Class CoreModuleProperties
- Author:
- Apache MINA SSHD Project
-
Field Summary
Modifier and TypeFieldDescriptionDefines if we should abort in case we encounter an invalid (e.g.static final String
The request type of agent forwarding.static final String
The agent forwarding type defined by IETF (https://tools.ietf.org/html/draft-ietf-secsh-agent-02).static final String
The agent forwarding type defined by OpenSSH.Whether allowed to fall back to DH group with SHA-1 KEX if exhausted all available primes for SHA-256.This key is used when configuring multi-step authentications.Property that can be set on theSession
in order to control the authentication timeout (millis).Key used to retrieve the value of the timeout after which it will close the connection if the other side has not been authenticated - in milliseconds.static final String
Special value that can be set for theWELCOME_BANNER
property indicating that the server should generate a banner consisting of the random art of the server's keys (if any are provided).Value used by theInvertedShellWrapper
to control copy buffer size.Key used when creating aBufferedIoOutputStream
in order to specify max.Key used when creating aBufferedIoOutputStream
in order to specify max.Key used to configure the timeout used when writing a close request on a channel.Value that can be set on theFactoryManager
or the session to configure the channel open timeout value (millis).Key used to retrieve the value of the client identification string.Key used to configure the timeout used when receiving a close request on a channel to wait until the command cleanly exits after setting an EOF on the input stream.static final int
static final long
static final long
static final long
Key used to retrieve the value of the disconnect timeout which is used when a disconnection is attempted.Used to configure the timeout (milliseconds) for receiving a response for the forwarding requestProperty that can be set on the factory manager in order to control the buffer size used to forward data from the established channelKey used to set the heartbeat interval in milliseconds (0 to disable = default)Key used to indicate that the heartbeat request is also expecting a reply - time in milliseconds to wait for the reply.Key used to check the heartbeat request that should be sent to the serverKey used to retrieve the value of idle timeout after which it will close the connection - in milliseconds.Whether to ignore invalid identities files when pre-initializing the client sessionAverage number of packets to be skipped before anSSH_MSG_IGNORE
message is inserted in the stream.Minimum size ofSSH_MSG_IGNORE
payload to send if feature enabled.The variance to be used around the configuredIGNORE_MESSAGE_FREQUENCY
value in order to avoid insertion at a set frequency.On some platforms, a call to always throws anIOException
.As per RFC-4256: The language tag is deprecated and SHOULD be the empty string.As per RFC-4256: The submethods field is included so the user can give a hint of which actual methods to use.Key used to retrieve the value of the socket connect time-out.If the peer initiates a key exchange, we send our own KEX_INIT message with the proposal.A safety value that is designed to avoid an attack that uses large channel packet sizesKey used to retrieve the value in the configuration properties map of the maximum number of failed authentication requests before the server closes the connection.Property that can be used to configure max.Key used to retrieve the value of the maximum concurrent open session count per username.Maximum amount of extended (a.k.a.static final int
Maximum allowed size of the initial identification text sent during the handshakeKey used to retrieve the value of the maximum packet size in the configuration properties map.static final int
Minimum read buffer size in bytes.A URL pointing to the moduli file.Number of NIO worker threads to use.Minimum NIO2 write wait timeout for a single outgoing packet - in millisecondsRead buffer size in bytes.Key used to retrieve the value of the socket read timeout for NIO2 session implementation - in milliseconds.Specifies the number of interactive attempts at password or keyboard-interactive user authentication before giving up.Ordered comma separated list of authentications methods.SeeDHGEXServer
