All Classes and Interfaces
Class
Description
Provides common client/server channel functionality
Provides a common base class for channel request handlers that deal with various "
exit-XXX
"
requests.TODO Add javadoc
Provides default implementations of
ClientSession
related methodsProvides a basic useful skeleton for
Command
executionsBase implementation of ConnectionService.
A
CommandFactory
wrapper that delegates calls to a proxyBase class for the Diffie-Hellman key agreement.
Provides a basic useful skeleton for
Command
executions that require file system accessTODO Add javadoc
Provides default implementations for
ServerSession
related methods
The AbstractSession handles all the basic SSH protocol such as key exchange, authentication, encoding and decoding.
Message encoding or decoding settings as determined at the end of a key exchange.
An abstract base factory of sessions.
TODO Add javadoc
A
ForwardingFilter
that accepts all requestsAccepts all authentication attempts
Accepts all authentication attempts
A ServerKeyVerifier that accepts all server keys.
A client for a remote SSH agent
The server side fake agent, acting as an agent, but actually forwarding the requests to the auth channel on the
client side.
A local SSH agent implementation
A server for an SSH Agent
The server side fake agent, acting as an agent, but actually forwarding the requests to the auth channel on the
client side.
The server side fake agent, acting as an agent, but actually forwarding the requests to the auth channel on the
client side.
Provides different shell(s) based on some criteria of the provided
ChannelSession
Internal singleton used for initializing correctly the APR native library and the associated root memory pool.
Represents a command capable of doing non-blocking io.
An
SshFuture
for asynchronous authentication requests.Checks against a
Collection
of AuthorizedKeyEntry
s
Records the matched entry under a session attribute.Uses the authorized keys file to implement
PublickeyAuthenticator
while automatically re-loading the keys if
the file has changed when a new authentication request is received.Base class for dedicated client/server instance builders
An
IoOutputStream
capable of queuing write requests.Represents the result of
BuiltinDHFactories.parseDHFactoriesList(String)
Provides a centralized location for the default built-in authentication factories
Provides a centralized location for the default built-in authentication factories
Holds the result of
BuiltinUserAuthFactories.parseFactoriesList(String)
Holds the result of
BuiltinUserAuthFactories.parseFactoriesList(String)
Caches the result per session - compensates for
OpenSSH
behavior where it sends 2 requests with the same key
(see SSHD-300
).Handler for "cancel-tcpip-forward" global request.
Represents a channel opened over an SSH session - holds information that is common both to server and client
channels.
The client side channel that will receive requests forwards by the SSH server.
The client side channel that will receive requests forwards by the SSH server.
Marker type to avoid repeated buffering in
ChannelAsyncOutputStream.writePacket(IoWriteFutureImpl, boolean)
.Collects state variables; access is always synchronized on the single instance per stream.
Receiving end of the data stream from the client.
TODO Add javadoc
Client channel to run a remote command
Provides a simple listener for client / server channels being established or torn down.
TODO Add javadoc
TODO Add javadoc
Client side channel session
Server side channel session
Command
can implement this optional interface to receive a reference to ChannelSession
.Client channel to open a remote shell
The ChannelStreamWriter is used when writing to the channel data stream.
A special mechanism that enables users to intervene in the way packets are sent from
ChannelOutputStream
-s -
e.g., by introducing throttlingTODO Add javadoc
Client channel to run a subsystem
Implements forwarding messages received from a channel to a port in TCP/IP port forwarding.
Holds information required for the client to perform authentication with the server
SshClient builder
A client channel used to communicate with the SSH server.
Various events used by
ClientChannel.waitFor(java.util.Collection, long)
TODO Add javadoc
Client side
ssh-connection
service.The
ClientFactoryManager
enable the retrieval of additional configuration needed specifically for the
client side.Provides a way to implement proxied connections where some metadata about the client is sent before the actual
SSH protocol is executed - e.g., the <A HREF=@http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt">PROXY
protocol.
An authenticated session to a given SSH server.
The default implementation of a
ClientSession
Client side
ssh-auth
service.
Represents a command, shell or subsystem that can be used to send command.
Commands are executed on the server side when an "exec" channel is requested by the SSH client.
An
SshFuture
for asynchronous connections requests.Interface implementing ssh-connection service.
Configurable properties for sshd-core.
Simple helper class which gets GSS credential using a fixed Krb5 login configuration.
