exit-XXX" requests.ClientSession related methodsKeyPair which is generated the 1st time
AbstractGeneratorHostKeyProvider.loadKeys() is called.KeyPairProvider methodsXXX@openssh.com extension data reportsOpenSSH encoded key dataScpTransferEventListener for those who wish to
implement only a small number of methods.ServerSession related methodsSftpEventListener for those who wish to
implement only a small number of methods.Signature implementationForwardingFilter that accepts all requestsKnownHostsServerKeyVerifier.acceptUnknownHostKey(ClientSession, SocketAddress, PublicKey)SSH_ACL_CAP_xxx names - where name can be without
the prefix.SftpHelper.indicateEndOfNamesList(Buffer, int, PropertyResolver, Boolean)
call, as indicated by SFTP v6 - section 9.4HostConfigEntry.EXPLICIT_PROPERTIES onesPublicKeyEntry.parsePublicKeyEntry(String) expects itBigIntegerSession in order to control
the authentication timeout (millis).SshFuture for asynchronous authentication requests.authorized_keys file according
to the OpenSSH format.PublickeyAuthenticator
while automatically re-loading the keys if the file has changed when a
new authentication request is received.ServerAuthenticationManager.WELCOME_BANNER property
indicating that the server should generate a banner consisting of the
random art of the server's keys (if any are provided).Long.MAX_VALUE msec. for the asynchronous operation to complete.Long.MAX_VALUE msec. for the asynchronous operation to complete
uninterruptibly.Mac implementations based on the JCE provider.Random.RandomIoOutputStream capable of queuing write requestsBuiltinCiphers.parseCiphersList(String)BuiltinCompressions.parseCompressionsList(String)BuiltinDHFactories.parseDHFactoriesList(String)BuiltinSignatures.parseSignatureList(String)BuiltinUserAuthFactories.parseFactoriesList(String)BuiltinUserAuthFactories.parseFactoriesList(String)InetAddress-es according to their InetAddress.getHostAddress()
value case insensitiveSocketAddress-es according to their host case insensitive
and if equals, then according to their port value (if any)NamedResources according to their NamedResource.getName()
value case insensitiveKexProposalOption.getProposalIndex()Buffer using a backing byte arrayString.CASE_INSENSITIVE_ORDERFactoryManager
or the session to configure the channel open timeout value (millis).FactoryManager to control the
channel open timeout.Channel.init(org.apache.sshd.common.session.ConnectionService, org.apache.sshd.common.session.Session, int)
method.Command can implement this optional interface
to receive a reference to ChannelSession.AbstractSftpClient.checkResponseStatus(int, Buffer)PasswordAuthenticator and returns the result.SSH_FXP_STATUS one,
and if so whether the substatus is SSH_FX_OK.ClassLoader.getResourceAsStream(String).Buffer.clear()ClientChannel.waitFor(java.util.Collection, long)ssh-connection service.ClientFactoryManager enable the retrieval of additional
configuration needed specifically for the client side.id_rsaClientIdentityProvider that watches a given key file re-loading
its contents if it is ever modified, deleted or (re-)createdClientSessionssh-auth service.KeyPair - i.e., creates
new public/private keys that are clones of the original oneopen methodsCloseFuture to successfully
complete its action.Closeable is a resource that can be closed./dev/null stream that can be closed - in which case it will throw
IOExceptions if invoked after being closedScpClient wrapper that also closes the underlying session
when closedSshFuture for asynchronous close requests.IOExceptions their
Closeable.close() method may have thrownnull and empty
are considered equalNamedFactory for the Compression.AbstractFactoryManager with the values read from
some configuration.CompressionConfigValues.HostConfigEntry and connects to itHostConfigEntry and connects to itSshFuture for asynchronous connections requests.close() method is called.close() method is called.close() method is called.SftpVersionSelector that returns the current versionOsUtils.getCurrentUser().
