Module org.eclipse.jgit.ssh.apache
Package org.eclipse.jgit.transport.sshd

Class SshdSessionFactory

    • Constructor Detail

      • SshdSessionFactory

        public SshdSessionFactory​(KeyCache keyCache,
                          ProxyDataFactory proxies)
        Creates a new SshdSessionFactory using the given KeyCache and ProxyDataFactory. The keyCache is used for all sessions created through this session factory; cached keys are destroyed when the session factory is closed.

        Caching ssh keys in memory for an extended period of time is generally considered bad practice, but there may be circumstances where using a KeyCache is still the right choice, for instance to avoid that a user gets prompted several times for the same password for the same key. In general, however, it is preferable not to use a key cache but to use a KeyPasswordProvider that has access to some secure storage and can save and retrieve passwords from there without user interaction. Another approach is to use an SSH agent.

        Note that the underlying ssh library (Apache MINA sshd) may or may not keep ssh keys in memory for unspecified periods of time irrespective of the use of a KeyCache.

        By default, the factory uses the ServiceLoader to find a ConnectorFactory for creating a Connector to connect to a running SSH agent. If it finds one, the SSH agent is used in publickey authentication. If there is none, no SSH agent will ever be contacted. Note that one can define IdentitiesOnly yes for a host entry in the ~/.ssh/config file to bypass the SSH agent in any case.

        Parameters:
        keyCache - KeyCache to use for caching ssh keys, or null to not use a key cache
        proxies - ProxyDataFactory to use, or null to not use a proxy database (in which case connections through proxies will not be possible)

    • Method Detail

      • setHomeDirectory

        public void setHomeDirectory​(@NonNull
                             File homeDir)
        Set a global directory to use as the user's home directory
        Parameters:
        homeDir - to use

      • getHomeDirectory

        public File getHomeDirectory()
        Retrieves the global user home directory
        Returns:
        the directory, or null if not set

      • setSshDirectory

        public void setSshDirectory​(@NonNull
                            File sshDir)
        Set a global directory to use as the .ssh directory
        Parameters:
        sshDir - to use

      • getSshDirectory

        public File getSshDirectory()
        Retrieves the global .ssh directory
        Returns:
        the directory, or null if not set

      • getSshConfig

        protected File getSshConfig​(@NonNull
                            File sshDir)
        Determines the ssh config file. The default implementation returns ~/.ssh/config. If the file does not exist and is created later it will be picked up. To not use a config file at all, return null.
        Parameters:
        sshDir - representing ~/.ssh/
        Returns:
        the file (need not exist), or null if no config file shall be used
        Since:
        5.5

      • createSshConfigStore

        protected SshConfigStore createSshConfigStore​(@NonNull
                                              File homeDir,
                                              File configFile,
                                              String localUserName)
        Obtains a SshConfigStore, or null if not SSH config is to be used. The default implementation returns null if configFile == null and otherwise an OpenSSH-compatible store reading host entries from the given file.
        Parameters:
        homeDir - may be used for ~-replacements by the returned config store
        configFile - to use, or null if none
        localUserName - user name of the current user on the local OS
        Returns:
        A SshConfigStore, or null if none is to be used
        Since:
        5.8

      • getServerKeyDatabase

        @NonNull
protected ServerKeyDatabase getServerKeyDatabase​(@NonNull
                                                 File homeDir,
                                                 @NonNull
                                                 File sshDir)
        Obtains a ServerKeyDatabase to verify server host keys. The default implementation returns a ServerKeyDatabase that recognizes the two openssh standard files ~/.ssh/known_hosts and ~/.ssh/known_hosts2 as well as any files configured via the UserKnownHostsFile option in the ssh config file.
        Parameters:
        homeDir - home directory to use for ~ replacement
        sshDir - representing ~/.ssh/
        Returns:
        the ServerKeyDatabase
        Since:
        5.5

      • createServerKeyDatabase

        @NonNull
protected ServerKeyDatabase createServerKeyDatabase​(@NonNull
                                                    File homeDir,
                                                    @NonNull
                                                    File sshDir)
        Creates a ServerKeyDatabase to verify server host keys. The default implementation returns a ServerKeyDatabase that recognizes the two openssh standard files ~/.ssh/known_hosts and ~/.ssh/known_hosts2 as well as any files configured via the UserKnownHostsFile option in the ssh config file.
        Parameters:
        homeDir - home directory to use for ~ replacement
        sshDir - representing ~/.ssh/
        Returns:
        the ServerKeyDatabase
        Since:
        5.8

      • getDefaultKnownHostsFiles

        @NonNull
protected List<Path> getDefaultKnownHostsFiles​(@NonNull
                                               File sshDir)
        Gets the list of default user known hosts files. The default returns ~/.ssh/known_hosts and ~/.ssh/known_hosts2. The ssh config UserKnownHostsFile overrides this default.
        Parameters:
        sshDir -
        Returns:
        the possibly empty list of default known host file paths.

      • getDefaultKeys

        @NonNull
protected Iterable<KeyPair> getDefaultKeys​(@NonNull
                                           File sshDir)
        Determines the default keys. The default implementation will lazy load the default identity files.

        Subclasses may override and return an Iterable of whatever keys are appropriate. If the returned iterable lazily loads keys, it should be an instance of AbstractResourceKeyPairProvider so that the session can later pass it the password provider wrapped as a FilePasswordProvider via AbstractResourceKeyPairProvider#setPasswordFinder(FilePasswordProvider) so that encrypted, password-protected keys can be loaded.

        The default implementation uses exactly this mechanism; class CachingKeyPairProvider may serve as a model for a customized lazy-loading Iterable implementation

        If the Iterable returned has the keys already pre-loaded or otherwise doesn't need to decrypt encrypted keys, it can be any Iterable, for instance a simple List.

        Parameters:
        sshDir - to look in for keys
        Returns:
        an Iterable over the default keys
        Since:
        5.3

      • getDefaultIdentities

        @NonNull
protected List<Path> getDefaultIdentities​(@NonNull
                                          File sshDir)
        Gets a list of default identities, i.e., private key files that shall always be tried for public key authentication. Typically those are ~/.ssh/id_dsa, ~/.ssh/id_rsa, and so on. The default implementation returns the files defined in SshConstants.DEFAULT_IDENTITIES.
        Parameters:
        sshDir - the directory that represents ~/.ssh/
        Returns:
        a possibly empty list of paths containing default identities (private keys)

      • getKeyCache

        protected final KeyCache getKeyCache()
        Obtains the KeyCache to use to cache loaded keys.
        Returns:
        the KeyCache, or null if none.

      • getDefaultPreferredAuthentications

        protected String getDefaultPreferredAuthentications()
        Gets the list of default preferred authentication mechanisms. If null is returned the openssh default list will be in effect. If the ssh config defines PreferredAuthentications the value from the ssh config takes precedence.
        Returns:
        a comma-separated list of mechanism names, or null if none