All Classes and Interfaces
Class
Description
Provides common client/server channel functionality
A
AbstractChannel.PacketValidator can validate packet lengths.Provides a common base class for channel request handlers that deal with various "
exit-XXX"
requests.TODO Add javadoc
Provides default implementations of
ClientSession related methodsProvides a basic useful skeleton for
Command executionsBase implementation of ConnectionService.
A
CommandFactory wrapper that delegates calls to a proxyBase class for the Diffie-Hellman key agreement.
Provides a basic useful skeleton for
Command executions that require file system accessTODO Add javadoc
Provides default implementations for
ServerSession related methods
The AbstractSession handles all the basic SSH protocol such as key exchange, authentication, encoding and decoding.
Message encoding or decoding settings as determined at the end of a key exchange.
An abstract base factory of sessions.
TODO Add javadoc
A
ForwardingFilter that accepts all requestsAccepts all authentication attempts
Accepts all authentication attempts
A ServerKeyVerifier that accepts all server keys.
A client for a remote SSH agent
The server side fake agent, acting as an agent, but actually forwarding the requests to the auth channel on the
client side.
A local SSH agent implementation
A server for an SSH Agent
The server side fake agent, acting as an agent, but actually forwarding the requests to the auth channel on the
client side.
The server side fake agent, acting as an agent, but actually forwarding the requests to the auth channel on the
client side.
Provides different shell(s) based on some criteria of the provided
ChannelSession
Internal singleton used for initializing correctly the APR native library and the associated root memory pool.
Channel that sets up asynchronous streams, and that pumps an input stream if set via
AbstractClientChannel.setIn(InputStream).Represents a command capable of doing non-blocking io.
An
SshFuture for asynchronous authentication requests.Checks against a
Collection of AuthorizedKeyEntrys
Records the matched entry under a session attribute.Uses the authorized keys file to implement
PublickeyAuthenticator while automatically re-loading the keys if
the file has changed when a new authentication request is received.Base class for dedicated client/server instance builders
An
IoOutputStream capable of queuing write requests.Represents the result of
BuiltinDHFactories.parseDHFactoriesList(String)All built in key encapsulation methods (KEM).
Provides a centralized location for the default built-in authentication factories
Provides a centralized location for the default built-in authentication factories
Holds the result of
BuiltinUserAuthFactories.parseFactoriesList(String)Holds the result of
BuiltinUserAuthFactories.parseFactoriesList(String)Caches the result per session - compensates for
OpenSSH behavior where it sends 2 requests with the same key
(see SSHD-300).Handler for "cancel-tcpip-forward" global request.
Represents a channel opened over an SSH session - holds information that is common both to server and client
channels.
The client side channel that will receive requests forwards by the SSH server.
The client side channel that will receive requests forwards by the SSH server.
Marker type to avoid repeated buffering in
ChannelAsyncOutputStream.writePacket(IoWriteFutureImpl, boolean).Collects state variables; access is always synchronized on the single instance per stream.
Receiving end of the data stream from the client.
TODO Add javadoc
Client channel to run a remote command
Provides a simple listener for client / server channels being established or torn down.
TODO Add javadoc
TODO Add javadoc
Client side channel session
Server side channel session
Command can implement this optional interface to receive a reference to ChannelSession.Client channel to open a remote shell
The ChannelStreamWriter is used when writing to the channel data stream.
A special mechanism that enables users to intervene in the way packets are sent from
ChannelOutputStream-s -
e.g., by introducing throttlingTODO Add javadoc
Client channel to run a subsystem
Implements forwarding messages received from a channel to a port in TCP/IP port forwarding.
Holds information required for the client to perform authentication with the server
SshClient builder
A client channel used to communicate with the SSH server.
Various events used by
ClientChannel.waitFor(java.util.Collection, long)TODO Add javadoc
Client side
ssh-connection service.The
ClientFactoryManager enable the retrieval of additional configuration needed specifically for the
client side.Provides a way to implement proxied connections where some metadata about the client is sent before the actual
SSH protocol is executed - e.g., the PROXY
protocol.
An authenticated session to a given SSH server.
The default implementation of a
ClientSessionClient side
ssh-auth service.
Represents a command, shell or subsystem that can be used to send command.
Commands are executed on the server side when an "exec" channel is requested by the SSH client.
An
SshFuture for asynchronous connections requests.Interface implementing ssh-connection service.
Configurable properties for sshd-core.
Simple helper class which gets GSS credential using a fixed Krb5 login configuration.
