Search in sources :

Example 1 with KeyPairProvider

use of org.apache.sshd.common.keyprovider.KeyPairProvider in project karaf by apache.

the class Activator method createSshServer.

protected SshServer createSshServer(SessionFactory sessionFactory) {
    int sshPort = getInt("sshPort", 8181);
    String sshHost = getString("sshHost", "0.0.0.0");
    long sshIdleTimeout = getLong("sshIdleTimeout", 1800000);
    int nioWorkers = getInt("nio-workers", 2);
    String sshRealm = getString("sshRealm", "karaf");
    String sshRole = getString("sshRole", null);
    String hostKey = getString("hostKey", System.getProperty("karaf.etc") + "/host.key");
    String[] authMethods = getStringArray("authMethods", "keyboard-interactive,password,publickey");
    int keySize = getInt("keySize", 2048);
    String algorithm = getString("algorithm", "RSA");
    String[] macs = getStringArray("macs", "hmac-sha2-512,hmac-sha2-256,hmac-sha1");
    String[] ciphers = getStringArray("ciphers", "aes128-ctr,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc");
    String[] kexAlgorithms = getStringArray("kexAlgorithms", "diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1");
    String welcomeBanner = getString("welcomeBanner", null);
    String moduliUrl = getString("moduli-url", null);
    boolean sftpEnabled = getBoolean("sftpEnabled", true);
    Path serverKeyPath = Paths.get(hostKey);
    KeyPairProvider keyPairProvider = new OpenSSHKeyPairProvider(serverKeyPath.toFile(), algorithm, keySize);
    KarafJaasAuthenticator authenticator = new KarafJaasAuthenticator(sshRealm, sshRole);
    UserAuthFactoriesFactory authFactoriesFactory = new UserAuthFactoriesFactory();
    authFactoriesFactory.setAuthMethods(authMethods);
    SshServer server = SshServer.setUpDefaultServer();
    server.setPort(sshPort);
    server.setHost(sshHost);
    server.setMacFactories(SshUtils.buildMacs(macs));
    server.setCipherFactories(SshUtils.buildCiphers(ciphers));
    server.setKeyExchangeFactories(SshUtils.buildKexAlgorithms(kexAlgorithms));
    server.setShellFactory(new ShellFactoryImpl(sessionFactory));
    if (sftpEnabled) {
        server.setCommandFactory(new ScpCommandFactory.Builder().withDelegate(cmd -> new ShellCommand(sessionFactory, cmd)).build());
        server.setSubsystemFactories(Collections.singletonList(new SftpSubsystemFactory()));
        server.setFileSystemFactory(new VirtualFileSystemFactory(Paths.get(System.getProperty("karaf.base"))));
    } else {
        server.setCommandFactory(cmd -> new ShellCommand(sessionFactory, cmd));
    }
    server.setKeyPairProvider(keyPairProvider);
    server.setPasswordAuthenticator(authenticator);
    server.setPublickeyAuthenticator(authenticator);
    server.setUserAuthFactories(authFactoriesFactory.getFactories());
    server.setAgentFactory(KarafAgentFactory.getInstance());
    server.setForwardingFilter(AcceptAllForwardingFilter.INSTANCE);
    server.getProperties().put(SshServer.IDLE_TIMEOUT, Long.toString(sshIdleTimeout));
    server.getProperties().put(SshServer.NIO_WORKERS, Integer.toString(nioWorkers));
    if (moduliUrl != null) {
        server.getProperties().put(SshServer.MODULI_URL, moduliUrl);
    }
    if (welcomeBanner != null) {
        server.getProperties().put(SshServer.WELCOME_BANNER, welcomeBanner);
    }
    return server;
}
Also used : Path(java.nio.file.Path) VirtualFileSystemFactory(org.apache.sshd.common.file.virtualfs.VirtualFileSystemFactory) SshServer(org.apache.sshd.server.SshServer) ScpCommandFactory(org.apache.sshd.server.scp.ScpCommandFactory) SftpSubsystemFactory(org.apache.sshd.server.subsystem.sftp.SftpSubsystemFactory) OpenSSHKeyPairProvider(org.apache.karaf.shell.ssh.keygenerator.OpenSSHKeyPairProvider) KeyPairProvider(org.apache.sshd.common.keyprovider.KeyPairProvider) OpenSSHKeyPairProvider(org.apache.karaf.shell.ssh.keygenerator.OpenSSHKeyPairProvider)

Example 2 with KeyPairProvider

use of org.apache.sshd.common.keyprovider.KeyPairProvider in project gerrit by GerritCodeReview.

the class SshDaemon method myHostKeys.

private List<PublicKey> myHostKeys() {
    KeyPairProvider p = getKeyPairProvider();
    List<PublicKey> keys = new ArrayList<>(6);
    try {
        addPublicKey(keys, p, KeyPairProvider.SSH_ED25519);
        addPublicKey(keys, p, KeyPairProvider.ECDSA_SHA2_NISTP256);
        addPublicKey(keys, p, KeyPairProvider.ECDSA_SHA2_NISTP384);
        addPublicKey(keys, p, KeyPairProvider.ECDSA_SHA2_NISTP521);
        addPublicKey(keys, p, KeyPairProvider.SSH_RSA);
        addPublicKey(keys, p, KeyPairProvider.SSH_DSS);
    } catch (IOException | GeneralSecurityException e) {
        throw new IllegalStateException("Cannot load SSHD host key", e);
    }
    return keys;
}
Also used : KeyPairProvider(org.apache.sshd.common.keyprovider.KeyPairProvider) PublicKey(java.security.PublicKey) GeneralSecurityException(java.security.GeneralSecurityException) ArrayList(java.util.ArrayList) IOException(java.io.IOException)

Aggregations

KeyPairProvider (org.apache.sshd.common.keyprovider.KeyPairProvider)2 IOException (java.io.IOException)1 Path (java.nio.file.Path)1 GeneralSecurityException (java.security.GeneralSecurityException)1 PublicKey (java.security.PublicKey)1 ArrayList (java.util.ArrayList)1 OpenSSHKeyPairProvider (org.apache.karaf.shell.ssh.keygenerator.OpenSSHKeyPairProvider)1 VirtualFileSystemFactory (org.apache.sshd.common.file.virtualfs.VirtualFileSystemFactory)1 SshServer (org.apache.sshd.server.SshServer)1 ScpCommandFactory (org.apache.sshd.server.scp.ScpCommandFactory)1 SftpSubsystemFactory (org.apache.sshd.server.subsystem.sftp.SftpSubsystemFactory)1