SshdSessionFactory.java

  1. /*
  2.  * Copyright (C) 2018, 2020 Thomas Wolf <thomas.wolf@paranor.ch> and others
  3.  *
  4.  * This program and the accompanying materials are made available under the
  5.  * terms of the Eclipse Distribution License v. 1.0 which is available at
  6.  * https://www.eclipse.org/org/documents/edl-v10.php.
  7.  *
  8.  * SPDX-License-Identifier: BSD-3-Clause
  9.  */
  10. package org.eclipse.jgit.transport.sshd;

  12. import java.io.Closeable;
  13. import java.io.File;
  14. import java.io.IOException;
  15. import java.nio.file.Files;
  16. import java.nio.file.Path;
  17. import java.security.KeyPair;
  18. import java.time.Duration;
  19. import java.util.ArrayList;
  20. import java.util.Arrays;
  21. import java.util.Collections;
  22. import java.util.HashSet;
  23. import java.util.List;
  24. import java.util.Map;
  25. import java.util.Set;
  26. import java.util.concurrent.ConcurrentHashMap;
  27. import java.util.concurrent.atomic.AtomicBoolean;
  28. import java.util.function.Supplier;
  29. import java.util.stream.Collectors;

  31. import org.apache.sshd.client.ClientBuilder;
  32. import org.apache.sshd.client.SshClient;
  33. import org.apache.sshd.client.auth.UserAuthFactory;
  34. import org.apache.sshd.client.auth.keyboard.UserAuthKeyboardInteractiveFactory;
  35. import org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyFactory;
  36. import org.apache.sshd.client.config.hosts.HostConfigEntryResolver;
  37. import org.apache.sshd.common.SshException;
  38. import org.apache.sshd.common.NamedFactory;
  39. import org.apache.sshd.common.compression.BuiltinCompressions;
  40. import org.apache.sshd.common.config.keys.FilePasswordProvider;
  41. import org.apache.sshd.common.config.keys.loader.openssh.kdf.BCryptKdfOptions;
  42. import org.apache.sshd.common.keyprovider.KeyIdentityProvider;
  43. import org.apache.sshd.common.signature.BuiltinSignatures;
  44. import org.apache.sshd.common.signature.Signature;
  45. import org.eclipse.jgit.annotations.NonNull;
  46. import org.eclipse.jgit.errors.TransportException;
  47. import org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile;
  48. import org.eclipse.jgit.internal.transport.sshd.AuthenticationCanceledException;
  49. import org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider;
  50. import org.eclipse.jgit.internal.transport.sshd.GssApiWithMicAuthFactory;
  51. import org.eclipse.jgit.internal.transport.sshd.JGitPasswordAuthFactory;
  52. import org.eclipse.jgit.internal.transport.sshd.JGitServerKeyVerifier;
  53. import org.eclipse.jgit.internal.transport.sshd.JGitSshClient;
  54. import org.eclipse.jgit.internal.transport.sshd.JGitSshConfig;
  55. import org.eclipse.jgit.internal.transport.sshd.JGitUserInteraction;
  56. import org.eclipse.jgit.internal.transport.sshd.OpenSshServerKeyDatabase;
  57. import org.eclipse.jgit.internal.transport.sshd.PasswordProviderWrapper;
  58. import org.eclipse.jgit.internal.transport.sshd.SshdText;
  59. import org.eclipse.jgit.transport.CredentialsProvider;
  60. import org.eclipse.jgit.transport.SshConfigStore;
  61. import org.eclipse.jgit.transport.SshConstants;
  62. import org.eclipse.jgit.transport.SshSessionFactory;
  63. import org.eclipse.jgit.transport.URIish;
  64. import org.eclipse.jgit.util.FS;

  66. /**
  67.  * A {@link SshSessionFactory} that uses Apache MINA sshd. Classes from Apache
  68.  * MINA sshd are kept private to avoid API evolution problems when Apache MINA
  69.  * sshd interfaces change.
  70.  *
  71.  * @since 5.2
  72.  */
  73. public class SshdSessionFactory extends SshSessionFactory implements Closeable {