Holds the current SSH service for a
Session.A default implementation of
AuthFuture.Monitors the
~/.ssh/authorized_keys file of the user currently running the server, re-loading it if
necessary.A ChannelStreamWriter that simply calls the
Channel.writePacket(Buffer) method.Detects if the server sends a
"server-sig-algs" and updates the client
session by adding the "rsa-sha2-256/512" signature
factories (if not already added).
A default implementation of
ConnectFuture.Requests a "tcpip-forward" action
The default
ForwarderFactory implementation.Provides a default implementation for
KeyboardInteractiveAuthenticator where it prompts for the password.Monitors the
~/.ssh/known_hosts file of the user currently running the client, updating and re-loading it if
necessary.A default implementation of
OpenFuture.A basic default implementation of a server-side
KexExtensionHandler handling the
ServerSignatureAlgorithms KEX extension.A
ServerKeyVerifier that delegates verification to the instance found in the ClientSession metadata
The verifier can be specified at the SshClient level, which may have connections to multiple hosts.Diffie-Hellman key generator.
Base class for DHG key exchange algorithms.
Simple class holding the data for DH group key exchanges.
Elliptic Curve Diffie-Hellman key agreement.
Interface providing access to the environment map and allowing the registration of listeners for certain signals.
This interface allows retrieving all the
NamedFactory used in the SSH protocol.TODO Add javadoc
A factory for creating forwarder objects for client port forwarding
Determines if a forwarding request will be permitted.
An exception that can be set on a
GlobalRequestFuture to indicate that the
server sent back a failure reply.A
DefaultSshFuture that can be used to wait for the reply of an SSH_MSG_GLOBAL_REQUEST sent with
want-reply = true.A
ReplyHandler is invoked asynchronously when the reply for a request with want-reply = true is
received.Class providing basic GSS authentication services.
Provides report about the client side host-based authentication progress
Invoked when "hostbased" authentication is used
Represents a server "challenge" as per RFC-4256
A simplistic interactive shell factory
This shell have inverted streams, such as the one obtained when launching a new
Process from java.A shell implementation that wraps an instance of
InvertedShell as a Command.TODO Add javadoc
Handler for "keepalive@xxx" global request.
Used to support RFC 8308
Provides a hint as to the context in which
isKexExtensionsAvailable is invokedThe phase at which
sendKexExtensions is invokedTODO Add javadoc
Holds KEX negotiation stage configuration
Uses an
SshAgent to generate the identity signatureProvides pluggable authentication using the "keyboard-interactive" method as specified by
RFC-4256?
General interface for key encapsulation methods (KEM).
Client-side KEM operations.
Server-side KEM operations.
Key exchange algorithm.
Manages SSH message sending during a key exchange.
Uses a
KeyPair to generate the identity signatureChecks against a
Collection of PublicKeysRepresents an entry in the internal verifier's cache
A
Window that describes how much data this side is prepared to receive from the peer.Special exception returned by
AbstractSession.getSession(org.apache.sshd.common.io.IoSession, boolean) to
indicate that there is no currently attached SSH sessionHelper class to load DH group primes from a file.
Provides implementation details for Montgomery curves and their key exchange algorithms Curve25519/X25519 and
Curve448/X448 specified in RFC 7748 and RFC 8731.
Special exception thrown by
AbstractSession.attachSession(org.apache.sshd.common.io.IoSession, AbstractSession) in order to indicate an
already attached I/O sessionTODO Add javadoc
Handler for "no-more-sessions@xxx" global request.
An
SshFuture for asynchronous channel opening requests.Holds all the data necessary to create a signed OpenSSH Certificate
A handler for the "hostkeys-00@openssh.com" request - for now, only reads the presented host key.
An initial handler for "hostkeys-prove-00@openssh.com" request
A
ByteArrayBuffer that will be prepared with the SSH header (5 bytes).Used to inform the about the progress of a password authentication
Used to authenticate users based on a password.
A special exception that can be thrown by the
PasswordAuthenticator to indicate that the password requires
changing or is not string enoughFuture holding a packet pending key exchange termination.
ChannelDataReceiver that buffers the received data into byte buffer and provides an InputStream to
consume them.Marker interface for classes that allow to add/remove port forwarding listeners.
Bridges the I/O streams between the SSH command and the process that executes it
Executes commands by invoking the underlying shell
Serves as the base channel session for executing remote commands - including a full shell.
