public class DefaultAuthorizedKeysAuthenticator extends AuthorizedKeysAuthenticator implements UsernameHolder
~/.ssh/authorized_keys
file of the user currently running the server, re-loading it if
necessary. It also (optionally) enforces the same permissions regime as OpenSSH
does for the file
permissions. By default also compares the current username with the authenticated one.Modifier and Type | Field and Description |
---|---|
static DefaultAuthorizedKeysAuthenticator |
INSTANCE
The default instance that enforces the same permissions regime as
OpenSSH |
private boolean |
strict |
private java.lang.String |
user |
STD_AUTHORIZED_KEYS_FILENAME
options, STRICTLY_PROHIBITED_FILE_PERMISSION
log
Constructor and Description |
---|
DefaultAuthorizedKeysAuthenticator(boolean strict) |
DefaultAuthorizedKeysAuthenticator(java.nio.file.Path path,
boolean strict,
java.nio.file.LinkOption... options) |
DefaultAuthorizedKeysAuthenticator(java.lang.String user,
boolean strict) |
DefaultAuthorizedKeysAuthenticator(java.lang.String user,
java.nio.file.Path path,
boolean strict,
java.nio.file.LinkOption... options) |
Modifier and Type | Method and Description |
---|---|
java.lang.String |
getUsername() |
boolean |
isStrict() |
protected boolean |
isValidUsername(java.lang.String username,
ServerSession session) |
protected java.util.Collection<AuthorizedKeyEntry> |
reloadAuthorizedKeys(java.nio.file.Path path,
java.lang.String username,
ServerSession session) |
protected java.nio.file.Path |
validateFilePath(java.nio.file.Path path,
java.util.Collection<java.nio.file.attribute.PosixFilePermission> perms,
java.util.Collection<java.nio.file.attribute.PosixFilePermission> excluded) |
authenticate, createDelegateAuthenticator, getDefaultAuthorizedKeysFile, getFallbackPublicKeyEntryResolver, readDefaultAuthorizedKeys, resolvePublickeyAuthenticator
checkReloadRequired, exists, getPath, lastModified, resetReloadAttributes, size, toPathResource, toPathResource, toString, updateReloadAttributes, validateStrictConfigFilePermissions
getSimplifiedLogger
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
fromAuthorizedEntries
public static final DefaultAuthorizedKeysAuthenticator INSTANCE
OpenSSH
private final boolean strict
private final java.lang.String user
public DefaultAuthorizedKeysAuthenticator(boolean strict)
strict
- If true
then makes sure that the containing folder has 0700 access and the file 0600.
Note: for Windows it does not check these permissionspublic DefaultAuthorizedKeysAuthenticator(java.lang.String user, boolean strict)
public DefaultAuthorizedKeysAuthenticator(java.nio.file.Path path, boolean strict, java.nio.file.LinkOption... options)
public DefaultAuthorizedKeysAuthenticator(java.lang.String user, java.nio.file.Path path, boolean strict, java.nio.file.LinkOption... options)
public final java.lang.String getUsername()
getUsername
in interface UsernameHolder
null
/empty if holder not yet initializedpublic final boolean isStrict()
protected boolean isValidUsername(java.lang.String username, ServerSession session)
isValidUsername
in class AuthorizedKeysAuthenticator
protected java.util.Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(java.nio.file.Path path, java.lang.String username, ServerSession session) throws java.io.IOException, java.security.GeneralSecurityException
reloadAuthorizedKeys
in class AuthorizedKeysAuthenticator
java.io.IOException
java.security.GeneralSecurityException
protected java.nio.file.Path validateFilePath(java.nio.file.Path path, java.util.Collection<java.nio.file.attribute.PosixFilePermission> perms, java.util.Collection<java.nio.file.attribute.PosixFilePermission> excluded) throws java.io.IOException
path
- The Path
to be validatedperms
- The current PosixFilePermission
sexcluded
- The permissions not allowed to existjava.io.IOException
- If an excluded permission appears in the current ones