Holds the current SSH service for a
Session
.A default implementation of
AuthFuture
.Monitors the
~/.ssh/authorized_keys
file of the user currently running the server, re-loading it if
necessary.A ChannelStreamWriter that simply calls the
Channel.writePacket(Buffer)
method.Detects if the server sends a
"server-sig-algs" and updates the client
session by adding the "rsa-sha2-256/512" signature
factories (if not already added).
A default implementation of
ConnectFuture
.Requests a "tcpip-forward" action
The default
ForwarderFactory
implementation.Provides a default implementation for
KeyboardInteractiveAuthenticator
where it prompts for the password.Monitors the
~/.ssh/known_hosts
file of the user currently running the client, updating and re-loading it if
necessary.A default implementation of
OpenFuture
.A basic default implementation of a server-side
KexExtensionHandler
handling the
ServerSignatureAlgorithms
KEX extension.A
ServerKeyVerifier
that delegates verification to the instance found in the ClientSession
metadata
The verifier can be specified at the SshClient
level, which may have connections to multiple hosts.Diffie-Hellman key generator.
Base class for DHG key exchange algorithms.
Simple class holding the data for DH group key exchanges.
Elliptic Curve Diffie-Hellman key agreement.
Interface providing access to the environment map and allowing the registration of listeners for certain signals.
This interface allows retrieving all the
NamedFactory
used in the SSH protocol.TODO Add javadoc
A factory for creating forwarder objects for client port forwarding
Determines if a forwarding request will be permitted.
An exception that can be set on a
GlobalRequestFuture
to indicate that the
server sent back a failure reply.A
DefaultSshFuture
that can be used to wait for the reply of an SSH_MSG_GLOBAL_REQUEST sent with
want-reply = true
.A
ReplyHandler
is invoked asynchronously when the reply for a request with want-reply = true
is
received.Class providing basic GSS authentication services.
Provides report about the client side host-based authentication progress
Invoked when "hostbased" authentication is used
Represents a server "challenge" as per RFC-4256
A simplistic interactive shell factory
This shell have inverted streams, such as the one obtained when launching a new
Process
from java.A shell implementation that wraps an instance of
InvertedShell
as a Command
.TODO Add javadoc
Handler for "keepalive@xxx" global request.
Used to support RFC 8308
Provides a hint as to the context in which
isKexExtensionsAvailable
is invokedThe phase at which
sendKexExtensions
is invokedTODO Add javadoc
Holds KEX negotiation stage configuration
Uses an
SshAgent
to generate the identity signatureProvides pluggable authentication using the "keyboard-interactive" method as specified by
RFC-4256?
Key exchange algorithm.
Manages SSH message sending during a key exchange.
Uses a
KeyPair
to generate the identity signatureChecks against a
Collection
of PublicKey
sRepresents an entry in the internal verifier's cache
A
Window
that describes how much data this side is prepared to receive from the peer.Special exception returned by
AbstractSession.getSession(org.apache.sshd.common.io.IoSession, boolean)
to
indicate that there is no currently attached SSH sessionHelper class to load DH group primes from a file.
Provides implementation details for Montgomery curves and their key exchange algorithms Curve25519/X25519 and
Curve448/X448 specified in RFC 7748 and RFC 8731.
Special exception thrown by
AbstractSession.attachSession(org.apache.sshd.common.io.IoSession, AbstractSession)
in order to indicate an
already attached I/O sessionTODO Add javadoc
Handler for "no-more-sessions@xxx" global request.
An
SshFuture
for asynchronous channel opening requests.Holds all the data necessary to create a signed OpenSSH Certificate
A handler for the "[email protected]" request - for now, only reads the presented host key.
An initial handler for "[email protected]" request
Used to inform the about the progress of a password authentication
Used to authenticate users based on a password.
A special exception that can be thrown by the
PasswordAuthenticator
to indicate that the password requires
changing or is not string enoughFuture holding a packet pending key exchange termination.
ChannelDataReceiver
that buffers the received data into byte buffer and provides an InputStream
to
consume them.Marker interface for classes that allow to add/remove port forwarding listeners.
Bridges the I/O streams between the SSH command and the process that executes it
Executes commands by invoking the underlying shell
Serves as the base channel session for executing remote commands - including a full shell.
