Class DefaultAuthorizedKeysAuthenticator
java.lang.Object
org.apache.sshd.common.util.logging.AbstractLoggingBean
org.apache.sshd.common.util.io.ModifiableFileWatcher
org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator
org.apache.sshd.server.config.keys.DefaultAuthorizedKeysAuthenticator
- All Implemented Interfaces:
UsernameHolder
,PublickeyAuthenticator
public class DefaultAuthorizedKeysAuthenticator
extends AuthorizedKeysAuthenticator
implements UsernameHolder
Monitors the
~/.ssh/authorized_keys
file of the user currently running the server, re-loading it if
necessary. It also (optionally) enforces the same permissions regime as OpenSSH
does for the file
permissions. By default also compares the current username with the authenticated one.- Author:
- Apache MINA SSHD Project
-
Field Summary
Modifier and TypeFieldDescriptionstatic final DefaultAuthorizedKeysAuthenticator
The default instance that enforces the same permissions regime asOpenSSH
Fields inherited from class org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator
STD_AUTHORIZED_KEYS_FILENAME
Fields inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher
options, STRICTLY_PROHIBITED_FILE_PERMISSION
Fields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean
log
-
Constructor Summary
ConstructorDescriptionDefaultAuthorizedKeysAuthenticator
(boolean strict) DefaultAuthorizedKeysAuthenticator
(String user, boolean strict) DefaultAuthorizedKeysAuthenticator
(String user, Path path, boolean strict, LinkOption... options) DefaultAuthorizedKeysAuthenticator
(Path path, boolean strict, LinkOption... options) -
Method Summary
Modifier and TypeMethodDescriptionfinal String
final boolean
isStrict()
protected boolean
isValidUsername
(String username, ServerSession session) protected Collection<AuthorizedKeyEntry>
reloadAuthorizedKeys
(Path path, String username, ServerSession session) protected Path
validateFilePath
(Path path, Collection<PosixFilePermission> perms, Collection<PosixFilePermission> excluded) Methods inherited from class org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator
authenticate, createDelegateAuthenticator, getDefaultAuthorizedKeysFile, getFallbackPublicKeyEntryResolver, readDefaultAuthorizedKeys, resolvePublickeyAuthenticator
Methods inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher
checkReloadRequired, exists, getPath, lastModified, resetReloadAttributes, size, toPathResource, toPathResource, toString, updateReloadAttributes, validateStrictConfigFilePermissions
-
Field Details
-
INSTANCE
The default instance that enforces the same permissions regime asOpenSSH
-
-
Constructor Details
-
DefaultAuthorizedKeysAuthenticator
public DefaultAuthorizedKeysAuthenticator(boolean strict) - Parameters:
strict
- Iftrue
then makes sure that the containing folder has 0700 access and the file 0600. Note: for Windows it does not check these permissions
-
DefaultAuthorizedKeysAuthenticator
-
DefaultAuthorizedKeysAuthenticator
-
DefaultAuthorizedKeysAuthenticator
public DefaultAuthorizedKeysAuthenticator(String user, Path path, boolean strict, LinkOption... options)
-
-
Method Details
-
getUsername
- Specified by:
getUsername
in interfaceUsernameHolder
-
isStrict
public final boolean isStrict() -
isValidUsername
- Overrides:
isValidUsername
in classAuthorizedKeysAuthenticator
-
reloadAuthorizedKeys
protected Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(Path path, String username, ServerSession session) throws IOException, GeneralSecurityException - Overrides:
reloadAuthorizedKeys
in classAuthorizedKeysAuthenticator
- Throws:
IOException
GeneralSecurityException
-
validateFilePath
protected Path validateFilePath(Path path, Collection<PosixFilePermission> perms, Collection<PosixFilePermission> excluded) throws IOException - Parameters:
path
- ThePath
to be validatedperms
- The currentPosixFilePermission
sexcluded
- The permissions not allowed to exist- Returns:
- The original path
- Throws:
IOException
- If an excluded permission appears in the current ones
-