org.apache.sshd.server.config.keys

Class DefaultAuthorizedKeysAuthenticator

java.lang.Object

org.apache.sshd.common.util.logging.AbstractLoggingBean

org.apache.sshd.common.util.io.ModifiableFileWatcher

org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator

org.apache.sshd.server.config.keys.DefaultAuthorizedKeysAuthenticator

All Implemented Interfaces:

UsernameHolder, PublickeyAuthenticator

public class DefaultAuthorizedKeysAuthenticator
extends AuthorizedKeysAuthenticator
implements UsernameHolder

Monitors the ~/.ssh/authorized_keys file of the user currently running the server, re-loading it if necessary. It also (optionally) enforces the same permissions regime as OpenSSH does for the file permissions. By default also compares the current username with the authenticated one.

Author:

Apache MINA SSHD Project

Field Summary

Fields

Modifier and Type	Field and Description
static DefaultAuthorizedKeysAuthenticator	INSTANCE The default instance that enforces the same permissions regime as OpenSSH

Fields inherited from class org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator

STD_AUTHORIZED_KEYS_FILENAME

Fields inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher

options, STRICTLY_PROHIBITED_FILE_PERMISSION

Fields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean

log

Constructor Summary

Constructors

Constructor and Description
DefaultAuthorizedKeysAuthenticator(boolean strict)
DefaultAuthorizedKeysAuthenticator(Path path, boolean strict, LinkOption... options)
DefaultAuthorizedKeysAuthenticator(String user, boolean strict)
DefaultAuthorizedKeysAuthenticator(String user, Path path, boolean strict, LinkOption... options)

Method Summary

Modifier and Type	Method and Description
String	getUsername()
boolean	isStrict()
protected boolean	isValidUsername(String username, ServerSession session)
protected Collection<AuthorizedKeyEntry>	reloadAuthorizedKeys(Path path, String username, ServerSession session)
protected Path	validateFilePath(Path path, Collection<PosixFilePermission> perms, Collection<PosixFilePermission> excluded)

Methods inherited from class org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator

authenticate, createDelegateAuthenticator, getDefaultAuthorizedKeysFile, getFallbackPublicKeyEntryResolver, readDefaultAuthorizedKeys, resolvePublickeyAuthenticator

Methods inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher

checkReloadRequired, exists, getPath, lastModified, resetReloadAttributes, size, toPathResource, toPathResource, toString, updateReloadAttributes, validateStrictConfigFilePermissions

Methods inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean

debug, debug, debug, debug, debug, error, error, error, error, error, getSimplifiedLogger, info, info, warn, warn, warn, warn, warn, warn, warn, warn

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator

fromAuthorizedEntries

Field Detail

INSTANCE

public static final DefaultAuthorizedKeysAuthenticator INSTANCE

The default instance that enforces the same permissions regime as OpenSSH

Constructor Detail

DefaultAuthorizedKeysAuthenticator

public DefaultAuthorizedKeysAuthenticator(boolean strict)

Parameters:

strict - If true then makes sure that the containing folder has 0700 access and the file 0600. Note: for Windows it does not check these permissions

DefaultAuthorizedKeysAuthenticator

public DefaultAuthorizedKeysAuthenticator(String user,
                                          boolean strict)

DefaultAuthorizedKeysAuthenticator

public DefaultAuthorizedKeysAuthenticator(Path path,
                                          boolean strict,
                                          LinkOption... options)

DefaultAuthorizedKeysAuthenticator

public DefaultAuthorizedKeysAuthenticator(String user,
                                          Path path,
                                          boolean strict,
                                          LinkOption... options)

Method Detail

getUsername

public final String getUsername()

Specified by:

getUsername in interface UsernameHolder

isStrict

public final boolean isStrict()

isValidUsername

protected boolean isValidUsername(String username,
                                  ServerSession session)

Overrides:

isValidUsername in class AuthorizedKeysAuthenticator

reloadAuthorizedKeys

protected Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(Path path,
                                                              String username,
                                                              ServerSession session)
                                                       throws IOException,
                                                              GeneralSecurityException

Overrides:

reloadAuthorizedKeys in class AuthorizedKeysAuthenticator

Throws:

IOException

GeneralSecurityException

validateFilePath

protected Path validateFilePath(Path path,
                                Collection<PosixFilePermission> perms,
                                Collection<PosixFilePermission> excluded)
                         throws IOException

Parameters:

path - The Path to be validated

perms - The current PosixFilePermissions

excluded - The permissions not allowed to exist

Returns:

The original path

Throws:

IOException - If an excluded permission appears in the current ones