Provides report about the client side public key authentication progress
The
PublickeyAuthenticator
is used on the server side to authenticate user public keys.Handles Putty specific channel requests as indicated by
Appendix F: SSH-2 names specified for
PuTTY
A
ForwardingFilter
that rejects all requestsRejects all authentication attempts
Rejects all authentication attempts
A
Window
reflecting this side's view of the peer's LocalWindow
.A global request handler.
A ServerKeyVerifier that accepts one server key (specified in the constructor)
Provides a way to listen and handle the
SSH_MSG_IGNORE
and SSH_MSG_DEBUG
messages that are received
by a session, as well as proprietary and/or extension messages and behavior.Delegates the main interface methods to specific ones after having decoded each message buffer
Holds providers and helpers related to the server side authentication process
SshServer builder
Server side
ssh-connection
service.The
ServerFactoryManager
enable the retrieval of additional configuration needed specifically for the
server side.Loads server identity key files - e.g.,
/etc/ssh/ssh_host_rsa_key
The
ServerKeyVerifier
is used on the client side to authenticate the key provided by the server.Provides a way to implement proxied connections where some metadata about the client is sent before the actual
SSH protocol is executed - e.g., the <A HREF=@http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt">PROXY
protocol.
Interface that can be implemented by a command to be able to access the server session in which this command will be
used.
The default implementation for a
ServerSession
See RFC 4253 [SSH-TRANS] and the SSH_MSG_SERVICE_REQUEST packet.
Represents an SSH session.
Invoked when the internal session code decides it should disconnect a session due to some consideration.
TODO Add javadoc
A factory of client sessions.
A factory of server sessions.
Contains split code in order to make
AbstractSession
class smallerRepresents an interface receiving session events.
Marker interface for classes that allow to add/remove session listeners.
Task that iterates over all currently open
Session
s and checks each of them for timeouts.Shell(s) are executed on the server side when a "shell" channel is established
Define a listener to receive signals
Provides a simplified and synchronous view of the available SSH client functionality.
An implementation of
IoOutputStream
using a synchronous ChannelOutputStream
.A simplified synchronous API for creating client sessions
SOCKS proxy server, supporting simple socks4/5 protocols.
SSH key agent server
The
SshAgentFactory
is used to communicate with an SshAgent.A
SshAgentKeyConstraint
describes usage constraints for keys when being added to an SSH2 agent.An OpenSSH
SshAgentKeyConstraint
extension.The OpenSSH "[email protected]" key constraint extension used for FIDO keys.
An OpenSSH lifetime constraint expires a key added to an SSH agent after the given number of seconds.
Used by the
BufferedIoOutputStream
to signal a non-recoverable errorDocuments failure of a channel to open as expected.
Entry point for the client side of the SSH protocol.
Reads and interprets some useful configurations from an OpenSSH configuration file.
The SshServer class is the main entry point for the server side of the SSH protocol.
Reads and interprets some useful configurations from an OpenSSH configuration file.
A
ForwardingFilter
implementation that returns the same "static" result for all the queries.Returns the same constant result
true/false
regardlessReturns the same constant result
true/false
regardlessReturns the same constant answer
true/false
regardlessA channel that can be either configured to use synchronous or asynchrounous streams.
The type of requested connection forwarding.
TODO Add javadoc
Type of channel being created.
Handler for "tcpip-forward" global request.
Special marker interface used to signal to the forwarding filter that an exception has been caught on the forwarded
channel
TODO Add javadoc
Implementation of an unknown command that can be returned by
CommandFactory
when the command is not
known, as it is supposed to always return a valid Command
object.Represents a user authentication mechanism
Server side authentication mechanism.
Prototype user authentication handling gssapi-with-mic.
Factory class.
Manages a "keyboard-interactive" exchange according to
RFC4256
Issue a "keyboard-interactive" command according to
RFC4256
TODO Add javadoc
Implements the client-side "password" authentication mechanism
Implements the server-side "password" authentication mechanism
Implements the "publickey" authentication mechanism
TODO Add javadoc
Interface used by the ssh client to communicate with the end user.
Used to indicate at which authentication phase to send the welcome banner (if any configured)
A
Channel
implements a sliding window flow control for data packets (SSH_MSG_CHANNEL_DATA and
SSH_MSG_CHANNEL_EXTENDED_DATA packets).Indicates a
Window
has been closed.Special marker interface used to signal to the forwarding filter that an exception has been caught on the forwarded
channel
Provides Diffie-Hellman SSH key exchange algorithms for the Montgomery curves specified in RFC 8731.