Package org.apache.sshd.server.config.keys

Class AuthorizedKeysAuthenticator

java.lang.Object

org.apache.sshd.common.util.logging.AbstractLoggingBean

org.apache.sshd.common.util.io.ModifiableFileWatcher

org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator

All Implemented Interfaces:

PublickeyAuthenticator

Direct Known Subclasses:

DefaultAuthorizedKeysAuthenticator

public class AuthorizedKeysAuthenticator
extends ModifiableFileWatcher
implements PublickeyAuthenticator

Uses the authorized keys file to implement PublickeyAuthenticator while automatically re-loading the keys if the file has changed when a new authentication request is received. Note: by default, the only validation of the username is that it is not null/empty - see isValidUsername(String, ServerSession)

Author:

Apache MINA SSHD Project

Field Summary

Fields

Modifier and Type	Field	Description
static final String	STD_AUTHORIZED_KEYS_FILENAME	Standard OpenSSH authorized keys file name

Fields inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher

options, STRICTLY_PROHIBITED_FILE_PERMISSION

Fields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean

log

Constructor Summary

Constructors

Constructor	Description
AuthorizedKeysAuthenticator(Path file)
AuthorizedKeysAuthenticator(Path file, LinkOption... options)

Method Summary

Modifier and Type	Method	Description
boolean	authenticate(String username, PublicKey key, ServerSession session)	Checks whether the given PublicKey is allowed to be used for authenticating user "username" in a session.
protected PublickeyAuthenticator	createDelegateAuthenticator(String username, ServerSession session, Path path, Collection<AuthorizedKeyEntry> entries, PublicKeyEntryResolver fallbackResolver)
static Path	getDefaultAuthorizedKeysFile()
protected PublicKeyEntryResolver	getFallbackPublicKeyEntryResolver()
protected boolean	isValidUsername(String username, ServerSession session)
static List<AuthorizedKeyEntry>	readDefaultAuthorizedKeys(OpenOption... options)	Reads read the contents of the default OpenSSH authorized_keys file
protected Collection<AuthorizedKeyEntry>	reloadAuthorizedKeys(Path path, String username, ServerSession session)
protected PublickeyAuthenticator	resolvePublickeyAuthenticator(String username, ServerSession session)

Methods inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher

checkReloadRequired, exists, getPath, lastModified, resetReloadAttributes, size, toPathResource, toPathResource, toString, updateReloadAttributes, validateStrictConfigFilePermissions

Methods inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean

debug, debug, debug, debug, debug, error, error, error, error, error, getSimplifiedLogger, info, info, warn, warn, warn, warn, warn, warn, warn, warn

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

STD_AUTHORIZED_KEYS_FILENAME

public static final String STD_AUTHORIZED_KEYS_FILENAME

Standard OpenSSH authorized keys file name

See Also:

• Constant Field Values

Constructor Details

AuthorizedKeysAuthenticator

public AuthorizedKeysAuthenticator(Path file)

AuthorizedKeysAuthenticator

public AuthorizedKeysAuthenticator(Path file,
 LinkOption... options)

Method Details

authenticate

public boolean authenticate(String username,
 PublicKey key,
 ServerSession session)

Description copied from interface: PublickeyAuthenticator

Checks whether the given PublicKey is allowed to be used for authenticating user "username" in a session.

Note that the key may be a OpenSshCertificate. A typical implementation for a certificate would check that the certificate's CA key is known to be trusted as a certificate authority, and that the given user name is listed in the certificate's principals.

Specified by:

authenticate in interface PublickeyAuthenticator

Parameters:

username - the username

key - the key

session - the server session

Returns:

true if the key may be used; false otherwise

isValidUsername

protected boolean isValidUsername(String username,
 ServerSession session)

resolvePublickeyAuthenticator

protected PublickeyAuthenticator resolvePublickeyAuthenticator(String username,
 ServerSession session)
                                                        throws IOException,
GeneralSecurityException

Throws:

IOException

GeneralSecurityException

createDelegateAuthenticator

protected PublickeyAuthenticator createDelegateAuthenticator(String username,
 ServerSession session,
 Path path,
 Collection<AuthorizedKeyEntry> entries,
 PublicKeyEntryResolver fallbackResolver)
                                                      throws IOException,
GeneralSecurityException

Throws:

IOException

GeneralSecurityException

getFallbackPublicKeyEntryResolver

protected PublicKeyEntryResolver getFallbackPublicKeyEntryResolver()

reloadAuthorizedKeys

protected Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(Path path,
 String username,
 ServerSession session)
                                                       throws IOException,
GeneralSecurityException

Throws:

IOException

GeneralSecurityException

getDefaultAuthorizedKeysFile

public static Path getDefaultAuthorizedKeysFile()

Returns:

The default Path location of the OpenSSH authorized keys file

readDefaultAuthorizedKeys

public static List<AuthorizedKeyEntry> readDefaultAuthorizedKeys(OpenOption... options)
                                                          throws IOException

Reads read the contents of the default OpenSSH authorized_keys file

Parameters:

options - The OpenOptions to use when reading the file

Returns:

A List of all the AuthorizedKeyEntry-ies found there - or empty if file does not exist

Throws:

IOException - If failed to read keys from file