org.apache.sshd.server.config.keys

Class DefaultAuthorizedKeysAuthenticator

java.lang.Object

org.apache.sshd.common.util.logging.AbstractLoggingBean

org.apache.sshd.common.util.io.ModifiableFileWatcher

org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator

org.apache.sshd.server.config.keys.DefaultAuthorizedKeysAuthenticator

All Implemented Interfaces:

PublickeyAuthenticator

public class DefaultAuthorizedKeysAuthenticator
extends AuthorizedKeysAuthenticator

Monitors the ~/.ssh/authorized_keys file of the user currently running the server, re-loading it if necessary. It also (optionally) enforces the same permissions regime as OpenSSH does for the file permissions. By default also compares the current username with the authenticated one.

Author:

Apache MINA SSHD Project

Field Summary

Fields

Modifier and Type	Field and Description
static DefaultAuthorizedKeysAuthenticator	INSTANCE The default instance that enforces the same permissions regime as OpenSSH

Fields inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher

options

Fields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean

log

Constructor Summary

Constructors

Constructor and Description
DefaultAuthorizedKeysAuthenticator(boolean strict)
DefaultAuthorizedKeysAuthenticator(File file, boolean strict)
DefaultAuthorizedKeysAuthenticator(Path path, boolean strict, LinkOption... options)
DefaultAuthorizedKeysAuthenticator(String user, boolean strict)
DefaultAuthorizedKeysAuthenticator(String user, File file, boolean strict)
DefaultAuthorizedKeysAuthenticator(String user, Path path, boolean strict, LinkOption... options)

Method Summary

Modifier and Type	Method and Description
String	getUsername()
boolean	isStrict()
protected boolean	isValidUsername(String username, ServerSession session)
protected Collection<AuthorizedKeyEntry>	reloadAuthorizedKeys(Path path, String username, ServerSession session)
protected Path	validateFilePath(Path path, Collection<PosixFilePermission> perms, Collection<PosixFilePermission> excluded)

Methods inherited from class org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator

authenticate, resolvePublickeyAuthenticator

Methods inherited from class org.apache.sshd.common.util.io.ModifiableFileWatcher

checkReloadRequired, exists, getPath, lastModified, resetReloadAttributes, size, updateReloadAttributes

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

INSTANCE

public static final DefaultAuthorizedKeysAuthenticator INSTANCE

The default instance that enforces the same permissions regime as OpenSSH

Constructor Detail

DefaultAuthorizedKeysAuthenticator

public DefaultAuthorizedKeysAuthenticator(boolean strict)

Parameters:

strict - If true then makes sure that the containing folder has 0700 access and the file 0600. Note: for Windows it does not check these permissions

DefaultAuthorizedKeysAuthenticator

public DefaultAuthorizedKeysAuthenticator(String user,
                                          boolean strict)

DefaultAuthorizedKeysAuthenticator

public DefaultAuthorizedKeysAuthenticator(File file,
                                          boolean strict)

DefaultAuthorizedKeysAuthenticator

public DefaultAuthorizedKeysAuthenticator(String user,
                                          File file,
                                          boolean strict)

DefaultAuthorizedKeysAuthenticator

public DefaultAuthorizedKeysAuthenticator(Path path,
                                          boolean strict,
                                          LinkOption... options)

DefaultAuthorizedKeysAuthenticator

public DefaultAuthorizedKeysAuthenticator(String user,
                                          Path path,
                                          boolean strict,
                                          LinkOption... options)

Method Detail

getUsername

public final String getUsername()

isStrict

public final boolean isStrict()

isValidUsername

protected boolean isValidUsername(String username,
                                  ServerSession session)

Overrides:

isValidUsername in class AuthorizedKeysAuthenticator

reloadAuthorizedKeys

protected Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(Path path,
                                                              String username,
                                                              ServerSession session)
                                                       throws IOException

Overrides:

reloadAuthorizedKeys in class AuthorizedKeysAuthenticator

Throws:

IOException

validateFilePath

protected Path validateFilePath(Path path,
                                Collection<PosixFilePermission> perms,
                                Collection<PosixFilePermission> excluded)
                         throws IOException

Parameters:

path - The Path to be validated

perms - The current PosixFilePermissions

excluded - The permissions not allowed to exist

Returns:

The original path

Throws:

IOException - If an excluded permission appears in the current ones