DSAPrivateKey ::= SEQUENCE {
version Version,
p INTEGER,
q INTEGER,
g INTEGER,
y INTEGER,
x INTEGER
}
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL
}
ECParameters syntax according to RFC5480:
ECParameters ::= CHOICE {
namedCurve OBJECT IDENTIFIER
-- implicitCurve NULL
-- specifiedCurve SpecifiedECDomain
}
RSAPrivateKey ::= SEQUENCE {
version Version,
modulus INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 INTEGER, -- p
prime2 INTEGER, -- q
exponent1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
coefficient INTEGER, -- (inverse of q) mod p
otherPrimeInfos OtherPrimeInfos OPTIONAL
}
SftpHelper.APPEND_END_OF_LIST_INDICATOR if none configuredSimpleClientConfigurator.setAuthenticationTimeout(long) is usedServerAuthenticationManager.WELCOME_BANNER_PHASE if none specifiedBuiltinCiphers setup in order of preference
as specified by DEFAULT_CLIENT_IDENTITY_LOADER - Static variable in class org.apache.sshd.client.ClientBuilder
Closeable.CLOSE_WAIT_TIMEOUT if none specifiedSimpleClientConfigurator.setConnectTimeout(long) is usedFactory of Digests initialized
as the value of KeyUtils.getDefaultFingerPrintFactory() if not
overridden by KeyUtils.KEY_FINGERPRINT_FACTORY_PROP or
KeyUtils.setDefaultFingerPrintFactory(DigestFactory)DefaultTcpipForwarder.FORWARD_REQUEST_TIMEOUT if none specifiedClientFactoryManager.HEARTBEAT_REQUEST is none configuredBuiltinDHFactories setup in order of preference
as specified by DEFAULT_KEY_LENGTH - Static variable in class org.apache.sshd.common.config.keys.loader.DESPrivateKeyObfuscator
BuiltinMacs setup in order of preference
as specified by DEFAULT_MACS - Static variable in class org.apache.sshd.common.config.SshConfigFileReader
ServerAuthenticationManager.MAX_AUTH_REQUESTS if none configuredAbstractConnectionService.MAX_CONCURRENT_CHANNELS_PROP is none specifiedClientAuthenticationManager.PASSWORD_PROMPTS if none configuredInvertedShellWrapper.PUMP_SLEEP_TIME if none setChannelSubsystem.REQUEST_SUBSYSTEM_REPLY - according to
RFC4254 section 6.5:
It is RECOMMENDED that the reply to these messages be requested and checked.BuiltinSignatures according to
DEFAULT_SIZE - Static variable in class org.apache.sshd.common.util.buffer.ByteArrayBuffer
FactoryManager.getVersion() if the built-in
version information cannot be accessedServerAuthenticationManager.WELCOME_BANNER_LANGUAGE is not overwrittenAuthFuture.~/.ssh/authorized_keys file of the user currently running
the server, re-loading it if necessary.CloseFuture.~/.ssh/config file of the user currently running
the client, re-loading it if necessary.ConnectFuture.KeyboardInteractiveAuthenticator
where it prompts for the password.~/.ssh/known_hosts file of the user currently running
the client, updating and re-loading it if necessary.OpenFuture.SshFuture.TcpipForwarderFactory implementation.SftpEventListenerECPoint representation compression indicatorsEdDSAKey.KEY_ALGORITHMnull - i.e., unprotected key filenullsSimplifiedLog that does nothingKeyPairProvider that has no keysKeyIdentityProvider that
returns an empty group of key pairsPasswordIdentityProvider that returns
and empty group of passwords/dev/null implementation - always openSet of the properties that receive special handlingNamedFactory used
in the SSH protocol.Map of FileInfoExtractors to be used to complete
attributes that are deemed important enough to warrant an extra
effort if not accessible via the file system attributes viewsStandardOpenOption-s into SftpClient.OpenMode-spublic static final
that start with the given common prefix (case sensitive) and are of type
Number.public static final fields
that are also accepted by the predicate.SshAgent objects.public static final fields
that have a common prefix and whose value is used by several of the other
matching fieldspublic static final fields
that are also accepted by the predicate and whose value is used by several of the other
matching fieldsWindows domain and/or group prefix as well as "(User);" suffixChannel objects.Cipher.KeyPair representing the client identityCommandFactory to be used to process commands requests.Compression.Ciphers
it strips the trailing transformation specification in order to extract the
base cipher name - e.g., "AES/CBC/NoPadding" => "AES"SSH_FXP_DATA responses, provided
the version is at least 6, and the buffer has enough available dataSSH_FXP_NAME responses, provided
the version is at least 6, and the buffer has enough available dataFileSystemFactory to be used to traverse the file system.GSSAuthenticator to be used by the SSH server.h parameterHostBasedAuthenticator to be used by the SSH server.KnownHostsServerKeyVerifier.prepareKnownHostEntry(ClientSession, SocketAddress, PublicKey)
in order to query whether to use a hashed value instead of a plain one for the
written host name/address - default returns null - i.e., no hashingOsUtils.JAVA_VERSION_OVERRIDE_PROP.KeyboardInteractiveAuthenticator to be used by
