Module org.eclipse.jgit.ssh.apache
Package org.eclipse.jgit.transport.sshd

Class SshdSessionFactory

java.lang.Object
org.eclipse.jgit.transport.SshSessionFactory
org.eclipse.jgit.transport.sshd.SshdSessionFactory
All Implemented Interfaces:
Closeable, AutoCloseable
public class SshdSessionFactory extends SshSessionFactory implements Closeable
A SshSessionFactory that uses Apache MINA sshd. Classes from Apache MINA sshd are kept private to avoid API evolution problems when Apache MINA sshd interfaces change.
Since:
5.2

  • Constructor Details

    • SshdSessionFactory

      public SshdSessionFactory()
      Creates a new SshdSessionFactory without key cache and a DefaultProxyDataFactory.

    • SshdSessionFactory

      public SshdSessionFactory(KeyCache keyCache, ProxyDataFactory proxies)
      Creates a new SshdSessionFactory using the given KeyCache and ProxyDataFactory. The keyCache is used for all sessions created through this session factory; cached keys are destroyed when the session factory is closed.

      Caching ssh keys in memory for an extended period of time is generally considered bad practice, but there may be circumstances where using a KeyCache is still the right choice, for instance to avoid that a user gets prompted several times for the same password for the same key. In general, however, it is preferable not to use a key cache but to use a KeyPasswordProvider that has access to some secure storage and can save and retrieve passwords from there without user interaction. Another approach is to use an SSH agent.

      Note that the underlying ssh library (Apache MINA sshd) may or may not keep ssh keys in memory for unspecified periods of time irrespective of the use of a KeyCache.

      By default, the factory uses the ServiceLoader to find a ConnectorFactory for creating a Connector to connect to a running SSH agent. If it finds one, the SSH agent is used in publickey authentication. If there is none, no SSH agent will ever be contacted. Note that one can define IdentitiesOnly yes for a host entry in the ~/.ssh/config file to bypass the SSH agent in any case.

      Parameters:
      keyCache - KeyCache to use for caching ssh keys, or null to not use a key cache
      proxies - ProxyDataFactory to use, or null to not use a proxy database (in which case connections through proxies will not be possible)

  • Method Details

    • getType

      public String getType()
      Specified by:
      getType in class SshSessionFactory

    • getSession

      public SshdSession getSession(URIish uri, CredentialsProvider credentialsProvider, FS fs, int tms) throws TransportException
      Specified by:
      getSession in class SshSessionFactory
      Throws:
      TransportException

    • close

      public void close()
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable

    • setHomeDirectory

      public void setHomeDirectory(@NonNull File homeDir)
      Set a global directory to use as the user's home directory
      Parameters:
      homeDir - to use

    • getHomeDirectory

      public File getHomeDirectory()
      Retrieves the global user home directory
      Returns:
      the directory, or null if not set

    • setSshDirectory

      public void setSshDirectory(@NonNull File sshDir)
      Set a global directory to use as the .ssh directory
      Parameters:
      sshDir - to use

    • getSshDirectory

      public File getSshDirectory()
      Retrieves the global .ssh directory
      Returns:
      the directory, or null if not set

    • getSshConfig

      protected File getSshConfig(@NonNull File sshDir)
      Determines the ssh config file. The default implementation returns ~/.ssh/config. If the file does not exist and is created later it will be picked up. To not use a config file at all, return null.
      Parameters:
      sshDir - representing ~/.ssh/
      Returns:
      the file (need not exist), or null if no config file shall be used
      Since:
      5.5

    • createSshConfigStore

      protected SshConfigStore createSshConfigStore(@NonNull File homeDir, File configFile, String localUserName)
      Obtains a SshConfigStore, or null if not SSH config is to be used. The default implementation returns null if configFile == null and otherwise an OpenSSH-compatible store reading host entries from the given file.
      Parameters:
      homeDir - may be used for ~-replacements by the returned config store
      configFile - to use, or null if none
      localUserName - user name of the current user on the local OS
      Returns:
      A SshConfigStore, or null if none is to be used
      Since:
      5.8

