Package org.apache.sshd.client.keyverifier

Class DefaultKnownHostsServerKeyVerifier

java.lang.Object

org.apache.sshd.common.util.logging.AbstractLoggingBean

org.apache.sshd.common.util.io.ModifiableFileWatcher

org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier

org.apache.sshd.client.keyverifier.DefaultKnownHostsServerKeyVerifier

All Implemented Interfaces:

ModifiedServerKeyAcceptor, ServerKeyVerifier

public class DefaultKnownHostsServerKeyVerifier
extends KnownHostsServerKeyVerifier

Monitors the ~/.ssh/known_hosts file of the user currently running the client, updating and re-loading it if necessary. It also (optionally) enforces the same permissions regime as OpenSSH.

Author:

Apache MINA SSHD Project

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier

KnownHostsServerKeyVerifier.HostEntryPair

Field Summary

Fields inherited from class org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier

KNOWN_HOSTS_FILE_OPTION, STRICT_CHECKING_OPTION, updateLock

Fields inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher

options, STRICTLY_PROHIBITED_FILE_PERMISSION

Fields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean

log

Constructor Summary

Constructors

Constructor	Description
DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate)
DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate, boolean strict)
DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate, boolean strict, File file)
DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate, boolean strict, Path file, LinkOption... options)

Method Summary

Modifier and Type	Method	Description
boolean	isStrict()
protected List<KnownHostsServerKeyVerifier.HostEntryPair>	reloadKnownHosts(ClientSession session, Path file)

Methods inherited from class org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier

acceptIncompleteHostKeys, acceptKnownHostEntries, acceptKnownHostEntry, acceptModifiedServerKey, acceptUnknownHostKey, findKnownHostEntry, getDelegateVerifier, getFallbackPublicKeyEntryResolver, getHostValueDigester, getKnownHostSupplier, getModifiedServerKeyAcceptor, handleKnownHostsFileUpdateFailure, handleModifiedServerKeyUpdateFailure, prepareKnownHostEntry, prepareModifiedServerKeyLine, resolveHostKey, resolveHostNetworkIdentities, setLoadedHostsEntries, setModifiedServerKeyAcceptor, updateKnownHostsFile, updateModifiedServerKey, verifyServerKey

Methods inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher

checkReloadRequired, exists, getPath, lastModified, resetReloadAttributes, size, toPathResource, toPathResource, toString, updateReloadAttributes, validateStrictConfigFilePermissions

Methods inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean

debug, debug, debug, debug, debug, error, error, error, error, error, getSimplifiedLogger, info, info, warn, warn, warn, warn, warn, warn, warn, warn

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

DefaultKnownHostsServerKeyVerifier

public DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate)

DefaultKnownHostsServerKeyVerifier

public DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate,
                                          boolean strict)

DefaultKnownHostsServerKeyVerifier

public DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate,
                                          boolean strict,
                                          File file)

DefaultKnownHostsServerKeyVerifier

public DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate,
                                          boolean strict,
                                          Path file,
                                          LinkOption... options)

Method Detail

isStrict

public final boolean isStrict()

Returns:

If true then makes sure that the containing folder has 0700 access and the file 0644. Note: for Windows it does not check these permissions

See Also:

ModifiableFileWatcher.validateStrictConfigFilePermissions(Path, LinkOption...)

reloadKnownHosts

protected List<KnownHostsServerKeyVerifier.HostEntryPair> reloadKnownHosts(ClientSession session,
                                                                           Path file)
                                                                    throws IOException,
                                                                           GeneralSecurityException

Overrides:

reloadKnownHosts in class KnownHostsServerKeyVerifier

Parameters:

session - The ClientSession that triggered this request

file - The Path to reload from

Returns:

A List of the loaded KnownHostsServerKeyVerifier.HostEntryPairs - may be null/empty

Throws:

IOException - If failed to parse the file

GeneralSecurityException - If failed to resolve the encoded public keys