the SSH server.KeyExchange.KeyPairProvider that will be used to find
the host key to use on the server side or the user key on the client side.Mac.public static final fields
that are also accepted by the predicate.PasswordAuthenticator to be used by the SSH server.PasswordIdentityProvider used to provide password
candidatesFiles.getPosixFilePermissions(Path, LinkOption...), otherwise
uses the IoUtils.getPermissionsFromFile(File) method
PrivateKeyInfo ::= SEQUENCE {
version Version,
privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
privateKey PrivateKey,
attributes [0] IMPLICIT Attributes OPTIONAL
}
Version ::= INTEGER
PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
PrivateKey ::= OCTET STRING
Attributes ::= SET OF Attribute
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
PublickeyAuthenticator to be used by SSH server.Random factory to be used.ScheduledExecutorService to be used.Service factories.ShellFactory object to be used to create shells.CommandFactory.Command to
be used to create subsystems.ForwardingFilter to be used by the SSH server.SSH_MSG_USERAUTH_PASSWD_CHANGEREQ
response indicating that the password should be changed - e.g., expired or
not strong enough (as per the server's policy).UserAuth objects.SSH_MSG_USERAUTH_REQUEST indicating
a password change.SSH_MSG_CHANNEL_CLOSE receivedupload/download methods after having successfully
completed the remote copy command and (optionally) having received an exit status
from the remote server.upload/download methods after having successfully
completed the remote copy command and (optionally) having received an exit status
from the remote serverSSH_MSG_CHANNEL_DATA receivedSSH_MSG_DEBUG packet is receivedSSH_MSG_CHANNEL_EOF receivedSSH_MSG_CHANNEL_EXTENDED_DATA receivedSSH_MSG_CHANNEL_FAILURE receivedSSH_MSG_IGNORE packet is receivedAbstractChannel.handleUnknownChannelRequest(String, boolean, Buffer)
in order to allow channel request handling if none of the registered handlers
processed the request - last chance.KnownHostsServerKeyVerifier.updateKnownHostsFile(ClientSession, SocketAddress, PublicKey, Path, Collection) fails - by
default just issues a warning.#updateModifiedServerKey(ClientSession, SocketAddress, HostEntryPair, PublicKey, Path)
throws an exception.SSH_MSG_CHANNEL_REQUEST receivedUserAuthPassword.checkPassword(Buffer, ServerSession, String, String)
when a PasswordChangeRequiredException was thrown by the authenticator.SSH_MSG_CHANNEL_SUCCESS receivedSSH_MSG_UNIMPLEMENTED packet is receivedSSH_MSG_CHANNEL_WINDOW_ADJUST receivedSSH_MSG_IGNORE
message is inserted in the stream.SSH_MSG_IGNORE payload to send if feature enabled.put/remove callsTRUE indicator for SSH_FXP_NAME responses, provided
the version is at least 6 and the feature is enabledSSH_FXP_NAME responses, provided the version
is at least 6, the feature is enabled and the indicator value is not nullOpenSSHOpenSSHProcess from java.InvertedShell
as a Command.Executor in order to create the streams pump thread
and uses the InvertedShellWrapper.DEFAULT_BUFFER_SIZEExecutor in order to create the streams pump threadCallable interface - accepts one argument
and possibly throws somethindtrue if this object has been closed.true if the Closeable.close(boolean) method
has been called.null/empty
Has at most 3 digits
Its value is ≤ 255
PasswordIdentityProvider into an Iterable of their combined passwordsIterator of passwords out of the registered
passwords and the extra available ones as a single iterator of passwordsIterator of passwords out of 2 possible
PasswordIdentityProvidernull iterator of the available passwordsnull iterator of the available keysnull iteratornull iteratorOsUtils.getJavaVersion().Random implementation using the built-in SecureRandom PRNG.RandomSet of all the known curves key typesSshAgent to generate the identity signatureKeyPair to generate the identity signatureKeyPairs from text resourcesCollection of PublicKeysknown_hosts fileInputStream up to specified max. lengthTreeSet as its comparatorPasswordIdentityProvider.loadPasswords() and returns the result.KeyIdentityProvider.loadKeys() and returns the result - ignores
null providers (i.e., returns an empty iterable instance)nullsMap of String->KeyPair to a
KeyPairProvider where map key is the type and value is the
associated KeyPairDERParser.readLength() - it is a bit
arbitrary since one can encode 32-bit length data, but it is good
enough for the keysSftpSubsystem.doRead(Buffer, int) protection
against malicious packetsSftpSubsystem.doReadDir(Buffer, int)uint32 fielduint8 field
The maximum length of the string is 255 characters,
including the Carriage Return and Line Feed.SftpVersionSelector that returns the maximum available versionSftpVersionSelector that returns the maximum available versionList of short months names where Jan=0, Feb=1, etc.PasswordIdentityProvider into a single onePasswordIdentityProvider into a single oneKeyIdentityProvider into a single oneKeyIdentityProvider into a single oneProvider instanceNamedFactoryiesSet of all the known curves namesNio2SessionSSH_MSG_UNIMPLEMENTED packet.null value - to be used as a placeholder
