public abstract class AbstractServerSession extends AbstractSession implements ServerSession
ServerSession
related methodsAbstractSession.MessageCodingSettings
AbstractCloseable.State
SessionHeartbeatController.HeartbeatType
AttributeRepository.AttributeKey<T>
channelListenerProxy, channelListeners, clientProposal, clientVersion, currentService, decodeLock, decoderBuffer, decoderLength, decoderState, encodeLock, firstKexPacketFollows, ignorePacketDataLength, ignorePacketsCount, ignorePacketsFrequency, ignorePacketsVariance, inBlocksCount, inBytesCount, inCipher, inCipherSize, inCompression, initialKexDone, inMac, inMacResult, inMacSize, inPacketsCount, inSettings, kex, kexFutureHolder, kexHandler, kexInitializedFuture, kexState, lastKeyTimeValue, maxRekeyBlocks, maxRekeyBytes, maxRekeyInterval, maxRekyPackets, negotiationResult, outBlocksCount, outBytesCount, outCipher, outCipherSize, outCompression, outMac, outMacSize, outPacketsCount, outSettings, random, requestLock, seqi, seqo, serverProposal, serverVersion, SESSION, sessionId, sessionListenerProxy, sessionListeners, tunnelListenerProxy, tunnelListeners, uncompressBuffer, unmodClientProposal, unmodNegotiationResult, unmodServerProposal
authStart, idleStart, initialKexProposal
closeFuture, futureLock, state
log
DEFAULT_SSH_VERSION_PREFIX, FALLBACK_SSH_VERSION_PREFIX, MAX_VERSION_LINE_LENGTH
EMPTY
NONE
DEFAULT_USER_AUTH_GSS_FACTORY, DEFAULT_USER_AUTH_KB_INTERACTIVE_FACTORY, DEFAULT_USER_AUTH_PASSWORD_FACTORY, DEFAULT_USER_AUTH_PUBLIC_KEY_FACTORY
Modifier | Constructor and Description |
---|---|
protected |
AbstractServerSession(ServerFactoryManager factoryManager,
IoSession ioSession) |
Modifier and Type | Method and Description |
---|---|
protected void |
checkKeys()
Indicates the the key exchange is completed and the exchanged keys can now be verified - e.g., client can verify
the server's key
|
int |
getActiveSessionCountForUser(String userName)
Retrieve the current number of sessions active for a given username.
|
SocketAddress |
getClientAddress() |
protected ConnectionService |
getConnectionService() |
ServerFactoryManager |
getFactoryManager() |
GSSAuthenticator |
getGSSAuthenticator()
Retrieve the
GSSAuthenticator to be used by the SSH server. |
HostBasedAuthenticator |
getHostBasedAuthenticator()
Retrieve the
HostBasedAuthenticator to be used by the SSH server. |
KeyPair |
getHostKey() |
HostKeyCertificateProvider |
getHostKeyCertificateProvider() |
long |
getId() |
KeyboardInteractiveAuthenticator |
getKeyboardInteractiveAuthenticator()
Retrieve the
KeyboardInteractiveAuthenticator to be used by the SSH server. |
KeyPairProvider |
getKeyPairProvider()
Retrieve the
KeyPairProvider that will be used to find the host key to use on the server side or the
user key on the client side. |
PasswordAuthenticator |
getPasswordAuthenticator()
Retrieve the
PasswordAuthenticator to be used by the SSH server. |
PublickeyAuthenticator |
getPublickeyAuthenticator()
Retrieve the
PublickeyAuthenticator to be used by SSH server. |
ServerProxyAcceptor |
getServerProxyAcceptor() |
List<UserAuthFactory> |
getUserAuthFactories()
Retrieve the list of named factories for
UserAuth objects. |
protected void |
handleServiceAccept(String serviceName,
Buffer buffer) |
protected boolean |
handleServiceRequest(String serviceName,
Buffer buffer) |
protected boolean |
readIdentification(Buffer buffer)
Read the other side identification.