  75.     private static final String MINA_SSHD = "mina-sshd"; //$NON-NLS-1$

  77.     private final AtomicBoolean closing = new AtomicBoolean();

  79.     private final Set<SshdSession> sessions = new HashSet<>();

  81.     private final Map<Tuple, HostConfigEntryResolver> defaultHostConfigEntryResolver = new ConcurrentHashMap<>();

  83.     private final Map<Tuple, ServerKeyDatabase> defaultServerKeyDatabase = new ConcurrentHashMap<>();

  85.     private final Map<Tuple, Iterable<KeyPair>> defaultKeys = new ConcurrentHashMap<>();

  87.     private final KeyCache keyCache;

  89.     private final ProxyDataFactory proxies;

  91.     private File sshDirectory;

  93.     private File homeDirectory;

  95.     /**
  96.      * Creates a new {@link SshdSessionFactory} without key cache and a
  97.      * {@link DefaultProxyDataFactory}.
  98.      */
  99.     public SshdSessionFactory() {
  100.         this(null, new DefaultProxyDataFactory());
  101.     }

  103.     /**
  104.      * Creates a new {@link SshdSessionFactory} using the given {@link KeyCache}
  105.      * and {@link ProxyDataFactory}. The {@code keyCache} is used for all sessions
  106.      * created through this session factory; cached keys are destroyed when the
  107.      * session factory is {@link #close() closed}.
  108.      * <p>
  109.      * Caching ssh keys in memory for an extended period of time is generally
  110.      * considered bad practice, but there may be circumstances where using a
  111.      * {@link KeyCache} is still the right choice, for instance to avoid that a
  112.      * user gets prompted several times for the same password for the same key.
  113.      * In general, however, it is preferable <em>not</em> to use a key cache but
  114.      * to use a {@link #createKeyPasswordProvider(CredentialsProvider)
  115.      * KeyPasswordProvider} that has access to some secure storage and can save
  116.      * and retrieve passwords from there without user interaction. Another
  117.      * approach is to use an ssh agent.
  118.      * </p>
  119.      * <p>
  120.      * Note that the underlying ssh library (Apache MINA sshd) may or may not
  121.      * keep ssh keys in memory for unspecified periods of time irrespective of
  122.      * the use of a {@link KeyCache}.
  123.      * </p>
  124.      *
  125.      * @param keyCache
  126.      *            {@link KeyCache} to use for caching ssh keys, or {@code null}
  127.      *            to not use a key cache
  128.      * @param proxies
  129.      *            {@link ProxyDataFactory} to use, or {@code null} to not use a
  130.      *            proxy database (in which case connections through proxies will
  131.      *            not be possible)
  132.      */
  133.     public SshdSessionFactory(KeyCache keyCache, ProxyDataFactory proxies) {
  134.         super();
  135.         this.keyCache = keyCache;
  136.         this.proxies = proxies;
  137.         // sshd limits the number of BCrypt KDF rounds to 255 by default.
  138.         // Decrypting such a key takes about two seconds on my machine.
  139.         // I consider this limit too low. The time increases linearly with the
  140.         // number of rounds.
  141.         BCryptKdfOptions.setMaxAllowedRounds(16384);
  142.     }

  144.     @Override
  145.     public String getType() {
  146.         return MINA_SSHD;
  147.     }

  149.     /** A simple general map key. */
  150.     private static final class Tuple {
  151.         private Object[] objects;

  153.         public Tuple(Object[] objects) {
  154.             this.objects = objects;
  155.         }

  157.         @Override
  158.         public boolean equals(Object obj) {
  159.             if (obj == this) {
  160.                 return true;
  161.             }
  162.             if (obj != null && obj.getClass() == Tuple.class) {
  163.                 Tuple other = (Tuple) obj;
  164.                 return Arrays.equals(objects, other.objects);
  165.             }
  166.             return false;
  167.         }

  169.         @Override
  170.         public int hashCode() {
  171.             return Arrays.hashCode(objects);
  172.         }
  173.     }

  175.     // We can't really use a single client. Clients need to be stopped
  176.     // properly, and we don't really know when to do that. Instead we use
  177.     // a dedicated SshClient instance per session. We need a bit of caching to
  178.     // avoid re-loading the ssh config and keys repeatedly.

