Class AuthorizedKeysAuthenticator
java.lang.Object
org.apache.sshd.common.util.logging.AbstractLoggingBean
org.apache.sshd.common.util.io.ModifiableFileWatcher
org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator
- All Implemented Interfaces:
PublickeyAuthenticator
- Direct Known Subclasses:
DefaultAuthorizedKeysAuthenticator
public class AuthorizedKeysAuthenticator
extends ModifiableFileWatcher
implements PublickeyAuthenticator
Uses the authorized keys file to implement
PublickeyAuthenticator while automatically re-loading the keys if
the file has changed when a new authentication request is received. Note: by default, the only validation of
the username is that it is not null/empty - see isValidUsername(String, ServerSession)-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate static final class -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final AtomicReference<PublickeyAuthenticator> static final StringStandard OpenSSH authorized keys file nameFields inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher
options, STRICTLY_PROHIBITED_FILE_PERMISSIONFields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean
log -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbooleanauthenticate(String username, PublicKey key, ServerSession session) Check the validity of a public key.protected PublickeyAuthenticatorcreateDelegateAuthenticator(String username, ServerSession session, Path path, Collection<AuthorizedKeyEntry> entries, PublicKeyEntryResolver fallbackResolver) static Pathprotected PublicKeyEntryResolverprotected booleanisValidUsername(String username, ServerSession session) static List<AuthorizedKeyEntry> readDefaultAuthorizedKeys(OpenOption... options) Reads read the contents of the default OpenSSHauthorized_keysfileprotected Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(Path path, String username, ServerSession session) protected PublickeyAuthenticatorresolvePublickeyAuthenticator(String username, ServerSession session) Methods inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher
checkReloadRequired, exists, getPath, lastModified, resetReloadAttributes, size, toPathResource, toPathResource, toString, updateReloadAttributes, validateStrictConfigFilePermissions
-
Field Details
-
STD_AUTHORIZED_KEYS_FILENAME
Standard OpenSSH authorized keys file name- See Also:
-
delegateHolder
-
-
Constructor Details
-
AuthorizedKeysAuthenticator
-
AuthorizedKeysAuthenticator
-
-
Method Details
-
authenticate
Description copied from interface:PublickeyAuthenticatorCheck the validity of a public key.- Specified by:
authenticatein interfacePublickeyAuthenticator- Parameters:
username- the usernamekey- the keysession- the server session- Returns:
- a boolean indicating if authentication succeeded or not
-
isValidUsername
-
resolvePublickeyAuthenticator
protected PublickeyAuthenticator resolvePublickeyAuthenticator(String username, ServerSession session) throws IOException, GeneralSecurityException - Throws:
IOExceptionGeneralSecurityException
-
createDelegateAuthenticator
protected PublickeyAuthenticator createDelegateAuthenticator(String username, ServerSession session, Path path, Collection<AuthorizedKeyEntry> entries, PublicKeyEntryResolver fallbackResolver) throws IOException, GeneralSecurityException - Throws:
IOExceptionGeneralSecurityException
-
getFallbackPublicKeyEntryResolver
-
reloadAuthorizedKeys
protected Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(Path path, String username, ServerSession session) throws IOException, GeneralSecurityException - Throws:
IOExceptionGeneralSecurityException
-
getDefaultAuthorizedKeysFile
- Returns:
- The default
Pathlocation of the OpenSSH authorized keys file
-
readDefaultAuthorizedKeys
public static List<AuthorizedKeyEntry> readDefaultAuthorizedKeys(OpenOption... options) throws IOException Reads read the contents of the default OpenSSHauthorized_keysfile- Parameters:
options- TheOpenOptions to use when reading the file- Returns:
- A
Listof all theAuthorizedKeyEntry-ies found there - or empty if file does not exist - Throws:
IOException- If failed to read keys from file
-