessionFactory
without key cache and aDefaultProxyDataFactory
.SshdSessionFactory(KeyCache keyCache, ProxyDataFactory proxies)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
close()
protected KeyPasswordProvider
createKeyPasswordProvider(CredentialsProvider provider)
Creates aKeyPasswordProvider
for a new session.protected ServerKeyDatabase
createServerKeyDatabase(File homeDir, File sshDir)
Creates aServerKeyDatabase
to verify server host keys.protected SshConfigStore
createSshConfigStore(File homeDir, File configFile, String localUserName)
Obtains aSshConfigStore
, ornull
if not SSH config is to be used.protected ConnectorFactory
getConnectorFactory()
Gets aConnectorFactory
.protected List<Path>
getDefaultIdentities(File sshDir)
Gets a list of default identities, i.e., private key files that shall always be tried for public key authentication.protected Iterable<KeyPair>
getDefaultKeys(File sshDir)
Determines the default keys.protected List<Path>
getDefaultKnownHostsFiles(File sshDir)
Gets the list of default user known hosts files.protected String
getDefaultPreferredAuthentications()
Gets the list of default preferred authentication mechanisms.File
getHomeDirectory()
Retrieves the global user home directoryprotected KeyCache
getKeyCache()
Obtains theKeyCache
to use to cache loaded keys.protected ServerKeyDatabase
getServerKeyDatabase(File homeDir, File sshDir)
Obtains aServerKeyDatabase
to verify server host keys.SshdSession
getSession(URIish uri, CredentialsProvider credentialsProvider, FS fs, int tms)
Opens (or reuses) a session to a host.protected File
getSshConfig(File sshDir)
Determines the ssh config file.File
getSshDirectory()
Retrieves the global .ssh directoryString
getType()
The name of the type of session factory.void
setHomeDirectory(File homeDir)
Set a global directory to use as the user's home directoryvoid
setSshDirectory(File sshDir)
Set a global directory to use as the .ssh directory-
Methods inherited from class org.eclipse.jgit.transport.SshSessionFactory
getInstance, getLocalUserName, releaseSession, setInstance
-
-
-
-
Constructor Detail
-
SshdSessionFactory
public SshdSessionFactory()
Creates a newSshdSessionFactory
without key cache and aDefaultProxyDataFactory
.
-
SshdSessionFactory
public SshdSessionFactory(KeyCache keyCache, ProxyDataFactory proxies)
Creates a newSshdSessionFactory
using the givenKeyCache
andProxyDataFactory
. ThekeyCache
is used for all sessions created through this session factory; cached keys are destroyed when the session factory isclosed
.Caching ssh keys in memory for an extended period of time is generally considered bad practice, but there may be circumstances where using a
KeyCache
is still the right choice, for instance to avoid that a user gets prompted several times for the same password for the same key. In general, however, it is preferable not to use a key cache but to use aKeyPasswordProvider
that has access to some secure storage and can save and retrieve passwords from there without user interaction. Another approach is to use an SSH agent.Note that the underlying ssh library (Apache MINA sshd) may or may not keep ssh keys in memory for unspecified periods of time irrespective of the use of a
KeyCache
.By default, the factory uses the
ServiceLoader
to find aConnectorFactory
for creating aConnector
to connect to a running SSH agent. If it finds one, the SSH agent is used in publickey authentication. If there is none, no SSH agent will ever be contacted. Note that one can defineIdentitiesOnly yes
for a host entry in the~/.ssh/config
file to bypass the SSH agent in any case.- Parameters:
keyCache
-KeyCache
to use for caching ssh keys, ornull
to not use a key cacheproxies
-ProxyDataFactory
to use, ornull
to not use a proxy database (in which case connections through proxies will not be possible)
-
-
Method Detail
-
getType
public String getType()
Description copied from class:SshSessionFactory
The name of the type of session factory.- Specified by:
getType
in classSshSessionFactory
- Returns:
- the name of the type of session factory.