|
protected void |
receiveKexInit(Map<KexProposalOption,String> proposal,
byte[] seed) |
protected String |
resolveAvailableSignaturesProposal(FactoryManager proposedManager)
Computes the list of available host key signature algorithms supported.
|
protected String |
resolveEmptySignaturesProposal(Iterable<String> supported,
Iterable<String> provided)
Called by
resolveAvailableSignaturesProposal(FactoryManager) if none of the provided keys is supported -
last chance for the derived implementation to do something |
protected byte[] |
sendKexInit(Map<KexProposalOption,String> proposal)
Send the key exchange initialization packet.
|
protected IoWriteFuture |
sendServerIdentification(List<String> headerLines)
Sends the server identification + any extra header lines
|
void |
setClientAddress(SocketAddress clientAddress) |
void |
setGSSAuthenticator(GSSAuthenticator gssAuthenticator) |
void |
setHostBasedAuthenticator(HostBasedAuthenticator hostBasedAuthenticator) |
void |
setHostKeyCertificateProvider(HostKeyCertificateProvider hostKeyCertificateProvider) |
protected void |
setKexSeed(byte... seed) |
void |
setKeyboardInteractiveAuthenticator(KeyboardInteractiveAuthenticator interactiveAuthenticator) |
void |
setKeyPairProvider(KeyPairProvider keyPairProvider) |
void |
setPasswordAuthenticator(PasswordAuthenticator passwordAuthenticator) |
void |
setPublickeyAuthenticator(PublickeyAuthenticator publickeyAuthenticator) |
void |
setServerProxyAcceptor(ServerProxyAcceptor proxyAcceptor) |
void |
setUserAuthFactories(List<UserAuthFactory> userAuthFactories) |
IoWriteFuture |
signalAuthenticationSuccess(String username,
String authService,
Buffer buffer) |
void |
startService(String name,
Buffer buffer) |
addChannelListener, addPortForwardingEventListener, addSessionListener, aeadOutgoingBuffer, appendOutgoingMac, attachSession, calculatePadLength, checkRekey, comparePreferredKexProposalOption, createBuffer, decode, determineRekeyBlockLimit, doHandleMessage, doInvokeUnimplementedMessageHandler, doKexNegotiation, doWritePacket, encode, encryptOutgoingBuffer, getChannelListenerProxy, getCipherInformation, getClientKexData, getClientKexProposals, getClientVersion, getCompressionInformation, getInnerCloseable, getKex, getKexNegotiationResult, getKexState, getMacInformation, getNegotiatedKexParameter, getPortForwardingEventListenerProxy, getServerKexData, getServerKexProposals, getServerVersion, getService, getServices, getSession, getSession, getSessionId, getSessionListenerProxy, handleFirstKexPacketFollows, handleKexExtension, handleKexInit, handleKexMessage, handleMessage, handleNewCompression, handleNewKeys, handleServiceAccept, handleServiceRequest, initializeCurrentService, initializeKeyExchangeMessageHandler, isRekeyBlocksCountExceeded, isRekeyDataSizeExceeded, isRekeyPacketCountsExceeded, isRekeyRequired, isRekeyTimeIntervalExceeded, messageReceived, negotiate, notImplemented, preClose, prepareBuffer, prepareNewKeys, preProcessEncodeBuffer, receiveKexInit, receiveKexInit, reExchangeKeys, refreshConfiguration, removeChannelListener, removePortForwardingEventListener, removeSessionListener, request, request, requestFailure, requestNewKeysExchange, requestSuccess, resolveIgnoreBufferDataLength, resolveOutputPacket, resolveSessionKexProposal, sendKexInit, sendNewKeys, setClientKexData, setInputEncoding, setNegotiationResult, setOutputEncoding, setServerKexData, validateIncomingMac, validateKexState, validateServiceKexState, validateTargetBuffer, writePacket, writePacket
