Class DefaultAuthorizedKeysAuthenticator
- java.lang.Object
-
- org.apache.sshd.common.util.logging.AbstractLoggingBean
-
- org.apache.sshd.common.util.io.ModifiableFileWatcher
-
- org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator
-
- org.apache.sshd.server.config.keys.DefaultAuthorizedKeysAuthenticator
-
- All Implemented Interfaces:
UsernameHolder
,PublickeyAuthenticator
public class DefaultAuthorizedKeysAuthenticator extends AuthorizedKeysAuthenticator implements UsernameHolder
Monitors the~/.ssh/authorized_keys
file of the user currently running the server, re-loading it if necessary. It also (optionally) enforces the same permissions regime asOpenSSH
does for the file permissions. By default also compares the current username with the authenticated one.- Author:
- Apache MINA SSHD Project
-
-
Field Summary
Fields Modifier and Type Field Description static DefaultAuthorizedKeysAuthenticator
INSTANCE
The default instance that enforces the same permissions regime asOpenSSH
-
Fields inherited from class org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator
STD_AUTHORIZED_KEYS_FILENAME
-
Fields inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher
options, STRICTLY_PROHIBITED_FILE_PERMISSION
-
Fields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean
log
-
-
Constructor Summary
Constructors Constructor Description DefaultAuthorizedKeysAuthenticator(boolean strict)
DefaultAuthorizedKeysAuthenticator(String user, boolean strict)
DefaultAuthorizedKeysAuthenticator(String user, Path path, boolean strict, LinkOption... options)
DefaultAuthorizedKeysAuthenticator(Path path, boolean strict, LinkOption... options)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String
getUsername()
boolean
isStrict()
protected boolean
isValidUsername(String username, ServerSession session)
protected Collection<AuthorizedKeyEntry>
reloadAuthorizedKeys(Path path, String username, ServerSession session)
protected Path
validateFilePath(Path path, Collection<PosixFilePermission> perms, Collection<PosixFilePermission> excluded)
-
Methods inherited from class org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator
authenticate, createDelegateAuthenticator, getDefaultAuthorizedKeysFile, getFallbackPublicKeyEntryResolver, readDefaultAuthorizedKeys, resolvePublickeyAuthenticator
-
Methods inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher
checkReloadRequired, exists, getPath, lastModified, resetReloadAttributes, size, toPathResource, toPathResource, toString, updateReloadAttributes, validateStrictConfigFilePermissions
-
-
-
-
Field Detail
-
INSTANCE
public static final DefaultAuthorizedKeysAuthenticator INSTANCE
The default instance that enforces the same permissions regime asOpenSSH
-
-
Constructor Detail
-
DefaultAuthorizedKeysAuthenticator
public DefaultAuthorizedKeysAuthenticator(boolean strict)
- Parameters:
strict
- Iftrue
then makes sure that the containing folder has 0700 access and the file 0600. Note: for Windows it does not check these permissions
-
DefaultAuthorizedKeysAuthenticator
public DefaultAuthorizedKeysAuthenticator(String user, boolean strict)
-
DefaultAuthorizedKeysAuthenticator
public DefaultAuthorizedKeysAuthenticator(Path path, boolean strict, LinkOption... options)
-
DefaultAuthorizedKeysAuthenticator
public DefaultAuthorizedKeysAuthenticator(String user, Path path, boolean strict, LinkOption... options)
-
-
Method Detail
-
getUsername
public final String getUsername()
- Specified by:
getUsername
in interfaceUsernameHolder
-
isStrict
public final boolean isStrict()
-
isValidUsername
protected boolean isValidUsername(String username, ServerSession session)
- Overrides:
isValidUsername
in classAuthorizedKeysAuthenticator
-
reloadAuthorizedKeys
protected Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(Path path, String username, ServerSession session) throws IOException, GeneralSecurityException
- Overrides:
reloadAuthorizedKeys
in classAuthorizedKeysAuthenticator
- Throws:
IOException
GeneralSecurityException
-
validateFilePath
protected Path validateFilePath(Path path, Collection<PosixFilePermission> perms, Collection<PosixFilePermission> excluded) throws IOException
- Parameters:
path
- ThePath
to be validatedperms
- The currentPosixFilePermission
sexcluded
- The permissions not allowed to exist- Returns:
- The original path
- Throws:
IOException
- If an excluded permission appears in the current ones
-
-