use of org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider in project karaf by apache.
the class Activator method createSshServer.
protected SshServer createSshServer(SessionFactory sessionFactory) {
int sshPort = getInt("sshPort", 8181);
String sshHost = getString("sshHost", "0.0.0.0");
long sshIdleTimeout = getLong("sshIdleTimeout", 1800000);
int nioWorkers = getInt("nio-workers", 2);
String sshRealm = getString("sshRealm", "karaf");
String hostKey = getString("hostKey", System.getProperty("karaf.etc") + "/host.key");
String hostKeyFormat = getString("hostKeyFormat", "simple");
String[] authMethods = getStringArray("authMethods", "keyboard-interactive,password,publickey");
int keySize = getInt("keySize", 4096);
String algorithm = getString("algorithm", "RSA");
String[] macs = getStringArray("macs", "hmac-sha2-512,hmac-sha2-256,hmac-sha1");
String[] ciphers = getStringArray("ciphers", "aes128-ctr,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc");
String[] kexAlgorithms = getStringArray("kexAlgorithms", "diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1");
String welcomeBanner = getString("welcomeBanner", null);
String moduliUrl = getString("moduli-url", null);
AbstractGeneratorHostKeyProvider keyPairProvider;
if ("simple".equalsIgnoreCase(hostKeyFormat)) {
keyPairProvider = new SimpleGeneratorHostKeyProvider();
} else if ("PEM".equalsIgnoreCase(hostKeyFormat)) {
keyPairProvider = new OpenSSHGeneratorFileKeyProvider();
} else {
LOGGER.error("Invalid host key format " + hostKeyFormat);
return null;
}
keyPairProvider.setPath(Paths.get(hostKey));
if (new File(hostKey).exists()) {
// do not trash key file if there's something wrong with it.
keyPairProvider.setOverwriteAllowed(false);
} else {
keyPairProvider.setKeySize(keySize);
keyPairProvider.setAlgorithm(algorithm);
}
KarafJaasAuthenticator authenticator = new KarafJaasAuthenticator(sshRealm);
UserAuthFactoriesFactory authFactoriesFactory = new UserAuthFactoriesFactory();
authFactoriesFactory.setAuthMethods(authMethods);
SshServer server = SshServer.setUpDefaultServer();
server.setPort(sshPort);
server.setHost(sshHost);
server.setMacFactories(SshUtils.buildMacs(macs));
server.setCipherFactories(SshUtils.buildCiphers(ciphers));
server.setKeyExchangeFactories(SshUtils.buildKexAlgorithms(kexAlgorithms));
server.setShellFactory(new ShellFactoryImpl(sessionFactory));
server.setCommandFactory(new ScpCommandFactory.Builder().withDelegate(cmd -> new ShellCommand(sessionFactory, cmd)).build());
server.setSubsystemFactories(Collections.singletonList(new SftpSubsystemFactory()));
server.setKeyPairProvider(keyPairProvider);
server.setPasswordAuthenticator(authenticator);
server.setPublickeyAuthenticator(authenticator);
server.setFileSystemFactory(new VirtualFileSystemFactory(Paths.get(System.getProperty("karaf.base"))));
server.setUserAuthFactories(authFactoriesFactory.getFactories());
server.setAgentFactory(KarafAgentFactory.getInstance());
server.setTcpipForwardingFilter(AcceptAllForwardingFilter.INSTANCE);
server.getProperties().put(SshServer.IDLE_TIMEOUT, Long.toString(sshIdleTimeout));
server.getProperties().put(SshServer.NIO_WORKERS, Integer.toString(nioWorkers));
if (moduliUrl != null) {
server.getProperties().put(SshServer.MODULI_URL, moduliUrl);
}
if (welcomeBanner != null) {
server.getProperties().put(SshServer.WELCOME_BANNER, welcomeBanner);
}
return server;
}
Aggregations