attributeKeys, calculateNextIgnorePacketCount, checkAuthenticationTimeout, checkForTimeouts, checkIdleTimeout, clearAttributes, computeAttributeIfAbsent, createProposal, disconnect, doInvokeDebugMessageHandler, doInvokeIgnoreMessageHandler, doReadIdentification, exceptionCaught, getAttribute, getAttributesCount, getAuthTimeout, getAuthTimeoutStart, getBoundLocalPortForwards, getBoundRemotePortForward, getChannelStreamWriterResolver, getForwarder, getIdleTimeout, getIdleTimeoutStart, getIoSession, getKexProposal, getLocalForwardsBindings, getParentPropertyResolver, getProperties, getRemoteForwardsBindings, getReservedSessionMessagesHandler, getSessionDisconnectHandler, getStartedLocalPortForwards, getStartedRemotePortForwards, getTimeoutStatus, getUnknownChannelReferenceHandler, getUsername, handleDebug, handleDisconnect, handleDisconnect, handleIgnore, handleUnimplemented, invokeSessionSignaller, isAuthenticated, isLocalPortForwardingStartedForPort, isRemotePortForwardingStartedForPort, isServerSession, mergeProposals, removeAttribute, resetAuthTimeout, resetIdleTimeout, resizeKey, resolveAvailableSignaturesProposal, resolveChannelStreamWriterResolver, resolveIdentificationString, resolvePeerAddress, resolveReservedSessionMessagesHandler, resolveUnknownChannelReferenceHandler, sendDebugMessage, sendIdentification, sendIgnoreMessage, sendNotImplemented, setAttribute, setAuthenticated, setChannelStreamWriterResolver, setReservedSessionMessagesHandler, setSessionDisconnectHandler, setUnknownChannelReferenceHandler, setUsername, signalDisconnect, signalDisconnect, signalExceptionCaught, signalExceptionCaught, signalNegotiationEnd, signalNegotiationEnd, signalNegotiationOptionsCreated, signalNegotiationOptionsCreated, signalNegotiationStart, signalNegotiationStart, signalPeerIdentificationReceived, signalPeerIdentificationReceived, signalReadPeerIdentificationLine, signalReadPeerIdentificationLine, signalSendIdentification, signalSendIdentification, signalSessionClosed, signalSessionClosed, signalSessionCreated, signalSessionCreated, signalSessionEstablished, signalSessionEstablished, signalSessionEvent, signalSessionEvent, toString
getCipherFactories, getCompressionFactories, getDelegate, getKexExtensionHandler, getKeyExchangeFactories, getMacFactories, getSignatureFactories, resolveEffectiveFactories, resolveEffectiveProvider, setCipherFactories, setCompressionFactories, setKexExtensionHandler, setKeyExchangeFactories, setMacFactories, setSignatureFactories
doCloseGracefully, doCloseImmediately
addCloseFutureListener, builder, close, getFutureLock, isClosed, isClosing, removeCloseFutureListener
debug, debug, debug, debug, debug, error, error, error, error, error, getSimplifiedLogger, info, info, warn, warn, warn, warn, warn, warn, warn, warn
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
createBuffer, createBuffer, disconnect, exceptionCaught, getAuthTimeout, getAuthTimeoutStart, getIdleTimeout, getIdleTimeoutStart, getIoSession, getKex, getLocalAddress, getRemoteAddress, getService, getTimeoutStatus, prepareBuffer, reExchangeKeys, request, request, request, request, resetAuthTimeout, resetIdleTimeout, resolveAttribute, resolveAttribute, sendDebugMessage, sendIgnoreMessage, setAuthenticated, writePacket, writePacket, writePacket, writePacket
getCipherInformation, getClientKexProposals, getClientVersion, getCompressionInformation, getKexNegotiationResult, getKexState, getMacInformation, getNegotiatedKexParameter, getServerKexProposals, getServerVersion, getSessionId, isAuthenticated, isDataIntegrityTransport, isSecureSessionTransport, isServerSession, isValidSessionPayloadSize, isValidVersionPrefix, validateSessionPayloadSize
disableSessionHeartbeat, getSessionHeartbeatInterval, getSessionHeartbeatType, setSessionHeartbeat, setSessionHeartbeat
getBoolean, getBooleanProperty, getCharset, getInteger, getIntProperty, getLong, getLongProperty, getObject, getParentPropertyResolver, getProperties, getString, getStringProperty, isEmpty, isEmpty