  180.     @Override
  181.     public SshdSession getSession(URIish uri,
  182.             CredentialsProvider credentialsProvider, FS fs, int tms)
  183.             throws TransportException {
  184.         SshdSession session = null;
  185.         try {
  186.             session = new SshdSession(uri, () -> {
  187.                 File home = getHomeDirectory();
  188.                 if (home == null) {
  189.                     // Always use the detected filesystem for the user home!
  190.                     // It makes no sense to have different "user home"
  191.                     // directories depending on what file system a repository
  192.                     // is.
  193.                     home = FS.DETECTED.userHome();
  194.                 }
  195.                 File sshDir = getSshDirectory();
  196.                 if (sshDir == null) {
  197.                     sshDir = new File(home, SshConstants.SSH_DIR);
  198.                 }
  199.                 HostConfigEntryResolver configFile = getHostConfigEntryResolver(
  200.                         home, sshDir);
  201.                 KeyIdentityProvider defaultKeysProvider = toKeyIdentityProvider(
  202.                         getDefaultKeys(sshDir));
  203.                 SshClient client = ClientBuilder.builder()
  204.                         .factory(JGitSshClient::new)
  205.                         .filePasswordProvider(createFilePasswordProvider(
  206.                                 () -> createKeyPasswordProvider(
  207.                                         credentialsProvider)))
  208.                         .hostConfigEntryResolver(configFile)
  209.                         .serverKeyVerifier(new JGitServerKeyVerifier(
  210.                                 getServerKeyDatabase(home, sshDir)))
  211.                         .signatureFactories(getSignatureFactories())
  212.                         .compressionFactories(
  213.                                 new ArrayList<>(BuiltinCompressions.VALUES))
  214.                         .build();
  215.                 client.setUserInteraction(
  216.                         new JGitUserInteraction(credentialsProvider));
  217.                 client.setUserAuthFactories(getUserAuthFactories());
  218.                 client.setKeyIdentityProvider(defaultKeysProvider);
  219.                 // JGit-specific things:
  220.                 JGitSshClient jgitClient = (JGitSshClient) client;
  221.                 jgitClient.setKeyCache(getKeyCache());
  222.                 jgitClient.setCredentialsProvider(credentialsProvider);
  223.                 jgitClient.setProxyDatabase(proxies);
  224.                 String defaultAuths = getDefaultPreferredAuthentications();
  225.                 if (defaultAuths != null) {
  226.                     jgitClient.setAttribute(
  227.                             JGitSshClient.PREFERRED_AUTHENTICATIONS,
  228.                             defaultAuths);
  229.                 }
  230.                 // Other things?
  231.                 return client;
  232.             });
  233.             session.addCloseListener(s -> unregister(s));
  234.             register(session);
  235.             session.connect(Duration.ofMillis(tms));
  236.             return session;
  237.         } catch (Exception e) {
  238.             unregister(session);
  239.             if (e instanceof TransportException) {
  240.                 throw (TransportException) e;
  241.             }
  242.             Throwable cause = e;
  243.             if (e instanceof SshException && e
  244.                     .getCause() instanceof AuthenticationCanceledException) {
  245.                 // Results in a nicer error message
  246.                 cause = e.getCause();
  247.             }
  248.             throw new TransportException(uri, cause.getMessage(), cause);
  249.         }
  250.     }

  252.     @Override
  253.     public void close() {
  254.         closing.set(true);
  255.         boolean cleanKeys = false;
  256.         synchronized (this) {
  257.             cleanKeys = sessions.isEmpty();
  258.         }
  259.         if (cleanKeys) {
  260.             KeyCache cache = getKeyCache();
  261.             if (cache != null) {
  262.                 cache.close();
  263.             }
  264.         }
  265.     }