.SeeDHGEXServer
.Value that can be set in order to control the type of authentication channel being requested when forwarding a PTY session.Value used to configure the type of proxy forwarding channel to be used.Value used by theInvertedShellWrapper
to control the "busy-wait" sleep time (millis) on the pumping loop if nothing was pumped - must be positive.Key re-exchange will be automatically performed after the specified number of cipher blocks has been processed - positive 64-bit value.Key re-exchange will be automatically performed after the session has sent or received the given amount of bytes.Key re-exchange will be automatically performed after the specified number of packets has been exchanged - positive 64-bit value.Key re-exchange will be automatically performed after the specified amount of time has elapsed since the last key exchange - in milliseconds.Configure whether reply for the "exec" request is requiredConfigure whether reply for the "shell" request is requiredConfigure whether reply for the "subsystem&quoot; request is requiredWhether to send the identification string immediately upon session connection being established or wait for the server's identification before sending our own.Whether to sendSSH_MSG_KEXINIT
immediately after sending the client identification string or wait until the severer's one has been received.RFC4254 does not clearly specify how to handleSSH_MSG_CHANNEL_DATA
andSSH_MSG_CHANNEL_EXTENDED_DATA
received through an unknown channel.static final char
Separator used in theSERVER_EXTRA_IDENTIFICATION_LINES
configuration string to indicate new line breakKey used to retrieve any extra lines to be sent during initial protocol handshake before the identification.Key used to retrieve the value of the server identification string.Socket backlog.Socket keep-alive.Socket linger.Socket receive buffer size.Socket reuse address.Socket send buffer size.Timeout (milliseconds) to wait for client / server stop request if immediate stop requested.Socket tcp no-delay.Configure max.Key used to retrieve the value of welcome banner that will be displayed when a user connects to the server.The charset to use if the configured welcome banner points to a file - if not specified (either as a string or aCharset
then the local default is used.Key used to denote the language code for the welcome banner (if such a banner is configured).static final Property<WelcomeBannerPhase>
TheWelcomeBannerPhase
value - either as an enum or a stringKey used to retrieve the value of the channel window size in the configuration properties map.Key used to retrieve timeout (msec.) to wait for data to become available when reading from a channel.Configuration value for theX11ForwardSupport
to control the base port number for the X11 display number socket binding.Configuration value for theX11ForwardSupport
to control the host used to bind to for the X11 display when looking for a free port.Configuration value for theX11ForwardSupport
to control from which X11 display number to start looking for a free value.Configuration value for theX11ForwardSupport
to control up to which (but not including) X11 display number to look or a free value.Configuration value for theX11ForwardSupport
to control the channel open timeout. -
Method Summary
-
Field Details
-
PROXY_AUTH_CHANNEL_TYPE
Value that can be set in order to control the type of authentication channel being requested when forwarding a PTY session. -
PREFER_UNIX_AGENT
-
CHANNEL_OPEN_TIMEOUT
Value that can be set on theFactoryManager
or the session to configure the channel open timeout value (millis). -
PROXY_CHANNEL_TYPE
Value used to configure the type of proxy forwarding channel to be used. See also https://tools.ietf.org/html/draft-ietf-secsh-agent-02 -
AUTH_SOCKET_TIMEOUT
Property that can be set on theSession
in order to control the authentication timeout (millis). -
DEFAULT_FORWARDER_BUF_SIZE
public static final int DEFAULT_FORWARDER_BUF_SIZE- See Also:
-
MIN_FORWARDER_BUF_SIZE
public static final int MIN_FORWARDER_BUF_SIZE- See Also:
-
MAX_FORWARDER_BUF_SIZE