-
getSession
public SshdSession getSession(URIish uri, CredentialsProvider credentialsProvider, FS fs, int tms) throws TransportException
Description copied from class:SshSessionFactory
Opens (or reuses) a session to a host. The returned session is connected and authenticated and is ready for further use.- Specified by:
getSession
in classSshSessionFactory
- Parameters:
uri
- URI of the remote host to connect tocredentialsProvider
- provider to support authentication, may benull
if no user input for authentication is neededfs
- the file system abstraction to use for certain file operations, such as reading configuration filestms
- connection timeout for creating the session, in milliseconds- Returns:
- a connected and authenticated session for communicating with the
remote host given by the
uri
- Throws:
TransportException
- if the session could not be created
-
close
public void close()
- Specified by:
close
in interfaceAutoCloseable
- Specified by:
close
in interfaceCloseable
-
setHomeDirectory
public void setHomeDirectory(@NonNull File homeDir)
Set a global directory to use as the user's home directory- Parameters:
homeDir
- to use
-
getHomeDirectory
public File getHomeDirectory()
Retrieves the global user home directory- Returns:
- the directory, or
null
if not set
-
setSshDirectory
public void setSshDirectory(@NonNull File sshDir)
Set a global directory to use as the .ssh directory- Parameters:
sshDir
- to use
-
getSshDirectory
public File getSshDirectory()
Retrieves the global .ssh directory- Returns:
- the directory, or
null
if not set
-
getSshConfig
protected File getSshConfig(@NonNull File sshDir)
Determines the ssh config file. The default implementation returns ~/.ssh/config. If the file does not exist and is created later it will be picked up. To not use a config file at all, returnnull
.- Parameters:
sshDir
- representing ~/.ssh/- Returns:
- the file (need not exist), or
null
if no config file shall be used - Since:
- 5.5
-
createSshConfigStore
protected SshConfigStore createSshConfigStore(@NonNull File homeDir, File configFile, String localUserName)
Obtains aSshConfigStore
, ornull
if not SSH config is to be used. The default implementation returnsnull
ifconfigFile == null
and otherwise an OpenSSH-compatible store reading host entries from the given file.- Parameters:
homeDir
- may be used for ~-replacements by the returned config storeconfigFile
- to use, ornull
if nonelocalUserName
- user name of the current user on the local OS- Returns:
- A
SshConfigStore
, ornull
if none is to be used - Since:
- 5.8
-
getServerKeyDatabase
@NonNull protected ServerKeyDatabase getServerKeyDatabase(@NonNull File homeDir, @NonNull File sshDir)
Obtains aServerKeyDatabase
to verify server host keys. The default implementation returns aServerKeyDatabase
that recognizes the two openssh standard files~/.ssh/known_hosts
and~/.ssh/known_hosts2
as well as any files configured via theUserKnownHostsFile
option in the ssh config file.- Parameters:
homeDir
- home directory to use for ~ replacementsshDir
- representing ~/.ssh/- Returns:
- the
ServerKeyDatabase
- Since:
- 5.5
-
createServerKeyDatabase
@NonNull protected ServerKeyDatabase createServerKeyDatabase(@NonNull File homeDir, @NonNull File sshDir)
Creates aServerKeyDatabase
to verify server host keys. The default implementation returns aServerKeyDatabase
that recognizes the two openssh standard files~/.ssh/known_hosts
and~/.ssh/known_hosts2
as well as any files configured via theUserKnownHostsFile
option in the ssh config file.- Parameters:
homeDir
- home directory to use for ~ replacementsshDir
- representing ~/.ssh/- Returns:
- the
ServerKeyDatabase
- Since:
- 5.8
-
getConnectorFactory
protected ConnectorFactory getConnectorFactory()
Gets aConnectorFactory
. If this returnsnull
, SSH agents are not supported.The default implementation uses
ConnectorFactory.getDefault()
- Returns:
- the factory, or
null
if no SSH agent support is desired - Since:
- 6.0
-
getDefaultKnownHostsFiles
@NonNull protected List<Path> getDefaultKnownHostsFiles(@NonNull File sshDir)
Gets the list of default user known hosts files. The default returns ~/.ssh/known_hosts and ~/.ssh/known_hosts2. The ssh configUserKnownHostsFile
overrides this default.- Parameters:
sshDir
-- Returns:
- the possibly empty list of default known host file paths.
-
getDefaultKeys
@NonNull protected Iterable<KeyPair> getDefaultKeys(@NonNull File sshDir)
Determines the default keys. The default implementation will lazy load thedefault identity files
.Subclasses may override and return an
Iterable
of whatever keys are appropriate. If the returned iterable lazily loads keys, it should be an instance ofAbstractResourceKeyPairProvider
so that the session can later pass it thepassword provider
wrapped as aFilePasswordProvider
viaAbstractResourceKeyPairProvider#setPasswordFinder(FilePasswordProvider)
so that encrypted, password-protected keys can be loaded.The default implementation uses exactly this mechanism; class
CachingKeyPairProvider
may serve as a model for a customized lazy-loadingIterable
implementationIf the
Iterable
returned has the keys already pre-loaded or otherwise doesn't need to decrypt encrypted keys, it can be anyIterable
, for instance a simpleList
.- Parameters:
sshDir
- to look in for keys- Returns:
- an
Iterable
over the default keys - Since:
- 5.3
-
getDefaultIdentities
@NonNull protected List<Path> getDefaultIdentities(@NonNull File sshDir)
Gets a list of default identities, i.e., private key files that shall always be tried for public key authentication. Typically those are ~/.ssh/id_dsa, ~/.ssh/id_rsa, and so on. The default implementation returns the files defined inSshConstants.DEFAULT_IDENTITIES
.- Parameters:
sshDir
- the directory that represents ~/.ssh/- Returns:
- a possibly empty list of paths containing default identities (private keys)
-
getKeyCache
protected final KeyCache getKeyCache()
Obtains theKeyCache
to use to cache loaded keys.- Returns:
- the
KeyCache
, ornull
if none.
-
createKeyPasswordProvider
@NonNull protected KeyPasswordProvider createKeyPasswordProvider(CredentialsProvider provider)
Creates aKeyPasswordProvider
for a new session.- Parameters:
provider
- theCredentialsProvider
to delegate to for user interactions- Returns:
- a new
KeyPasswordProvider
-
getDefaultPreferredAuthentications
protected String getDefaultPreferredAuthentications()
Gets the list of default preferred authentication mechanisms. Ifnull
is returned the openssh default list will be in effect. If the ssh config definesPreferredAuthentications
the value from the ssh config takes precedence.- Returns:
- a comma-separated list of mechanism names, or
null
if none
-
-