  267.     private void register(SshdSession newSession) throws IOException {
  268.         if (newSession == null) {
  269.             return;
  270.         }
  271.         if (closing.get()) {
  272.             throw new IOException(SshdText.get().sshClosingDown);
  273.         }
  274.         synchronized (this) {
  275.             sessions.add(newSession);
  276.         }
  277.     }

  279.     private void unregister(SshdSession oldSession) {
  280.         boolean cleanKeys = false;
  281.         synchronized (this) {
  282.             sessions.remove(oldSession);
  283.             cleanKeys = closing.get() && sessions.isEmpty();
  284.         }
  285.         if (cleanKeys) {
  286.             KeyCache cache = getKeyCache();
  287.             if (cache != null) {
  288.                 cache.close();
  289.             }
  290.         }
  291.     }

  293.     /**
  294.      * Set a global directory to use as the user's home directory
  295.      *
  296.      * @param homeDir
  297.      *            to use
  298.      */
  299.     public void setHomeDirectory(@NonNull File homeDir) {
  300.         if (homeDir.isAbsolute()) {
  301.             homeDirectory = homeDir;
  302.         } else {
  303.             homeDirectory = homeDir.getAbsoluteFile();
  304.         }
  305.     }

  307.     /**
  308.      * Retrieves the global user home directory
  309.      *
  310.      * @return the directory, or {@code null} if not set
  311.      */
  312.     public File getHomeDirectory() {
  313.         return homeDirectory;
  314.     }

  316.     /**
  317.      * Set a global directory to use as the .ssh directory
  318.      *
  319.      * @param sshDir
  320.      *            to use
  321.      */
  322.     public void setSshDirectory(@NonNull File sshDir) {
  323.         if (sshDir.isAbsolute()) {
  324.             sshDirectory = sshDir;
  325.         } else {
  326.             sshDirectory = sshDir.getAbsoluteFile();
  327.         }
  328.     }

  330.     /**
  331.      * Retrieves the global .ssh directory
  332.      *
  333.      * @return the directory, or {@code null} if not set
  334.      */
  335.     public File getSshDirectory() {
  336.         return sshDirectory;
  337.     }

  339.     /**
  340.      * Obtain a {@link HostConfigEntryResolver} to read the ssh config file and
  341.      * to determine host entries for connections.
  342.      *
  343.      * @param homeDir
  344.      *            home directory to use for ~ replacement
  345.      * @param sshDir
  346.      *            to use for looking for the config file
  347.      * @return the resolver
  348.      */
  349.     @NonNull
  350.     private HostConfigEntryResolver getHostConfigEntryResolver(
  351.             @NonNull File homeDir, @NonNull File sshDir) {
  352.         return defaultHostConfigEntryResolver.computeIfAbsent(
  353.                 new Tuple(new Object[] { homeDir, sshDir }),
  354.                 t -> new JGitSshConfig(createSshConfigStore(homeDir,
  355.                         getSshConfig(sshDir), getLocalUserName())));
  356.     }

  358.     /**
  359.      * Determines the ssh config file. The default implementation returns
  360.      * ~/.ssh/config. If the file does not exist and is created later it will be
  361.      * picked up. To not use a config file at all, return {@code null}.
  362.      *
  363.      * @param sshDir
  364.      *            representing ~/.ssh/
  365.      * @return the file (need not exist), or {@code null} if no config file
  366.      *         shall be used
  367.      * @since 5.5
  368.      */
  369.     protected File getSshConfig(@NonNull File sshDir) {
  370.         return new File(sshDir, SshConstants.CONFIG);
  371.     }