where nulls are not allowed/dev/null input streamBigInteger
As octet strings always represent positive integers, a zero-byte is prepended to
the given array if necessary (if is MSB equal to 1), then this is converted to BigInteger
The conversion is defined in the Section 2.3.8SshFuture for asynchronous channel opening requests.SftpRemotePathChannel on the specified remote pathOpenSSH extensions are reported and
what version is reported for each - format: name=version.SshFuture
has been completed even if you add the listener after the completion.Cipher
implementations.Compression implementations.Digest implementations.Mac implementations.Random implementations.Signature implementations.OsUtils.isWin32().Closeables to complete in any order, then
signals the completion by setting the "parent" future as closeduser@host:pathStrings and equal to each otherPasswordAuthenticator
to indicate that the password requires changing or is not string enoughChannelDataReceiver that buffers the received data into byte buffer
and provides an InputStream to consume them.List containing all the pure powers of 2 for a long
value.SftpVersionSelector.selectVersion(ClientSession, int, List) method is invokedSftpVersionSelector.selectVersion(ClientSession, int, List) method is invokedChannelSession.prepareChannelCommand(String, Command) in order to set
up the command's streams, session, file-system, exit callback, etc..KnownHostsServerKeyVerifier.updateKnownHostsFile(ClientSession, SocketAddress, PublicKey, Path, Collection)
in order to generate the host entry to be writtenKnownHostsServerKeyVerifier.updateModifiedServerKey(ClientSession, SocketAddress, HostEntryPair, PublicKey, Path, Collection)
in order to prepare the replacement - by default it replaces the key part with the new oneAbstractChannelExitRequestHandler.process(Channel, String, boolean, Buffer) when
a request matching the handler's name is receivedExecutorService in such a way as to "protect"
it for calls to the ExecutorService.shutdown() or
ExecutorService.shutdownNow().KeyIdentityProvider of key pairs out of the registered
KeyPair identities and the extra available ones as a single iterator
of key pairsIterable container of listener
interface implementation.Iterable container of listener
interface implementation.PublickeyAuthenticator is used on the server side
to authenticate user public keys.OpenSSH encoded key dataTransformer.TOSTRING value of each member.Transformer.TOSTRING value of each memberint
in the half-open range [0, n).int
in the half-open range [0, n).ByteBuffer as a Readable instanceauthorized_keys fileauthorized_keys fileauthorized_keys fileauthorized_keys fileauthorized_keys fileauthorized_keys fileProperties instance.authorized_keys fileFileTime value from a bufferfinalNamedFactory to be available besides the built-in
ones when parsing configurationNamedFactory to be available besides the built-in
ones when parsing configurationNamedFactory to be available besides the built-in
ones when parsing configurationNamedFactory to be available besides the built-in
ones when parsing configurationNamedFactory to be available besides the built-in
ones when parsing configurationForwardingFilter that rejects all requestsmax values of the search String.SSH_MSG_REQUEST_FAILURE messageSSH_MSG_REQUEST_SUCCESS messageSSH_MSG_IGNORE and
SSH_MSG_DEBUG messages that are received by a session.WindowsClassLoader as follows:
Check the Thread.getContextClassLoader() value
If no thread context class loader then check the anchor
class (if given) for its class loader
If still no loader available, then use ClassLoader.getSystemClassLoader()
AbstractServerSession.resolveAvailableSignaturesProposal(FactoryManager)
if none of the provided keys is supported - last chance for the derived
implementation to do somethingFactoryManager.KeyIdentityProvider out of 2 possible ones
as follows:
If both are null then return null.SftpSubsystem.getAttributes(Path, int, LinkOption...) in order
to complete any attributes that could not be retrieved via the supported
file system views.PasswordIdentityProvider out of 2 possible ones
as follows:
If both are null then return null.null value
for the requested property or reached top.null value
for the requested property or reached top.null/empty,
otherwise uses the secondary ones (regardless of whether there are any...)FactoryManager
for controlling the wait timeout for waiting on a channel exit status'
for an SCP command in milliseconds.FactoryManager
for controlling the wait timeout for opening a channel for an SCP command
in milliseconds.CommandFactory can be used as a standalone command factory
or can be used to augment another CommandFactory and provides