public static final int MAX_FORWARDER_BUF_SIZE- See Also:
-
FORWARDER_BUFFER_SIZE
Property that can be set on the factory manager in order to control the buffer size used to forward data from the established channel -
PREFERRED_AUTHS
Ordered comma separated list of authentications methods. Authentications methods accepted by the server will be tried in the given order. If not configured ornull
/empty, then the session'sUserAuthFactoriesManager.getUserAuthFactories()
is used as-is -
PASSWORD_PROMPTS
Specifies the number of interactive attempts at password or keyboard-interactive user authentication before giving up. The argument to this keyword must be an integer; if <= 0, the value 1 is substituted. -
CLIENT_IDENTIFICATION
Key used to retrieve the value of the client identification string. If set, then it is appended to the (standard) "SSH-2.0-" prefix. Otherwise a default is sent that consists of "SSH-2.0-" plus the current SSHD artifact name and version in uppercase - e.g., "SSH-2.0-APACHE-SSHD-1.0.0" -
SEND_IMMEDIATE_IDENTIFICATION
Whether to send the identification string immediately upon session connection being established or wait for the server's identification before sending our own. -
SEND_IMMEDIATE_KEXINIT
Whether to sendSSH_MSG_KEXINIT
immediately after sending the client identification string or wait until the severer's one has been received.- See Also:
-
ALLOW_DHG1_KEX_FALLBACK
Whether allowed to fall back to DH group with SHA-1 KEX if exhausted all available primes for SHA-256. -
KEX_PROPOSAL_SETUP_TIMEOUT
If the peer initiates a key exchange, we send our own KEX_INIT message with the proposal. This is a last-resort timeout for waiting until we have prepared our own KEX proposal. This timeout should actually never be hit unless there is a serious deadlock somewhere and the session is never closed. It should be set to a reasonably high value; it must be at least 5 seconds and the default is 42 seconds. If the timeout is ever hit, the key exchange initiated by the peer will fail. -
HEARTBEAT_INTERVAL
Key used to set the heartbeat interval in milliseconds (0 to disable = default) -
HEARTBEAT_REQUEST
Key used to check the heartbeat request that should be sent to the server -
HEARTBEAT_REPLY_WAIT
Key used to indicate that the heartbeat request is also expecting a reply - time in milliseconds to wait for the reply. If non-positive then no reply is expected (nor requested). -
IGNORE_INVALID_IDENTITIES
Whether to ignore invalid identities files when pre-initializing the client session -
ABORT_ON_INVALID_CERTIFICATE
Defines if we should abort in case we encounter an invalid (e.g. expired) openssh certificate. -
INTERACTIVE_LANGUAGE_TAG
As per RFC-4256: The language tag is deprecated and SHOULD be the empty string. It may be removed in a future revision of this specification. Instead, the server SHOULD select the language to be used based on the tags communicated during key exchange -
INTERACTIVE_SUBMETHODS
As per RFC-4256: The submethods field is included so the user can give a hint of which actual methods to use. It is a comma-separated list of authentication submethods (software or hardware) that the user prefers. If the client has knowledge of the submethods preferred by the user, presumably through a configuration setting, it MAY use the submethods field to pass this information to the server. Otherwise, it MUST send the empty string. The actual names of the submethods is something the user and the server need to agree upon. Server interpretation of the submethods field is implementation- dependent. -
REQUEST_EXEC_REPLY
Configure whether reply for the "exec" request is required -
INPUT_STREAM_PUMP_CHUNK_SIZE
On some platforms, a call to always throws anIOException
. So we need to protect against that and chunk the call into smaller calls. This problem was found on Windows, JDK 1.6.0_03-b05. -
REQUEST_SHELL_REPLY
Configure whether reply for the "shell" request is required -
REQUEST_SUBSYSTEM_REPLY
Configure whether reply for the "subsystem&quoot; request is requiredDefault value for
REQUEST_SUBSYSTEM_REPLY
- according to RFC4254 section 6.5:It is RECOMMENDED that the reply to these messages be requested and checked.
