Class AuthorizedKeysAuthenticator
- java.lang.Object
-
- org.apache.sshd.common.util.logging.AbstractLoggingBean
-
- org.apache.sshd.common.util.io.ModifiableFileWatcher
-
- org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator
-
- All Implemented Interfaces:
PublickeyAuthenticator
- Direct Known Subclasses:
DefaultAuthorizedKeysAuthenticator
public class AuthorizedKeysAuthenticator extends ModifiableFileWatcher implements PublickeyAuthenticator
Uses the authorized keys file to implementPublickeyAuthenticatorwhile automatically re-loading the keys if the file has changed when a new authentication request is received. Note: by default, the only validation of the username is that it is notnull/empty - seeisValidUsername(String, ServerSession)
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static classAuthorizedKeysAuthenticator.LazyDefaultAuthorizedKeysFileHolder
-
Field Summary
Fields Modifier and Type Field Description private java.util.concurrent.atomic.AtomicReference<PublickeyAuthenticator>delegateHolderstatic java.lang.StringSTD_AUTHORIZED_KEYS_FILENAMEStandard OpenSSH authorized keys file name-
Fields inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher
options, STRICTLY_PROHIBITED_FILE_PERMISSION
-
Fields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean
log
-
-
Constructor Summary
Constructors Constructor Description AuthorizedKeysAuthenticator(java.nio.file.Path file)AuthorizedKeysAuthenticator(java.nio.file.Path file, java.nio.file.LinkOption... options)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description booleanauthenticate(java.lang.String username, java.security.PublicKey key, ServerSession session)Checks whether the givenPublicKeyis allowed to be used for authenticating user "username" in a session.protected PublickeyAuthenticatorcreateDelegateAuthenticator(java.lang.String username, ServerSession session, java.nio.file.Path path, java.util.Collection<AuthorizedKeyEntry> entries, PublicKeyEntryResolver fallbackResolver)static java.nio.file.PathgetDefaultAuthorizedKeysFile()protected PublicKeyEntryResolvergetFallbackPublicKeyEntryResolver()protected booleanisValidUsername(java.lang.String username, ServerSession session)static java.util.List<AuthorizedKeyEntry>readDefaultAuthorizedKeys(java.nio.file.OpenOption... options)Reads read the contents of the default OpenSSHauthorized_keysfileprotected java.util.Collection<AuthorizedKeyEntry>reloadAuthorizedKeys(java.nio.file.Path path, java.lang.String username, ServerSession session)protected PublickeyAuthenticatorresolvePublickeyAuthenticator(java.lang.String username, ServerSession session)-
Methods inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher
checkReloadRequired, exists, getPath, lastModified, resetReloadAttributes, size, toPathResource, toPathResource, toString, updateReloadAttributes, validateStrictConfigFilePermissions
-
-
-
-
Field Detail
-
STD_AUTHORIZED_KEYS_FILENAME
public static final java.lang.String STD_AUTHORIZED_KEYS_FILENAME
Standard OpenSSH authorized keys file name- See Also:
- Constant Field Values
-
delegateHolder
private final java.util.concurrent.atomic.AtomicReference<PublickeyAuthenticator> delegateHolder
-
-
Method Detail
-
authenticate
public boolean authenticate(java.lang.String username, java.security.PublicKey key, ServerSession session)Description copied from interface:PublickeyAuthenticatorChecks whether the givenPublicKeyis allowed to be used for authenticating user "username" in a session.Note that the
keymay be aOpenSshCertificate. A typical implementation for a certificate would check that the certificate's CA key is known to be trusted as a certificate authority, and that the given user name is listed in the certificate's principals.- Specified by:
authenticatein interfacePublickeyAuthenticator- Parameters:
username- the usernamekey- the keysession- the server session- Returns:
trueif the key may be used;falseotherwise
-
isValidUsername
protected boolean isValidUsername(java.lang.String username, ServerSession session)
-
resolvePublickeyAuthenticator
protected PublickeyAuthenticator resolvePublickeyAuthenticator(java.lang.String username, ServerSession session) throws java.io.IOException, java.security.GeneralSecurityException
- Throws:
java.io.IOExceptionjava.security.GeneralSecurityException
-
createDelegateAuthenticator
protected PublickeyAuthenticator createDelegateAuthenticator(java.lang.String username, ServerSession session, java.nio.file.Path path, java.util.Collection<AuthorizedKeyEntry> entries, PublicKeyEntryResolver fallbackResolver) throws java.io.IOException, java.security.GeneralSecurityException
- Throws:
java.io.IOExceptionjava.security.GeneralSecurityException
-
getFallbackPublicKeyEntryResolver
protected PublicKeyEntryResolver getFallbackPublicKeyEntryResolver()
-
reloadAuthorizedKeys
protected java.util.Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(java.nio.file.Path path, java.lang.String username, ServerSession session) throws java.io.IOException, java.security.GeneralSecurityException
- Throws:
java.io.IOExceptionjava.security.GeneralSecurityException
-
getDefaultAuthorizedKeysFile
public static java.nio.file.Path getDefaultAuthorizedKeysFile()
- Returns:
- The default
Pathlocation of the OpenSSH authorized keys file
-
readDefaultAuthorizedKeys
public static java.util.List<AuthorizedKeyEntry> readDefaultAuthorizedKeys(java.nio.file.OpenOption... options) throws java.io.IOException
Reads read the contents of the default OpenSSHauthorized_keysfile- Parameters:
options- TheOpenOptions to use when reading the file- Returns:
- A
Listof all theAuthorizedKeyEntry-ies found there - or empty if file does not exist - Throws:
java.io.IOException- If failed to read keys from file
-
-