public class DefaultAuthorizedKeysAuthenticator extends AuthorizedKeysAuthenticator implements UsernameHolder
~/.ssh/authorized_keys file of the user currently running
the server, re-loading it if necessary. It also (optionally) enforces the same
permissions regime as OpenSSH does for the file permissions. By default
also compares the current username with the authenticated one.| Modifier and Type | Field and Description |
|---|---|
static DefaultAuthorizedKeysAuthenticator |
INSTANCE
The default instance that enforces the same permissions regime as
OpenSSH |
private boolean |
strict |
private java.lang.String |
user |
STD_AUTHORIZED_KEYS_FILENAMEoptions, STRICTLY_PROHIBITED_FILE_PERMISSIONlog| Constructor and Description |
|---|
DefaultAuthorizedKeysAuthenticator(boolean strict) |
DefaultAuthorizedKeysAuthenticator(java.nio.file.Path path,
boolean strict,
java.nio.file.LinkOption... options) |
DefaultAuthorizedKeysAuthenticator(java.lang.String user,
boolean strict) |
DefaultAuthorizedKeysAuthenticator(java.lang.String user,
java.nio.file.Path path,
boolean strict,
java.nio.file.LinkOption... options) |
| Modifier and Type | Method and Description |
|---|---|
java.lang.String |
getUsername() |
boolean |
isStrict() |
protected boolean |
isValidUsername(java.lang.String username,
ServerSession session) |
protected java.util.Collection<AuthorizedKeyEntry> |
reloadAuthorizedKeys(java.nio.file.Path path,
java.lang.String username,
ServerSession session) |
protected java.nio.file.Path |
validateFilePath(java.nio.file.Path path,
java.util.Collection<java.nio.file.attribute.PosixFilePermission> perms,
java.util.Collection<java.nio.file.attribute.PosixFilePermission> excluded) |
authenticate, createDelegateAuthenticator, getDefaultAuthorizedKeysFile, getFallbackPublicKeyEntryResolver, readDefaultAuthorizedKeys, resolvePublickeyAuthenticatorcheckReloadRequired, exists, getPath, lastModified, resetReloadAttributes, size, toPathResource, toPathResource, toString, updateReloadAttributes, validateStrictConfigFilePermissionsgetSimplifiedLoggerclone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitfromAuthorizedEntriespublic static final DefaultAuthorizedKeysAuthenticator INSTANCE
OpenSSHprivate final boolean strict
private final java.lang.String user
public DefaultAuthorizedKeysAuthenticator(boolean strict)
strict - If true then makes sure that the containing folder
has 0700 access and the file 0600. Note: for Windows it
does not check these permissionspublic DefaultAuthorizedKeysAuthenticator(java.lang.String user,
boolean strict)
public DefaultAuthorizedKeysAuthenticator(java.nio.file.Path path,
boolean strict,
java.nio.file.LinkOption... options)
public DefaultAuthorizedKeysAuthenticator(java.lang.String user,
java.nio.file.Path path,
boolean strict,
java.nio.file.LinkOption... options)
public final java.lang.String getUsername()
getUsername in interface UsernameHoldernull/empty if holder
not yet initializedpublic final boolean isStrict()
protected boolean isValidUsername(java.lang.String username,
ServerSession session)
isValidUsername in class AuthorizedKeysAuthenticatorprotected java.util.Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(java.nio.file.Path path, java.lang.String username, ServerSession session) throws java.io.IOException, java.security.GeneralSecurityException
reloadAuthorizedKeys in class AuthorizedKeysAuthenticatorjava.io.IOExceptionjava.security.GeneralSecurityExceptionprotected java.nio.file.Path validateFilePath(java.nio.file.Path path,
java.util.Collection<java.nio.file.attribute.PosixFilePermission> perms,
java.util.Collection<java.nio.file.attribute.PosixFilePermission> excluded)
throws java.io.IOException
path - The Path to be validatedperms - The current PosixFilePermissionsexcluded - The permissions not allowed to existjava.io.IOException - If an excluded permission appears in the current ones