org.eclipse.jgit.transport.sshd

Class SshdSessionFactory

java.lang.Object

org.eclipse.jgit.transport.SshSessionFactory

org.eclipse.jgit.transport.sshd.SshdSessionFactory

All Implemented Interfaces:

Closeable, AutoCloseable

public class SshdSessionFactory
extends SshSessionFactory
implements Closeable

A SshSessionFactory that uses Apache MINA sshd. Classes from Apache MINA sshd are kept private to avoid API evolution problems when Apache MINA sshd interfaces change.

Since:

5.2

Constructor Summary

Constructors

Constructor and Description
SshdSessionFactory() Creates a new SshdSessionFactory without key cache and a DefaultProxyDataFactory.
SshdSessionFactory(KeyCache keyCache, ProxyDataFactory proxies) Creates a new SshdSessionFactory using the given KeyCache and ProxyDataFactory.

Method Summary

Modifier and Type	Method and Description
void	close()
protected KeyPasswordProvider	createKeyPasswordProvider(CredentialsProvider provider) Creates a KeyPasswordProvider for a new session.
protected ServerKeyDatabase	createServerKeyDatabase(File homeDir, File sshDir) Creates a ServerKeyDatabase to verify server host keys.
protected SshConfigStore	createSshConfigStore(File homeDir, File configFile, String localUserName) Obtains a SshConfigStore, or null if not SSH config is to be used.
protected List<Path>	getDefaultIdentities(File sshDir) Gets a list of default identities, i.e., private key files that shall always be tried for public key authentication.
protected Iterable<KeyPair>	getDefaultKeys(File sshDir) Determines the default keys.
protected List<Path>	getDefaultKnownHostsFiles(File sshDir) Gets the list of default user known hosts files.
protected String	getDefaultPreferredAuthentications() Gets the list of default preferred authentication mechanisms.
File	getHomeDirectory() Retrieves the global user home directory
protected KeyCache	getKeyCache() Obtains the KeyCache to use to cache loaded keys.
protected ServerKeyDatabase	getServerKeyDatabase(File homeDir, File sshDir) Obtains a ServerKeyDatabase to verify server host keys.
SshdSession	getSession(URIish uri, CredentialsProvider credentialsProvider, FS fs, int tms) Opens (or reuses) a session to a host.
protected File	getSshConfig(File sshDir) Determines the ssh config file.
File	getSshDirectory() Retrieves the global .ssh directory
String	getType() The name of the type of session factory.
void	setHomeDirectory(File homeDir) Set a global directory to use as the user's home directory
void	setSshDirectory(File sshDir) Set a global directory to use as the .ssh directory

Methods inherited from class org.eclipse.jgit.transport.SshSessionFactory

getInstance, getLocalUserName, releaseSession, setInstance

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SshdSessionFactory

public SshdSessionFactory()

Creates a new SshdSessionFactory without key cache and a DefaultProxyDataFactory.

SshdSessionFactory

public SshdSessionFactory(KeyCache keyCache,
                          ProxyDataFactory proxies)

Creates a new SshdSessionFactory using the given KeyCache and ProxyDataFactory. The keyCache is used for all sessions created through this session factory; cached keys are destroyed when the session factory is closed.

Caching ssh keys in memory for an extended period of time is generally considered bad practice, but there may be circumstances where using a KeyCache is still the right choice, for instance to avoid that a user gets prompted several times for the same password for the same key. In general, however, it is preferable not to use a key cache but to use a KeyPasswordProvider that has access to some secure storage and can save and retrieve passwords from there without user interaction. Another approach is to use an ssh agent.

Note that the underlying ssh library (Apache MINA sshd) may or may not keep ssh keys in memory for unspecified periods of time irrespective of the use of a KeyCache.

Parameters:

keyCache - KeyCache to use for caching ssh keys, or null to not use a key cache

proxies - ProxyDataFactory to use, or null to not use a proxy database (in which case connections through proxies will not be possible)

Method Detail

getType

public String getType()

Description copied from class: SshSessionFactory

The name of the type of session factory.

Specified by:

getType in class SshSessionFactory

Returns:

the name of the type of session factory.

getSession

public SshdSession getSession(URIish uri,
                              CredentialsProvider credentialsProvider,
                              FS fs,
                              int tms)
                       throws TransportException

Description copied from class: SshSessionFactory

Opens (or reuses) a session to a host. The returned session is connected and authenticated and is ready for further use.

Specified by:

getSession in class SshSessionFactory

Parameters:

uri - URI of the remote host to connect to

credentialsProvider - provider to support authentication, may be null if no user input for authentication is needed

fs - the file system abstraction to use for certain file operations, such as reading configuration files

tms - connection timeout for creating the session, in milliseconds

Returns:

a connected and authenticated session for communicating with the remote host given by the uri

Throws:

TransportException - if the session could not be created

close

public void close()

Specified by:

close in interface Closeable

Specified by:

close in interface AutoCloseable

setHomeDirectory

public void setHomeDirectory(@NonNull
                             File homeDir)

Set a global directory to use as the user's home directory

Parameters:

homeDir - to use

getHomeDirectory

public File getHomeDirectory()

Retrieves the global user home directory

Returns:

the directory, or null if not set

setSshDirectory

public void setSshDirectory(@NonNull
                            File sshDir)

Set a global directory to use as the .ssh directory

Parameters:

sshDir - to use

getSshDirectory

public File getSshDirectory()

Retrieves the global .ssh directory

Returns:

the directory, or null if not set

getSshConfig

protected File getSshConfig(@NonNull
                            File sshDir)

Determines the ssh config file. The default implementation returns ~/.ssh/config. If the file does not exist and is created later it will be picked up. To not use a config file at all, return null.