-
PROP_DHGEX_CLIENT_MIN_KEY
-
PROP_DHGEX_CLIENT_MAX_KEY
-
PROP_DHGEX_CLIENT_PRF_KEY
-
DEFAULT_WINDOW_SIZE
public static final long DEFAULT_WINDOW_SIZE- See Also:
-
WINDOW_SIZE
Key used to retrieve the value of the channel window size in the configuration properties map. -
WINDOW_TIMEOUT
Key used to retrieve timeout (msec.) to wait for data to become available when reading from a channel. If not set or non-positive then infinite value is assumed -
BUFFERED_IO_OUTPUT_MAX_PENDING_WRITE_SIZE
Key used when creating aBufferedIoOutputStream
in order to specify max. allowed unwritten pending bytes. If this value is exceeded then the code waits up toBUFFERED_IO_OUTPUT_MAX_PENDING_WRITE_WAIT
for the pending data to be written and thus make room for the new request. -
BUFFERED_IO_OUTPUT_MAX_PENDING_WRITE_WAIT
Key used when creating aBufferedIoOutputStream
in order to specify max. wait time (msec.) for pending writes to be completed before enqueuing a new request -
DEFAULT_MAX_PACKET_SIZE
public static final long DEFAULT_MAX_PACKET_SIZE- See Also:
-
MAX_PACKET_SIZE
Key used to retrieve the value of the maximum packet size in the configuration properties map. -
DEFAULT_LIMIT_PACKET_SIZE
public static final long DEFAULT_LIMIT_PACKET_SIZE- See Also:
-
LIMIT_PACKET_SIZE
A safety value that is designed to avoid an attack that uses large channel packet sizes -
NIO_WORKERS
Number of NIO worker threads to use. -
AUTH_TIMEOUT
Key used to retrieve the value of the timeout after which it will close the connection if the other side has not been authenticated - in milliseconds. -
IDLE_TIMEOUT
Key used to retrieve the value of idle timeout after which it will close the connection - in milliseconds. -
IO_CONNECT_TIMEOUT
Key used to retrieve the value of the socket connect time-out.Connection time-outs are generally handled in Apache MINA SSHD at the application level via
ConnectFuture
.verify()
. However, the underlying I/O library may have its own connection time-out. By setting this property on anSshClient
orSshServer
, users can explicitly set this I/O connection time-out to any value. If the duration is zero or negative, or the property is not set on the client or server, the default of the I/O library used is in effect. These defaults are:I/O back-end Default connection time-out NIO2 infinite MINA 1 minute Netty 30 seconds The default value of this property is 1 minute.
-
NIO2_READ_TIMEOUT
Key used to retrieve the value of the socket read timeout for NIO2 session implementation - in milliseconds. -
NIO2_MIN_WRITE_TIMEOUT
Minimum NIO2 write wait timeout for a single outgoing packet - in milliseconds -
DISCONNECT_TIMEOUT
Key used to retrieve the value of the disconnect timeout which is used when a disconnection is attempted. If the disconnect message has not been sent before the timeout, the underlying socket will be forcibly closed - in milliseconds. -
CHANNEL_CLOSE_TIMEOUT
Key used to configure the timeout used when writing a close request on a channel. If the message can not be written before the specified timeout elapses, the channel will be immediately closed. In milliseconds. -
STOP_WAIT_TIME
Timeout (milliseconds) to wait for client / server stop request if immediate stop requested. -
SOCKET_BACKLOG
Socket backlog. SeeAsynchronousServerSocketChannel.bind(java.net.SocketAddress, int)
-
SOCKET_KEEPALIVE
Socket keep-alive. SeeStandardSocketOptions.SO_KEEPALIVE
-
SOCKET_SNDBUF
Socket send buffer size. SeeStandardSocketOptions.SO_SNDBUF
-
SOCKET_RCVBUF
Socket receive buffer size. SeeStandardSocketOptions.SO_RCVBUF
-
SOCKET_REUSEADDR
Socket reuse address. SeeStandardSocketOptions.SO_REUSEADDR
-
SOCKET_LINGER
Socket linger. SeeStandardSocketOptions.SO_LINGER
-
TCP_NODELAY
Socket tcp no-delay. SeeStandardSocketOptions.TCP_NODELAY
-
NIO2_READ_BUFFER_SIZE
Read buffer size in bytes. Has no effect on the Netty transport. The NIO2 transport uses this setting as fixed-size read buffer for all sessions. The MINA transport uses it as the initial read buffer size, MINA requires this to be in the range [64 .. 65536]; if larger, MINA uses 64kB. If not set explicitly on theSshClient
