001 /*
002 * Copyright (C) 2012 eXo Platform SAS.
003 *
004 * This is free software; you can redistribute it and/or modify it
005 * under the terms of the GNU Lesser General Public License as
006 * published by the Free Software Foundation; either version 2.1 of
007 * the License, or (at your option) any later version.
008 *
009 * This software is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * You should have received a copy of the GNU Lesser General Public
015 * License along with this software; if not, write to the Free
016 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
017 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
018 */
019
020 package org.crsh.ssh;
021
022 import org.crsh.auth.AuthenticationPlugin;
023 import org.crsh.plugin.CRaSHPlugin;
024 import org.crsh.plugin.PropertyDescriptor;
025 import org.crsh.plugin.ResourceKind;
026 import org.crsh.ssh.term.SSHLifeCycle;
027 import org.crsh.vfs.Resource;
028
029 import java.io.File;
030 import java.io.IOException;
031 import java.net.MalformedURLException;
032 import java.net.URL;
033 import java.util.Arrays;
034 import java.util.logging.Level;
035
036 import org.apache.sshd.common.util.SecurityUtils;
037
038 public class SSHPlugin extends CRaSHPlugin<SSHPlugin> {
039
040 /** The SSH port. */
041 public static final PropertyDescriptor<Integer> SSH_PORT = PropertyDescriptor.create("ssh.port", 2000, "The SSH port");
042
043 /** The SSH server key path. */
044 public static final PropertyDescriptor<String> SSH_SERVER_KEYPATH = PropertyDescriptor.create("ssh.keypath", (String)null, "The path to the key file");
045
046 /** The SSH server idle timeout. */
047 private static final int SSH_SERVER_IDLE_DEFAULT_TIMEOUT = 10 * 60 * 1000;
048 public static final PropertyDescriptor<Integer> SSH_SERVER_IDLE_TIMEOUT = PropertyDescriptor.create("ssh.idle-timeout", SSH_SERVER_IDLE_DEFAULT_TIMEOUT, "The idle-timeout for ssh sessions");
049
050 /** The SSH server authentication timeout. */
051 private static final int SSH_SERVER_AUTH_DEFAULT_TIMEOUT = 10 * 60 * 1000;
052 public static final PropertyDescriptor<Integer> SSH_SERVER_AUTH_TIMEOUT = PropertyDescriptor.create("ssh.auth-timeout", SSH_SERVER_AUTH_DEFAULT_TIMEOUT, "The authentication timeout for ssh sessions");
053
054
055 /** . */
056 private SSHLifeCycle lifeCycle;
057
058 @Override
059 public SSHPlugin getImplementation() {
060 return this;
061 }
062
063 @Override
064 protected Iterable<PropertyDescriptor<?>> createConfigurationCapabilities() {
065 return Arrays.<PropertyDescriptor<?>>asList(SSH_PORT, SSH_SERVER_KEYPATH, SSH_SERVER_IDLE_TIMEOUT, SSH_SERVER_AUTH_TIMEOUT, AuthenticationPlugin.AUTH);
066 }
067
068 @Override
069 public void init() {
070
071 SecurityUtils.setRegisterBouncyCastle(true);
072 //
073 Integer port = getContext().getProperty(SSH_PORT);
074 if (port == null) {
075 log.log(Level.INFO, "Could not boot SSHD due to missing due to missing port configuration");
076 return;
077 }
078
079 Integer idleTimeout = getContext().getProperty(SSH_SERVER_IDLE_TIMEOUT);
080 if (idleTimeout == null) {
081 idleTimeout = SSH_SERVER_IDLE_DEFAULT_TIMEOUT;
082 }
083 Integer authTimeout = getContext().getProperty(SSH_SERVER_AUTH_TIMEOUT);
084 if (authTimeout == null) {
085 authTimeout = SSH_SERVER_AUTH_DEFAULT_TIMEOUT;
086 }
087
088 //
089 Resource serverKey = null;
090
091 // Get embedded default key
092 URL serverKeyURL = SSHPlugin.class.getResource("/crash/hostkey.pem");
093 if (serverKeyURL != null) {
094 try {
095 log.log(Level.FINE, "Found embedded key url " + serverKeyURL);
096 serverKey = new Resource(serverKeyURL);
097 }
098 catch (IOException e) {
099 log.log(Level.FINE, "Could not load ssh key from url " + serverKeyURL, e);
100 }
101 }
102
103 // Override from config if any
104 Resource serverKeyRes = getContext().loadResource("hostkey.pem", ResourceKind.CONFIG);
105 if (serverKeyRes != null) {
106 serverKey = serverKeyRes;
107 log.log(Level.FINE, "Found server ssh key url");
108 }
109
110 // If we have a key path, we convert is as an URL
111 String serverKeyPath = getContext().getProperty(SSH_SERVER_KEYPATH);
112 if (serverKeyPath != null) {
113 log.log(Level.FINE, "Found server key path " + serverKeyPath);
114 File f = new File(serverKeyPath);
115 if (f.exists() && f.isFile()) {
116 try {
117 serverKeyURL = f.toURI().toURL();
118 serverKey = new Resource(serverKeyURL);
119 } catch (MalformedURLException e) {
120 log.log(Level.FINE, "Ignoring invalid server key " + serverKeyPath, e);
121 } catch (IOException e) {
122 log.log(Level.FINE, "Could not load ssh key from " + serverKeyURL, e);
123 }
124 } else {
125 log.log(Level.FINE, "Ignoring invalid server key path " + serverKeyPath);
126 }
127 }
128
129 //
130 if (serverKeyURL == null) {
131 log.log(Level.INFO, "Could not boot SSHD due to missing server key");
132 return;
133 }
134
135 // Get the authentication
136 AuthenticationPlugin authPlugin = AuthenticationPlugin.NULL;
137 String authentication = getContext().getProperty(AuthenticationPlugin.AUTH);
138 if (authentication != null) {
139 for (AuthenticationPlugin authenticationPlugin : getContext().getPlugins(AuthenticationPlugin.class)) {
140 if (authentication.equals(authenticationPlugin.getName())) {
141 authPlugin = authenticationPlugin;
142 break;
143 }
144 }
145 }
146
147 //
148 log.log(Level.INFO, "Booting SSHD");
149 SSHLifeCycle lifeCycle = new SSHLifeCycle(getContext(), authPlugin);
150 lifeCycle.setPort(port);
151 lifeCycle.setKey(serverKey);
152 lifeCycle.setAuthTimeout(authTimeout);
153 lifeCycle.setIdleTimeout(idleTimeout);
154 lifeCycle.init();
155
156 //
157 this.lifeCycle = lifeCycle;
158 }
159
160 @Override
161 public void destroy() {
162 if (lifeCycle != null) {
163 log.log(Level.INFO, "Shutting down SSHD");
164 lifeCycle.destroy();
165 lifeCycle = null;
166 }
167 }
168 }