SCP support.ObjectBuilder for ScpCommandFactoryuser@host:path
for a remote path and a simple path for a local one.SecurityProviderRegistrar.isSecurityEntitySupported(Class, String)SecurityProviderRegistrars
to automatically registerSSH_MSG_DEBUG to the peer sessionSSH_MSG_IGNORE to the peer sessionSSH_MSG_UNIMPLEMENTED messageSSH_MSG_USERAUTH_REQUEST message.Closeables to complete in the given order, then
signals the completion by setting the "parent" future as closedssh-connection service.ServerFactoryManager enable the retrieval of additional
configuration needed specifically for the server side./etc/ssh/ssh_host_rsa_keyServerKeyVerifier is used on the client side
to authenticate the key provided by the server.ServerSessionAbstractSessions and checks each of them for timeouts.SecurityProviderRegistrar.isEnabled() is eventually
consulted it will return false regardless of the configured value for
the specific provider registrar instance.OsUtils.getCurrentUser()Command to install ChannelDataReceiver.KeyPairProvider with the loaded identities - if anySecurityUtils.getMaxDHGroupExchangeKeySize()Files.setPosixFilePermissions(Path, Set), otherwise
uses the IoUtils.setPermissionsToFile(File, Collection) methodSimpleClientOsUtils.isWin32() or OsUtils.isUNIX()FactoryManager
to control the internal timeout used by the client to open a channel.DirectoryStreamFileSystemProvider that registers the "sftp://"
scheme so that URLs with this protocol are handled as remote SFTP Path-s
- e.g., "sftp://user:password@host/remote/file/path"Iterable implementation of the SftpClient.DirEntry-ies
for a remote directorySignatureSignature.SignaturePredicate used to test if space became availableSshAgentFactory is used to communicate with an SshAgent.SshFuture.ForwardingFilter implementation that returns the same "static"
result for all the queries.true/false regardlesstrue/false regardlesstrue/false regardlessSet of PosixFilePermission not allowed if strict
permissions are enforced on key filesSet of PosixFilePermission not allowed if strict
permissions are enforced on key filesKeyAgreement.generateSecret()
is a byte array, which can (by chance, roughly 1 out of 256 times) begin
with zero byte (some JCE providers might strip this, though).SupplierPropertyResolver with no parent that exposes the system propertiesMap access to the system
properties.null then return null
If value already of the expected type then simply
cast and return it.getInstance method(s)
as a security entity factory.SocketAddress into an InetSocketAddress if possible:
If already an InetSocketAddress then cast it as such
If an SshdSocketAddress then invoke SshdSocketAddress.toInetSocketAddress()
Otherwise, throw an exception
File.separator.long if possible:
If value is null the default is returned
If value is a Number then its Number.longValue() is returned
Otherwise, the value's Object.toString() is parsed as a long
Map into a PropertyResolver so it can be used
with these utilitiesRuntimeExceptionObjects.toString(Object, String) on the argument
with null as the value to return if argument is nullPtyModes for
handling CR / LFPtyMode for CR / LF
and ECHO settingsCommandFactory
when the command is not known, as it is supposed to always
return a valid Command object.user@host:pathKnownHostsServerKeyVerifier.acceptModifiedServerKey(ClientSession, SocketAddress, KnownHostEntry, PublicKey, PublicKey)
returned true.null nor a proxyUnix) The path may not have group or others write permissions
The path must be owned by current user.PosixFilePermission.OTHERS_EXECUTE
permission
(For Unix) The path may not have group or others permissions
(For Unix) If the path is a file, then its folder may not have
group or others permissions
The path must be owned by current user.null or one
of the session's internal ones used for decoding and uncompressingSet of all the known curvesList of all the options sorted according to KexProposalOption.getProposalIndex()Long.MAX_VALUE msec. and verify that the operation was successfulnull then timeout is assumed to have expired - throw
an appropriate IOException
If the result is of the expected type, then cast and return it
If the result is an IOException then re-throw it
If the result is a Throwable then throw an IOException
whose cause is the original exception
Otherwise (should never happen), throw a StreamCorruptedException
with the name of the result type
Charset
then the local default is used.WelcomeBannerPhase value - either as an enum or
a stringWindow has been closed.PasswordIdentityProviderPasswordIdentityProviderClientSessionCreator into a SimpleClientKeyPairs into a KeyIdentityProviderKeyPairs into a KeyIdentityProviderKeyPairs into a KeyPairProviderKeyPairs into a KeyPairProviderSshClient instance as a SimpleClientSet of StandardOpenOption-s that indicate an intent
to create/modify a fileFileTime value into a bufferCopyright © 2008–2017 The Apache Software Foundation. All rights reserved.