use of org.apache.sshd.common.keyprovider.KeyPairProvider in project karaf by apache.
the class Activator method createSshServer.
protected SshServer createSshServer(SessionFactory sessionFactory) {
int sshPort = getInt("sshPort", 8181);
String sshHost = getString("sshHost", "0.0.0.0");
long sshIdleTimeout = getLong("sshIdleTimeout", 1800000);
int nioWorkers = getInt("nio-workers", 2);
String sshRealm = getString("sshRealm", "karaf");
String sshRole = getString("sshRole", null);
String hostKey = getString("hostKey", System.getProperty("karaf.etc") + "/host.key");
String[] authMethods = getStringArray("authMethods", "keyboard-interactive,password,publickey");
int keySize = getInt("keySize", 2048);
String algorithm = getString("algorithm", "RSA");
String[] macs = getStringArray("macs", "hmac-sha2-512,hmac-sha2-256,hmac-sha1");
String[] ciphers = getStringArray("ciphers", "aes128-ctr,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc");
String[] kexAlgorithms = getStringArray("kexAlgorithms", "diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1");
String welcomeBanner = getString("welcomeBanner", null);
String moduliUrl = getString("moduli-url", null);
boolean sftpEnabled = getBoolean("sftpEnabled", true);
Path serverKeyPath = Paths.get(hostKey);
KeyPairProvider keyPairProvider = new OpenSSHKeyPairProvider(serverKeyPath.toFile(), algorithm, keySize);
KarafJaasAuthenticator authenticator = new KarafJaasAuthenticator(sshRealm, sshRole);
UserAuthFactoriesFactory authFactoriesFactory = new UserAuthFactoriesFactory();
authFactoriesFactory.setAuthMethods(authMethods);
SshServer server = SshServer.setUpDefaultServer();
server.setPort(sshPort);
server.setHost(sshHost);
server.setMacFactories(SshUtils.buildMacs(macs));
server.setCipherFactories(SshUtils.buildCiphers(ciphers));
server.setKeyExchangeFactories(SshUtils.buildKexAlgorithms(kexAlgorithms));
server.setShellFactory(new ShellFactoryImpl(sessionFactory));
if (sftpEnabled) {
server.setCommandFactory(new ScpCommandFactory.Builder().withDelegate(cmd -> new ShellCommand(sessionFactory, cmd)).build());
server.setSubsystemFactories(Collections.singletonList(new SftpSubsystemFactory()));
server.setFileSystemFactory(new VirtualFileSystemFactory(Paths.get(System.getProperty("karaf.base"))));
} else {
server.setCommandFactory(cmd -> new ShellCommand(sessionFactory, cmd));
}
server.setKeyPairProvider(keyPairProvider);
server.setPasswordAuthenticator(authenticator);
server.setPublickeyAuthenticator(authenticator);
server.setUserAuthFactories(authFactoriesFactory.getFactories());
server.setAgentFactory(KarafAgentFactory.getInstance());
server.setForwardingFilter(AcceptAllForwardingFilter.INSTANCE);
server.getProperties().put(SshServer.IDLE_TIMEOUT, Long.toString(sshIdleTimeout));
server.getProperties().put(SshServer.NIO_WORKERS, Integer.toString(nioWorkers));
if (moduliUrl != null) {
server.getProperties().put(SshServer.MODULI_URL, moduliUrl);
}
if (welcomeBanner != null) {
server.getProperties().put(SshServer.WELCOME_BANNER, welcomeBanner);
}
return server;
}
use of org.apache.sshd.common.keyprovider.KeyPairProvider in project gerrit by GerritCodeReview.
the class SshDaemon method myHostKeys.
private List<PublicKey> myHostKeys() {
KeyPairProvider p = getKeyPairProvider();
List<PublicKey> keys = new ArrayList<>(6);
try {
addPublicKey(keys, p, KeyPairProvider.SSH_ED25519);
addPublicKey(keys, p, KeyPairProvider.ECDSA_SHA2_NISTP256);
addPublicKey(keys, p, KeyPairProvider.ECDSA_SHA2_NISTP384);
addPublicKey(keys, p, KeyPairProvider.ECDSA_SHA2_NISTP521);
addPublicKey(keys, p, KeyPairProvider.SSH_RSA);
addPublicKey(keys, p, KeyPairProvider.SSH_DSS);
} catch (IOException | GeneralSecurityException e) {
throw new IllegalStateException("Cannot load SSHD host key", e);
}
return keys;
}
Aggregations