Class DefaultAuthorizedKeysAuthenticator
java.lang.Object
org.apache.sshd.common.util.logging.AbstractLoggingBean
org.apache.sshd.common.util.io.ModifiableFileWatcher
org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator
org.apache.sshd.server.config.keys.DefaultAuthorizedKeysAuthenticator
- All Implemented Interfaces:
UsernameHolder,PublickeyAuthenticator
public class DefaultAuthorizedKeysAuthenticator
extends AuthorizedKeysAuthenticator
implements UsernameHolder
Monitors the
~/.ssh/authorized_keys file of the user currently running the server, re-loading it if
necessary. It also (optionally) enforces the same permissions regime as OpenSSH does for the file
permissions. By default also compares the current username with the authenticated one.-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final DefaultAuthorizedKeysAuthenticatorThe default instance that enforces the same permissions regime asOpenSSHprivate final booleanprivate final StringFields inherited from class org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator
STD_AUTHORIZED_KEYS_FILENAMEFields inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher
options, STRICTLY_PROHIBITED_FILE_PERMISSIONFields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean
log -
Constructor Summary
ConstructorsConstructorDescriptionDefaultAuthorizedKeysAuthenticator(boolean strict) DefaultAuthorizedKeysAuthenticator(String user, boolean strict) DefaultAuthorizedKeysAuthenticator(String user, Path path, boolean strict, LinkOption... options) DefaultAuthorizedKeysAuthenticator(Path path, boolean strict, LinkOption... options) -
Method Summary
Modifier and TypeMethodDescriptionfinal Stringfinal booleanisStrict()protected booleanisValidUsername(String username, ServerSession session) protected Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(Path path, String username, ServerSession session) protected PathvalidateFilePath(Path path, Collection<PosixFilePermission> perms, Collection<PosixFilePermission> excluded) Methods inherited from class org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator
authenticate, createDelegateAuthenticator, getDefaultAuthorizedKeysFile, getFallbackPublicKeyEntryResolver, readDefaultAuthorizedKeys, resolvePublickeyAuthenticatorMethods inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher
checkReloadRequired, exists, getPath, lastModified, resetReloadAttributes, size, toPathResource, toPathResource, toString, updateReloadAttributes, validateStrictConfigFilePermissions
-
Field Details
-
INSTANCE
The default instance that enforces the same permissions regime asOpenSSH -
strict
private final boolean strict -
user
-
-
Constructor Details
-
DefaultAuthorizedKeysAuthenticator
public DefaultAuthorizedKeysAuthenticator(boolean strict) - Parameters:
strict- Iftruethen makes sure that the containing folder has 0700 access and the file 0600. Note: for Windows it does not check these permissions
-
DefaultAuthorizedKeysAuthenticator
-
DefaultAuthorizedKeysAuthenticator
-
DefaultAuthorizedKeysAuthenticator
public DefaultAuthorizedKeysAuthenticator(String user, Path path, boolean strict, LinkOption... options)
-
-
Method Details
-
getUsername
- Specified by:
getUsernamein interfaceUsernameHolder- Returns:
- The attached username - may be
null/empty if holder not yet initialized
-
isStrict
public final boolean isStrict() -
isValidUsername
- Overrides:
isValidUsernamein classAuthorizedKeysAuthenticator
-
reloadAuthorizedKeys
protected Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(Path path, String username, ServerSession session) throws IOException, GeneralSecurityException - Overrides:
reloadAuthorizedKeysin classAuthorizedKeysAuthenticator- Throws:
IOExceptionGeneralSecurityException
-
validateFilePath
protected Path validateFilePath(Path path, Collection<PosixFilePermission> perms, Collection<PosixFilePermission> excluded) throws IOException - Parameters:
path- ThePathto be validatedperms- The currentPosixFilePermissionsexcluded- The permissions not allowed to exist- Returns:
- The original path
- Throws:
IOException- If an excluded permission appears in the current ones
-