orSshServer
, or if smaller than 64, MINA will use its built-in default of 2kB. -
MIN_READ_BUFFER_SIZE
Minimum read buffer size in bytes. Has an effect only on the MINA transport and must be in the range [64..65536]. If not set, MINA by default uses 64 bytes as minimal read buffer size.If larger than
NIO2_READ_BUFFER_SIZE
, MINA will use this value also as the initial read buffer size. -
MAX_IDENTIFICATION_SIZE
Maximum allowed size of the initial identification text sent during the handshake -
REKEY_BYTES_LIMIT
Key re-exchange will be automatically performed after the session has sent or received the given amount of bytes. If non-positive, then disabled. -
REKEY_TIME_LIMIT
Key re-exchange will be automatically performed after the specified amount of time has elapsed since the last key exchange - in milliseconds. If non-positive then disabled.- See Also:
-
REKEY_PACKETS_LIMIT
Key re-exchange will be automatically performed after the specified number of packets has been exchanged - positive 64-bit value. If non-positive then disabled.- See Also:
-
REKEY_BLOCKS_LIMIT
Key re-exchange will be automatically performed after the specified number of cipher blocks has been processed - positive 64-bit value. If non-positive then disabled. The default is calculated according to RFC4344 section 3.2 -
IGNORE_MESSAGE_FREQUENCY
Average number of packets to be skipped before anSSH_MSG_IGNORE
message is inserted in the stream. If non-positive, then feature is disabled- See Also:
-
IGNORE_MESSAGE_VARIANCE
The variance to be used around the configuredIGNORE_MESSAGE_FREQUENCY
value in order to avoid insertion at a set frequency. If zero, then exact frequency is used. If negative, then the absolute value is used. If greater or equal to the frequency, then assumed to be zero - i.e., no variance- See Also:
-
IGNORE_MESSAGE_SIZE
Minimum size ofSSH_MSG_IGNORE
payload to send if feature enabled. If non-positive then no message is sent. Otherwise, the actual size is between this size and twice its value- See Also:
-
AGENT_FORWARDING_TYPE
The request type of agent forwarding. The value may be "auth-agent-req" or "[email protected]".- See Also:
-
AGENT_FORWARDING_TYPE_IETF
The agent forwarding type defined by IETF (https://tools.ietf.org/html/draft-ietf-secsh-agent-02).- See Also:
-
AGENT_FORWARDING_TYPE_OPENSSH
The agent forwarding type defined by OpenSSH.- See Also:
-
WAIT_FOR_SPACE_TIMEOUT
Configure max. wait time (millis) to wait for space to become available -
FORWARD_REQUEST_TIMEOUT
Used to configure the timeout (milliseconds) for receiving a response for the forwarding request -
MAX_CONCURRENT_CHANNELS
Property that can be used to configure max. allowed concurrent active channels -
SEND_REPLY_FOR_CHANNEL_DATA
RFC4254 does not clearly specify how to handleSSH_MSG_CHANNEL_DATA
andSSH_MSG_CHANNEL_EXTENDED_DATA
received through an unknown channel. Therefore, we provide a configurable approach to it with the default set to ignore it. -
MAX_AUTH_REQUESTS
Key used to retrieve the value in the configuration properties map of the maximum number of failed authentication requests before the server closes the connection. -
WELCOME_BANNER
Key used to retrieve the value of welcome banner that will be displayed when a user connects to the server. Ifnull
/empty then no banner will be sent. The value can be one of the following:- A
File
orPath
, in which case its contents will be transmitted. Note: if the file is empty or does not exits, no banner will be transmitted. - A
URI
or a string starting with "file:/", in which case it will be converted to aPath
and handled accordingly. - A string containing a special value indicator - e.g.,
AUTO_WELCOME_BANNER_VALUE
, in which case the relevant banner content will be generated. - Any other object whose
toString()
value yields a non empty string will be used as the banner contents.
