Package org.apache.sshd.client.keyverifier

Class DefaultKnownHostsServerKeyVerifier

java.lang.Object

org.apache.sshd.common.util.logging.AbstractLoggingBean

org.apache.sshd.common.util.io.ModifiableFileWatcher

org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier

org.apache.sshd.client.keyverifier.DefaultKnownHostsServerKeyVerifier

All Implemented Interfaces:

ModifiedServerKeyAcceptor, ServerKeyVerifier

public class DefaultKnownHostsServerKeyVerifier
extends KnownHostsServerKeyVerifier

Monitors the ~/.ssh/known_hosts file of the user currently running the client, updating and re-loading it if necessary. It also (optionally) enforces the same permissions regime as OpenSSH.

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier

KnownHostsServerKeyVerifier.HostEntryPair

Field Summary

Fields

Modifier and Type	Field	Description
private boolean	strict

Fields inherited from class org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier

KNOWN_HOSTS_FILE_OPTION, STRICT_CHECKING_OPTION, updateLock

Fields inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher

options, STRICTLY_PROHIBITED_FILE_PERMISSION

Fields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean

log

Constructor Summary

Constructors

Constructor	Description
DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate)
DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate, boolean strict)
DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate, boolean strict, java.io.File file)
DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate, boolean strict, java.nio.file.Path file, java.nio.file.LinkOption... options)

Method Summary

Modifier and Type	Method	Description
boolean	isStrict()
protected java.util.List<KnownHostsServerKeyVerifier.HostEntryPair>	reloadKnownHosts(ClientSession session, java.nio.file.Path file)

Methods inherited from class org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier

acceptIncompleteHostKeys, acceptKnownHostEntries, acceptModifiedServerKey, acceptUnknownHostKey, findKnownHostEntries, getDelegateVerifier, getFallbackPublicKeyEntryResolver, getHostValueDigester, getKnownHostSupplier, getModifiedServerKeyAcceptor, handleKnownHostsFileUpdateFailure, handleModifiedServerKeyUpdateFailure, handleRevokedKey, prepareKnownHostEntry, prepareModifiedServerKeyLine, resolveHostKey, resolveHostNetworkIdentities, setLoadedHostsEntries, setModifiedServerKeyAcceptor, updateKnownHostsFile, updateModifiedServerKey, updateModifiedServerKey, verifyServerKey

Methods inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher

checkReloadRequired, exists, getPath, lastModified, resetReloadAttributes, size, toPathResource, toPathResource, toString, updateReloadAttributes, validateStrictConfigFilePermissions

Methods inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean

debug, debug, debug, debug, debug, error, error, error, error, error, getSimplifiedLogger, info, info, warn, warn, warn, warn, warn, warn, warn, warn

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

strict

private final boolean strict

Constructor Detail

DefaultKnownHostsServerKeyVerifier

public DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate)

DefaultKnownHostsServerKeyVerifier

public DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate,
                                          boolean strict)

DefaultKnownHostsServerKeyVerifier

public DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate,
                                          boolean strict,
                                          java.io.File file)

DefaultKnownHostsServerKeyVerifier

public DefaultKnownHostsServerKeyVerifier(ServerKeyVerifier delegate,
                                          boolean strict,
                                          java.nio.file.Path file,
                                          java.nio.file.LinkOption... options)

Method Detail

isStrict

public final boolean isStrict()

Returns:

If true then makes sure that the containing folder has 0700 access and the file 0644. Note: for Windows it does not check these permissions

See Also:

ModifiableFileWatcher.validateStrictConfigFilePermissions(Path, LinkOption...)

reloadKnownHosts

protected java.util.List<KnownHostsServerKeyVerifier.HostEntryPair> reloadKnownHosts(ClientSession session,
                                                                                     java.nio.file.Path file)
                                                                              throws java.io.IOException,
                                                                                     java.security.GeneralSecurityException

Overrides:

reloadKnownHosts in class KnownHostsServerKeyVerifier

Parameters:

session - The ClientSession that triggered this request

file - The Path to reload from

Returns:

A List of the loaded KnownHostsServerKeyVerifier.HostEntryPairs - may be null/empty

Throws:

java.io.IOException - If failed to parse the file

java.security.GeneralSecurityException - If failed to resolve the encoded public keys