  373.     /**
  374.      * Obtains a {@link SshConfigStore}, or {@code null} if not SSH config is to
  375.      * be used. The default implementation returns {@code null} if
  376.      * {@code configFile == null} and otherwise an OpenSSH-compatible store
  377.      * reading host entries from the given file.
  378.      *
  379.      * @param homeDir
  380.      *            may be used for ~-replacements by the returned config store
  381.      * @param configFile
  382.      *            to use, or {@code null} if none
  383.      * @param localUserName
  384.      *            user name of the current user on the local OS
  385.      * @return A {@link SshConfigStore}, or {@code null} if none is to be used
  386.      *
  387.      * @since 5.8
  388.      */
  389.     protected SshConfigStore createSshConfigStore(@NonNull File homeDir,
  390.             File configFile, String localUserName) {
  391.         return configFile == null ? null
  392.                 : new OpenSshConfigFile(homeDir, configFile, localUserName);
  393.     }

  395.     /**
  396.      * Obtains a {@link ServerKeyDatabase} to verify server host keys. The
  397.      * default implementation returns a {@link ServerKeyDatabase} that
  398.      * recognizes the two openssh standard files {@code ~/.ssh/known_hosts} and
  399.      * {@code ~/.ssh/known_hosts2} as well as any files configured via the
  400.      * {@code UserKnownHostsFile} option in the ssh config file.
  401.      *
  402.      * @param homeDir
  403.      *            home directory to use for ~ replacement
  404.      * @param sshDir
  405.      *            representing ~/.ssh/
  406.      * @return the {@link ServerKeyDatabase}
  407.      * @since 5.5
  408.      */
  409.     @NonNull
  410.     protected ServerKeyDatabase getServerKeyDatabase(@NonNull File homeDir,
  411.             @NonNull File sshDir) {
  412.         return defaultServerKeyDatabase.computeIfAbsent(
  413.                 new Tuple(new Object[] { homeDir, sshDir }),
  414.                 t -> createServerKeyDatabase(homeDir, sshDir));

  416.     }

  418.     /**
  419.      * Creates a {@link ServerKeyDatabase} to verify server host keys. The
  420.      * default implementation returns a {@link ServerKeyDatabase} that
  421.      * recognizes the two openssh standard files {@code ~/.ssh/known_hosts} and
  422.      * {@code ~/.ssh/known_hosts2} as well as any files configured via the
  423.      * {@code UserKnownHostsFile} option in the ssh config file.
  424.      *
  425.      * @param homeDir
  426.      *            home directory to use for ~ replacement
  427.      * @param sshDir
  428.      *            representing ~/.ssh/
  429.      * @return the {@link ServerKeyDatabase}
  430.      * @since 5.8
  431.      */
  432.     @NonNull
  433.     protected ServerKeyDatabase createServerKeyDatabase(@NonNull File homeDir,
  434.             @NonNull File sshDir) {
  435.         return new OpenSshServerKeyDatabase(true,
  436.                 getDefaultKnownHostsFiles(sshDir));
  437.     }

  439.     /**
  440.      * Gets the list of default user known hosts files. The default returns
  441.      * ~/.ssh/known_hosts and ~/.ssh/known_hosts2. The ssh config
  442.      * {@code UserKnownHostsFile} overrides this default.
  443.      *
  444.      * @param sshDir
  445.      * @return the possibly empty list of default known host file paths.
  446.      */
  447.     @NonNull
  448.     protected List<Path> getDefaultKnownHostsFiles(@NonNull File sshDir) {
  449.         return Arrays.asList(sshDir.toPath().resolve(SshConstants.KNOWN_HOSTS),
  450.                 sshDir.toPath().resolve(SshConstants.KNOWN_HOSTS + '2'));
  451.     }