- See Also:
- A
-
AUTO_WELCOME_BANNER_VALUE
Special value that can be set for theWELCOME_BANNER
property indicating that the server should generate a banner consisting of the random art of the server's keys (if any are provided). If no server keys are available, then no banner will be sent- See Also:
-
WELCOME_BANNER_LANGUAGE
Key used to denote the language code for the welcome banner (if such a banner is configured). -
WELCOME_BANNER_PHASE
TheWelcomeBannerPhase
value - either as an enum or a string -
WELCOME_BANNER_CHARSET
The charset to use if the configured welcome banner points to a file - if not specified (either as a string or aCharset
then the local default is used. -
AUTH_METHODS
This key is used when configuring multi-step authentications. The value needs to be a blank separated list of comma separated list of authentication method names. For example, an argument ofpublickey,password publickey,keyboard-interactive
would require the user to complete public key authentication, followed by either password or keyboard interactive authentication. Only methods that are next in one or more lists are offered at each stage, so for this example, it would not be possible to attempt password or keyboard-interactive authentication before public key. -
MAX_CONCURRENT_SESSIONS
Key used to retrieve the value of the maximum concurrent open session count per username. If not set, then unlimited -
SERVER_EXTRA_IDENTIFICATION_LINES
Key used to retrieve any extra lines to be sent during initial protocol handshake before the identification. The configured string value should use '|' character to denote line breaks -
SERVER_EXTRA_IDENT_LINES_SEPARATOR
public static final char SERVER_EXTRA_IDENT_LINES_SEPARATORSeparator used in theSERVER_EXTRA_IDENTIFICATION_LINES
configuration string to indicate new line break- See Also:
-
SERVER_IDENTIFICATION
Key used to retrieve the value of the server identification string. If set, then it is appended to the (standard) "SSH-2.0-" prefix. Otherwise a default is sent that consists of "SSH-2.0-" plus the current SSHD artifact name and version in uppercase - e.g., "SSH-2.0-APACHE-SSHD-1.0.0" -
COMMAND_EXIT_TIMEOUT
Key used to configure the timeout used when receiving a close request on a channel to wait until the command cleanly exits after setting an EOF on the input stream. -
MODULI_URL
A URL pointing to the moduli file. If not specified, the default internal file will be used. -
KB_SERVER_INTERACTIVE_NAME
-
KB_SERVER_INTERACTIVE_INSTRUCTION
-
KB_SERVER_INTERACTIVE_LANG
-
KB_SERVER_INTERACTIVE_PROMPT
-
KB_SERVER_INTERACTIVE_ECHO_PROMPT
-
MAX_EXTDATA_BUFSIZE
Maximum amount of extended (a.k.a. STDERR) data allowed to be accumulated until aChannelDataReceiver
for the data is registered -
PROP_DHGEX_SERVER_MIN_KEY
SeeDHGEXServer
. -
PROP_DHGEX_SERVER_MAX_KEY
SeeDHGEXServer
. -
PUMP_SLEEP_TIME
Value used by theInvertedShellWrapper
to control the "busy-wait" sleep time (millis) on the pumping loop if nothing was pumped - must be positive. -
BUFFER_SIZE
Value used by theInvertedShellWrapper
to control copy buffer size. -
X11_OPEN_TIMEOUT
Configuration value for theX11ForwardSupport
to control the channel open timeout. -
X11_DISPLAY_OFFSET
Configuration value for theX11ForwardSupport
to control from which X11 display number to start looking for a free value. -
X11_MAX_DISPLAYS
Configuration value for theX11ForwardSupport
to control up to which (but not including) X11 display number to look or a free value. -
X11_BASE_PORT
Configuration value for theX11ForwardSupport
to control the base port number for the X11 display number socket binding. -
X11_BIND_HOST
Configuration value for theX11ForwardSupport
to control the host used to bind to for the X11 display when looking for a free port.
-