Provides report about the client side public key authentication progress
The
PublickeyAuthenticator is used on the server side to authenticate user public keys.Handles Putty specific channel requests as indicated by
Appendix F: SSH-2 names specified for
PuTTY
A
ForwardingFilter that rejects all requestsRejects all authentication attempts
Rejects all authentication attempts
A
Window reflecting this side's view of the peer's LocalWindow.A global request handler.
A ServerKeyVerifier that accepts one server key (specified in the constructor)
Provides a way to listen and handle the
SSH_MSG_IGNORE and SSH_MSG_DEBUG messages that are received
by a session, as well as proprietary and/or extension messages and behavior.Delegates the main interface methods to specific ones after having decoded each message buffer
Holds providers and helpers related to the server side authentication process
SshServer builder
Server side
ssh-connection service.The
ServerFactoryManager enable the retrieval of additional configuration needed specifically for the
server side.Loads server identity key files - e.g.,
/etc/ssh/ssh_host_rsa_keyThe
ServerKeyVerifier is used on the client side to authenticate the key provided by the server.Provides a way to implement proxied connections where some metadata about the client is sent before the actual
SSH protocol is executed - e.g., the PROXY
protocol.
Interface that can be implemented by a command to be able to access the server session in which this command will be
used.
The default implementation for a
ServerSessionSee RFC 4253 [SSH-TRANS] and the SSH_MSG_SERVICE_REQUEST packet.
Represents an SSH session.
Invoked when the internal session code decides it should disconnect a session due to some consideration.
TODO Add javadoc
A factory of client sessions.
A factory of server sessions.
Contains split code in order to make
AbstractSession class smallerRepresents an interface receiving session events.
Marker interface for classes that allow to add/remove session listeners.
Task that iterates over all currently open
Sessions and checks each of them for timeouts.Shell(s) are executed on the server side when a "shell" channel is established
Define a listener to receive signals
Provides a simplified and synchronous view of the available SSH client functionality.
An implementation of
IoOutputStream using a synchronous ChannelOutputStream.A simplified synchronous API for creating client sessions
SOCKS proxy server, supporting simple socks4/5 protocols.
SSH key agent server
The
SshAgentFactory is used to communicate with an SshAgent.A
SshAgentKeyConstraint describes usage constraints for keys when being added to an SSH2 agent.An OpenSSH
SshAgentKeyConstraint extension.The OpenSSH "sk-provider@openssh.com" key constraint extension used for FIDO keys.
An OpenSSH lifetime constraint expires a key added to an SSH agent after the given number of seconds.
Used by the
BufferedIoOutputStream to signal a non-recoverable errorDocuments failure of a channel to open as expected.
Entry point for the client side of the SSH protocol.
Reads and interprets some useful configurations from an OpenSSH configuration file.
The SshServer class is the main entry point for the server side of the SSH protocol.
Reads and interprets some useful configurations from an OpenSSH configuration file.
A
ForwardingFilter implementation that returns the same "static" result for all the queries.Returns the same constant result
true/false regardlessReturns the same constant result
true/false regardlessReturns the same constant answer
true/false regardlessA channel that can be either configured to use synchronous or asynchrounous streams.
The type of requested connection forwarding.
TODO Add javadoc
Type of channel being created.
Handler for "tcpip-forward" global request.
Special marker interface used to signal to the forwarding filter that an exception has been caught on the forwarded
channel
TODO Add javadoc
Implementation of an unknown command that can be returned by
CommandFactory when the command is not
known, as it is supposed to always return a valid Command object.Represents a user authentication mechanism
Server side authentication mechanism.
Prototype user authentication handling gssapi-with-mic.
Factory class.
Manages a "keyboard-interactive" exchange according to
RFC4256
Issue a "keyboard-interactive" command according to
RFC4256
TODO Add javadoc
Implements the client-side "password" authentication mechanism
Implements the server-side "password" authentication mechanism
Implements the "publickey" authentication mechanism
TODO Add javadoc
Interface used by the ssh client to communicate with the end user.
Used to indicate at which authentication phase to send the welcome banner (if any configured)
A
Channel implements a sliding window flow control for data packets (SSH_MSG_CHANNEL_DATA and
SSH_MSG_CHANNEL_EXTENDED_DATA packets).Indicates a
Window has been closed.Special marker interface used to signal to the forwarding filter that an exception has been caught on the forwarded
channel
Provides Diffie-Hellman SSH key exchange algorithms for the Montgomery curves specified in RFC 8731.