  453.     /**
  454.      * Determines the default keys. The default implementation will lazy load
  455.      * the {@link #getDefaultIdentities(File) default identity files}.
  456.      * <p>
  457.      * Subclasses may override and return an {@link Iterable} of whatever keys
  458.      * are appropriate. If the returned iterable lazily loads keys, it should be
  459.      * an instance of
  460.      * {@link org.apache.sshd.common.keyprovider.AbstractResourceKeyPairProvider
  461.      * AbstractResourceKeyPairProvider} so that the session can later pass it
  462.      * the {@link #createKeyPasswordProvider(CredentialsProvider) password
  463.      * provider} wrapped as a {@link FilePasswordProvider} via
  464.      * {@link org.apache.sshd.common.keyprovider.AbstractResourceKeyPairProvider#setPasswordFinder(FilePasswordProvider)
  465.      * AbstractResourceKeyPairProvider#setPasswordFinder(FilePasswordProvider)}
  466.      * so that encrypted, password-protected keys can be loaded.
  467.      * </p>
  468.      * <p>
  469.      * The default implementation uses exactly this mechanism; class
  470.      * {@link CachingKeyPairProvider} may serve as a model for a customized
  471.      * lazy-loading {@link Iterable} implementation
  472.      * </p>
  473.      * <p>
  474.      * If the {@link Iterable} returned has the keys already pre-loaded or
  475.      * otherwise doesn't need to decrypt encrypted keys, it can be any
  476.      * {@link Iterable}, for instance a simple {@link java.util.List List}.
  477.      * </p>
  478.      *
  479.      * @param sshDir
  480.      *            to look in for keys
  481.      * @return an {@link Iterable} over the default keys
  482.      * @since 5.3
  483.      */
  484.     @NonNull
  485.     protected Iterable<KeyPair> getDefaultKeys(@NonNull File sshDir) {
  486.         List<Path> defaultIdentities = getDefaultIdentities(sshDir);
  487.         return defaultKeys.computeIfAbsent(
  488.                 new Tuple(defaultIdentities.toArray(new Path[0])),
  489.                 t -> new CachingKeyPairProvider(defaultIdentities,
  490.                         getKeyCache()));
  491.     }

  493.     /**
  494.      * Converts an {@link Iterable} of {link KeyPair}s into a
  495.      * {@link KeyIdentityProvider}.
  496.      *
  497.      * @param keys
  498.      *            to provide via the returned {@link KeyIdentityProvider}
  499.      * @return a {@link KeyIdentityProvider} that provides the given
  500.      *         {@code keys}
  501.      */
  502.     private KeyIdentityProvider toKeyIdentityProvider(Iterable<KeyPair> keys) {
  503.         if (keys instanceof KeyIdentityProvider) {
  504.             return (KeyIdentityProvider) keys;
  505.         }
  506.         return (session) -> keys;
  507.     }

  509.     /**
  510.      * Gets a list of default identities, i.e., private key files that shall
  511.      * always be tried for public key authentication. Typically those are
  512.      * ~/.ssh/id_dsa, ~/.ssh/id_rsa, and so on. The default implementation
  513.      * returns the files defined in {@link SshConstants#DEFAULT_IDENTITIES}.
  514.      *
  515.      * @param sshDir
  516.      *            the directory that represents ~/.ssh/
  517.      * @return a possibly empty list of paths containing default identities
  518.      *         (private keys)
  519.      */
  520.     @NonNull
  521.     protected List<Path> getDefaultIdentities(@NonNull File sshDir) {
  522.         return Arrays
  523.                 .asList(SshConstants.DEFAULT_IDENTITIES).stream()
  524.                 .map(s -> new File(sshDir, s).toPath()).filter(Files::exists)
  525.                 .collect(Collectors.toList());
  526.     }

  528.     /**
  529.      * Obtains the {@link KeyCache} to use to cache loaded keys.
  530.      *
  531.      * @return the {@link KeyCache}, or {@code null} if none.
  532.      */
  533.     protected final KeyCache getKeyCache() {
  534.         return keyCache;
  535.     }

  537.     /**
  538.      * Creates a {@link KeyPasswordProvider} for a new session.
  539.      *
  540.      * @param provider
  541.      *            the {@link CredentialsProvider} to delegate to for user
  542.      *            interactions
  543.      * @return a new {@link KeyPasswordProvider}
  544.      */
  545.     @NonNull
  546.     protected KeyPasswordProvider createKeyPasswordProvider(
  547.             CredentialsProvider provider) {
  548.         return new IdentityPasswordProvider(provider);
  549.     }