Parameters:

sshDir - representing ~/.ssh/

Returns:

the file (need not exist), or null if no config file shall be used

Since:

5.5

createSshConfigStore

protected SshConfigStore createSshConfigStore(@NonNull
                                              File homeDir,
                                              File configFile,
                                              String localUserName)

Obtains a SshConfigStore, or null if not SSH config is to be used. The default implementation returns null if configFile == null and otherwise an OpenSSH-compatible store reading host entries from the given file.

Parameters:

homeDir - may be used for ~-replacements by the returned config store

configFile - to use, or null if none

localUserName - user name of the current user on the local OS

Returns:

A SshConfigStore, or null if none is to be used

Since:

5.8

getServerKeyDatabase

@NonNull
protected ServerKeyDatabase getServerKeyDatabase(@NonNull
                                                          File homeDir,
                                                          @NonNull
                                                          File sshDir)

Obtains a ServerKeyDatabase to verify server host keys. The default implementation returns a ServerKeyDatabase that recognizes the two openssh standard files ~/.ssh/known_hosts and ~/.ssh/known_hosts2 as well as any files configured via the UserKnownHostsFile option in the ssh config file.

Parameters:

homeDir - home directory to use for ~ replacement

sshDir - representing ~/.ssh/

Returns:

the ServerKeyDatabase

Since:

5.5

createServerKeyDatabase

@NonNull
protected ServerKeyDatabase createServerKeyDatabase(@NonNull
                                                             File homeDir,
                                                             @NonNull
                                                             File sshDir)

Creates a ServerKeyDatabase to verify server host keys. The default implementation returns a ServerKeyDatabase that recognizes the two openssh standard files ~/.ssh/known_hosts and ~/.ssh/known_hosts2 as well as any files configured via the UserKnownHostsFile option in the ssh config file.

Parameters:

homeDir - home directory to use for ~ replacement

sshDir - representing ~/.ssh/

Returns:

the ServerKeyDatabase

Since:

5.8

getDefaultKnownHostsFiles

@NonNull
protected List<Path> getDefaultKnownHostsFiles(@NonNull
                                                        File sshDir)

Gets the list of default user known hosts files. The default returns ~/.ssh/known_hosts and ~/.ssh/known_hosts2. The ssh config UserKnownHostsFile overrides this default.

Parameters:

sshDir -

Returns:

the possibly empty list of default known host file paths.

getDefaultKeys

@NonNull
protected Iterable<KeyPair> getDefaultKeys(@NonNull
                                                    File sshDir)

Determines the default keys. The default implementation will lazy load the default identity files.

Subclasses may override and return an Iterable of whatever keys are appropriate. If the returned iterable lazily loads keys, it should be an instance of AbstractResourceKeyPairProvider so that the session can later pass it the password provider wrapped as a FilePasswordProvider via AbstractResourceKeyPairProvider#setPasswordFinder(FilePasswordProvider) so that encrypted, password-protected keys can be loaded.

The default implementation uses exactly this mechanism; class CachingKeyPairProvider may serve as a model for a customized lazy-loading Iterable implementation

If the Iterable returned has the keys already pre-loaded or otherwise doesn't need to decrypt encrypted keys, it can be any Iterable, for instance a simple List.

Parameters:

sshDir - to look in for keys

Returns:

an Iterable over the default keys

Since:

5.3

getDefaultIdentities

@NonNull
protected List<Path> getDefaultIdentities(@NonNull
                                                   File sshDir)

Gets a list of default identities, i.e., private key files that shall always be tried for public key authentication. Typically those are ~/.ssh/id_dsa, ~/.ssh/id_rsa, and so on. The default implementation returns the files defined in SshConstants.DEFAULT_IDENTITIES.

Parameters:

sshDir - the directory that represents ~/.ssh/

Returns:

a possibly empty list of paths containing default identities (private keys)

getKeyCache

protected final KeyCache getKeyCache()

Obtains the KeyCache to use to cache loaded keys.

Returns:

the KeyCache, or null if none.

createKeyPasswordProvider

@NonNull
protected KeyPasswordProvider createKeyPasswordProvider(CredentialsProvider provider)

Creates a KeyPasswordProvider for a new session.

Parameters:

provider - the CredentialsProvider to delegate to for user interactions

Returns:

a new KeyPasswordProvider

getDefaultPreferredAuthentications

protected String getDefaultPreferredAuthentications()

Gets the list of default preferred authentication mechanisms. If null is returned the openssh default list will be in effect. If the ssh config defines PreferredAuthentications the value from the ssh config takes precedence.

Returns:

a comma-separated list of mechanism names, or null if none