public class DefaultAuthorizedKeysAuthenticator extends AuthorizedKeysAuthenticator implements UsernameHolder
~/.ssh/authorized_keys
file of the user currently running
the server, re-loading it if necessary. It also (optionally) enforces the same
permissions regime as OpenSSH
does for the file permissions. By default
also compares the current username with the authenticated one.Modifier and Type | Field and Description |
---|---|
static DefaultAuthorizedKeysAuthenticator |
INSTANCE
The default instance that enforces the same permissions regime as
OpenSSH |
private boolean |
strict |
private java.lang.String |
user |
STD_AUTHORIZED_KEYS_FILENAME
options, STRICTLY_PROHIBITED_FILE_PERMISSION
log
Constructor and Description |
---|
DefaultAuthorizedKeysAuthenticator(boolean strict) |
DefaultAuthorizedKeysAuthenticator(java.io.File file,
boolean strict) |
DefaultAuthorizedKeysAuthenticator(java.nio.file.Path path,
boolean strict,
java.nio.file.LinkOption... options) |
DefaultAuthorizedKeysAuthenticator(java.lang.String user,
boolean strict) |
DefaultAuthorizedKeysAuthenticator(java.lang.String user,
java.io.File file,
boolean strict) |
DefaultAuthorizedKeysAuthenticator(java.lang.String user,
java.nio.file.Path path,
boolean strict,
java.nio.file.LinkOption... options) |
Modifier and Type | Method and Description |
---|---|
java.lang.String |
getUsername() |
boolean |
isStrict() |
protected boolean |
isValidUsername(java.lang.String username,
ServerSession session) |
protected java.util.Collection<AuthorizedKeyEntry> |
reloadAuthorizedKeys(java.nio.file.Path path,
java.lang.String username,
ServerSession session) |
protected java.nio.file.Path |
validateFilePath(java.nio.file.Path path,
java.util.Collection<java.nio.file.attribute.PosixFilePermission> perms,
java.util.Collection<java.nio.file.attribute.PosixFilePermission> excluded) |
authenticate, getDefaultAuthorizedKeysFile, getFallbackPublicKeyEntryResolver, readDefaultAuthorizedKeys, resolvePublickeyAuthenticator
checkReloadRequired, exists, getPath, lastModified, resetReloadAttributes, size, toString, updateReloadAttributes, validateStrictConfigFilePermissions
getSimplifiedLogger
public static final DefaultAuthorizedKeysAuthenticator INSTANCE
OpenSSH
private final boolean strict
private final java.lang.String user
public DefaultAuthorizedKeysAuthenticator(boolean strict)
strict
- If true
then makes sure that the containing folder
has 0700 access and the file 0600. Note: for Windows it
does not check these permissionspublic DefaultAuthorizedKeysAuthenticator(java.lang.String user, boolean strict)
public DefaultAuthorizedKeysAuthenticator(java.io.File file, boolean strict)
public DefaultAuthorizedKeysAuthenticator(java.lang.String user, java.io.File file, boolean strict)
public DefaultAuthorizedKeysAuthenticator(java.nio.file.Path path, boolean strict, java.nio.file.LinkOption... options)
public DefaultAuthorizedKeysAuthenticator(java.lang.String user, java.nio.file.Path path, boolean strict, java.nio.file.LinkOption... options)
public final java.lang.String getUsername()
getUsername
in interface UsernameHolder
null
/empty if holder
not yet initializedpublic final boolean isStrict()
protected boolean isValidUsername(java.lang.String username, ServerSession session)
isValidUsername
in class AuthorizedKeysAuthenticator
protected java.util.Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(java.nio.file.Path path, java.lang.String username, ServerSession session) throws java.io.IOException
reloadAuthorizedKeys
in class AuthorizedKeysAuthenticator
java.io.IOException
protected java.nio.file.Path validateFilePath(java.nio.file.Path path, java.util.Collection<java.nio.file.attribute.PosixFilePermission> perms, java.util.Collection<java.nio.file.attribute.PosixFilePermission> excluded) throws java.io.IOException
path
- The Path
to be validatedperms
- The current PosixFilePermission
sexcluded
- The permissions not allowed to existjava.io.IOException
- If an excluded permission appears in the current ones