  551.     /**
  552.      * Creates a {@link FilePasswordProvider} for a new session.
  553.      *
  554.      * @param providerFactory
  555.      *            providing the {@link KeyPasswordProvider} to delegate to
  556.      * @return a new {@link FilePasswordProvider}
  557.      */
  558.     @NonNull
  559.     private FilePasswordProvider createFilePasswordProvider(
  560.             Supplier<KeyPasswordProvider> providerFactory) {
  561.         return new PasswordProviderWrapper(providerFactory);
  562.     }

  564.     /**
  565.      * Gets the user authentication mechanisms (or rather, factories for them).
  566.      * By default this returns gssapi-with-mic, public-key, password, and
  567.      * keyboard-interactive, in that order. The order is only significant if the
  568.      * ssh config does <em>not</em> set {@code PreferredAuthentications}; if it
  569.      * is set, the order defined there will be taken.
  570.      *
  571.      * @return the non-empty list of factories.
  572.      */
  573.     @NonNull
  574.     private List<UserAuthFactory> getUserAuthFactories() {
  575.         // About the order of password and keyboard-interactive, see upstream
  576.         // bug https://issues.apache.org/jira/projects/SSHD/issues/SSHD-866 .
  577.         // Password auth doesn't have this problem.
  578.         return Collections.unmodifiableList(
  579.                 Arrays.asList(GssApiWithMicAuthFactory.INSTANCE,
  580.                         UserAuthPublicKeyFactory.INSTANCE,
  581.                         JGitPasswordAuthFactory.INSTANCE,
  582.                         UserAuthKeyboardInteractiveFactory.INSTANCE));
  583.     }

  585.     /**
  586.      * Gets the list of default preferred authentication mechanisms. If
  587.      * {@code null} is returned the openssh default list will be in effect. If
  588.      * the ssh config defines {@code PreferredAuthentications} the value from
  589.      * the ssh config takes precedence.
  590.      *
  591.      * @return a comma-separated list of mechanism names, or {@code null} if
  592.      *         none
  593.      */
  594.     protected String getDefaultPreferredAuthentications() {
  595.         return null;
  596.     }

  598.     /**
  599.      * Apache MINA sshd 2.6.0 has removed DSA, DSA_CERT and RSA_CERT. We have to
  600.      * set it up explicitly to still allow users to connect with DSA keys.
  601.      *
  602.      * @return a list of supported signature factories
  603.      */
  604.     @SuppressWarnings("deprecation")
  605.     private static List<NamedFactory<Signature>> getSignatureFactories() {
  606.         // @formatter:off
  607.         return Arrays.asList(
  608.                 BuiltinSignatures.nistp256_cert,
  609.                 BuiltinSignatures.nistp384_cert,
  610.                 BuiltinSignatures.nistp521_cert,
  611.                 BuiltinSignatures.ed25519_cert,
  612.                 BuiltinSignatures.rsaSHA512_cert,
  613.                 BuiltinSignatures.rsaSHA256_cert,
  614.                 BuiltinSignatures.rsa_cert,
  615.                 BuiltinSignatures.nistp256,
  616.                 BuiltinSignatures.nistp384,
  617.                 BuiltinSignatures.nistp521,
  618.                 BuiltinSignatures.ed25519,
  619.                 BuiltinSignatures.sk_ecdsa_sha2_nistp256,
  620.                 BuiltinSignatures.sk_ssh_ed25519,
  621.                 BuiltinSignatures.rsaSHA512,
  622.                 BuiltinSignatures.rsaSHA256,
  623.                 BuiltinSignatures.rsa,
  624.                 BuiltinSignatures.dsa_cert,
  625.                 BuiltinSignatures.dsa);
  626.         // @formatter:on
  627.     }
  628. }
Created with JaCoCo 0.8.6.202009150832