    • getServerKeyDatabase

      @NonNull protected ServerKeyDatabase getServerKeyDatabase(@NonNull File homeDir, @NonNull File sshDir)
      Obtains a ServerKeyDatabase to verify server host keys. The default implementation returns a ServerKeyDatabase that recognizes the two openssh standard files ~/.ssh/known_hosts and ~/.ssh/known_hosts2 as well as any files configured via the UserKnownHostsFile option in the ssh config file.
      Parameters:
      homeDir - home directory to use for ~ replacement
      sshDir - representing ~/.ssh/
      Returns:
      the ServerKeyDatabase
      Since:
      5.5

    • createServerKeyDatabase

      @NonNull protected ServerKeyDatabase createServerKeyDatabase(@NonNull File homeDir, @NonNull File sshDir)
      Creates a ServerKeyDatabase to verify server host keys. The default implementation returns a ServerKeyDatabase that recognizes the two openssh standard files ~/.ssh/known_hosts and ~/.ssh/known_hosts2 as well as any files configured via the UserKnownHostsFile option in the ssh config file.
      Parameters:
      homeDir - home directory to use for ~ replacement
      sshDir - representing ~/.ssh/
      Returns:
      the ServerKeyDatabase
      Since:
      5.8

    • getConnectorFactory

      protected ConnectorFactory getConnectorFactory()
      Gets a ConnectorFactory. If this returns null, SSH agents are not supported.

      The default implementation uses ConnectorFactory.getDefault()

      Returns:
      the factory, or null if no SSH agent support is desired
      Since:
      6.0

    • getDefaultKnownHostsFiles

      @NonNull protected List<Path> getDefaultKnownHostsFiles(@NonNull File sshDir)
      Gets the list of default user known hosts files. The default returns ~/.ssh/known_hosts and ~/.ssh/known_hosts2. The ssh config UserKnownHostsFile overrides this default.
      Parameters:
      sshDir -
      Returns:
      the possibly empty list of default known host file paths.

    • getDefaultKeys

      @NonNull protected Iterable<KeyPair> getDefaultKeys(@NonNull File sshDir)
      Determines the default keys. The default implementation will lazy load the default identity files.

      Subclasses may override and return an Iterable of whatever keys are appropriate. If the returned iterable lazily loads keys, it should be an instance of AbstractResourceKeyPairProvider so that the session can later pass it the password provider wrapped as a FilePasswordProvider via AbstractResourceKeyPairProvider#setPasswordFinder(FilePasswordProvider) so that encrypted, password-protected keys can be loaded.

      The default implementation uses exactly this mechanism; class CachingKeyPairProvider may serve as a model for a customized lazy-loading Iterable implementation

      If the Iterable returned has the keys already pre-loaded or otherwise doesn't need to decrypt encrypted keys, it can be any Iterable, for instance a simple List.

      Parameters:
      sshDir - to look in for keys
      Returns:
      an Iterable over the default keys
      Since:
      5.3

    • getDefaultIdentities

      @NonNull protected List<Path> getDefaultIdentities(@NonNull File sshDir)
      Gets a list of default identities, i.e., private key files that shall always be tried for public key authentication. Typically those are ~/.ssh/id_dsa, ~/.ssh/id_rsa, and so on. The default implementation returns the files defined in SshConstants.DEFAULT_IDENTITIES.
      Parameters:
      sshDir - the directory that represents ~/.ssh/
      Returns:
      a possibly empty list of paths containing default identities (private keys)

    • getKeyCache

      protected final KeyCache getKeyCache()
      Obtains the KeyCache to use to cache loaded keys.
      Returns:
      the KeyCache, or null if none.

    • createKeyPasswordProvider

      @NonNull protected KeyPasswordProvider createKeyPasswordProvider(CredentialsProvider provider)
      Creates a KeyPasswordProvider for a new session.
      Parameters:
      provider - the CredentialsProvider to delegate to for user interactions
      Returns:
      a new KeyPasswordProvider

    • getDefaultPreferredAuthentications

      protected String getDefaultPreferredAuthentications()
      Gets the list of default preferred authentication mechanisms. If null is returned the openssh default list will be in effect. If the ssh config defines PreferredAuthentications the value from the ssh config takes precedence.
      Returns:
      a comma-separated list of mechanism names, or null if none