clearAttributes, computeAttributeIfAbsent, removeAttribute, setAttribute
attributeKeys, getAttribute, getAttributesCount, ofAttributesMap, ofKeyValuePair
addCloseFutureListener, close, close, close, getMaxCloseWaitTime, isClosed, isClosing, isOpen, removeCloseFutureListener
setUsername
getUsername
getCipherFactories, getCipherFactoriesNameList, getCipherFactoriesNames, getCompressionFactories, getCompressionFactoriesNameList, getCompressionFactoriesNames, getKeyExchangeFactories, getMacFactories, getMacFactoriesNameList, getMacFactoriesNames, setCipherFactories, setCipherFactoriesNameList, setCipherFactoriesNames, setCipherFactoriesNames, setCompressionFactories, setCompressionFactoriesNameList, setCompressionFactoriesNames, setCompressionFactoriesNames, setKeyExchangeFactories, setMacFactories, setMacFactoriesNameList, setMacFactoriesNames, setMacFactoriesNames
getSignatureFactories, resolveSignatureFactories, setSignatureFactories, setSignatureFactoriesNameList, setSignatureFactoriesNames, setSignatureFactoriesNames
getSignatureFactories, getSignatureFactoriesNameList, getSignatureFactoriesNames
getKexExtensionHandler, setKexExtensionHandler
addSessionListener, getSessionListenerProxy, removeSessionListener
getReservedSessionMessagesHandler, setReservedSessionMessagesHandler
getSessionDisconnectHandler, setSessionDisconnectHandler
addChannelListener, getChannelListenerProxy, removeChannelListener
getChannelStreamWriterResolver, resolveChannelStreamWriter, resolveChannelStreamWriterResolver, setChannelStreamWriterResolver
addPortForwardingEventListener, getPortForwardingEventListenerProxy, removePortForwardingEventListener
getUnknownChannelReferenceHandler, resolveUnknownChannelReferenceHandler, setUnknownChannelReferenceHandler
getBoundLocalPortForwards, getBoundRemotePortForward, getLocalForwardsBindings, getRemoteForwardsBindings, getStartedLocalPortForwards, getStartedRemotePortForwards, isLocalPortForwardingStartedForPort, isRemotePortForwardingStartedForPort
resolveUserAuthFactories, resolveUserAuthFactories, setUserAuthFactoriesNames
getUserAuthFactoriesNameList, getUserAuthFactoriesNames, setUserAuthFactoriesNameList, setUserAuthFactoriesNames
protected AbstractServerSession(ServerFactoryManager factoryManager, IoSession ioSession)
public ServerFactoryManager getFactoryManager()
getFactoryManager
in interface FactoryManagerHolder
getFactoryManager
in interface ServerSession
getFactoryManager
in class SessionHelper
FactoryManager
public ServerProxyAcceptor getServerProxyAcceptor()
getServerProxyAcceptor
in interface ServerProxyAcceptorHolder
public void setServerProxyAcceptor(ServerProxyAcceptor proxyAcceptor)
setServerProxyAcceptor
in interface ServerProxyAcceptorHolder
public SocketAddress getClientAddress()
getClientAddress
in interface ServerSession
SocketAddress
of the remote client. If no proxy wrapping was used then this is the same as
the IoSession#getRemoteAddress()
. Otherwise, it indicates the real client's address that was
somehow transmitted via the proxy meta-datapublic void setClientAddress(SocketAddress clientAddress)
public PasswordAuthenticator getPasswordAuthenticator()
ServerAuthenticationManager
PasswordAuthenticator
to be used by the SSH server. If no authenticator has been
configured (i.e. this method returns null
), then client authentication requests based on passwords will
be rejected.getPasswordAuthenticator
in interface ServerAuthenticationManager
PasswordAuthenticator
or null
public void setPasswordAuthenticator(PasswordAuthenticator passwordAuthenticator)
setPasswordAuthenticator
in interface ServerAuthenticationManager
public PublickeyAuthenticator getPublickeyAuthenticator()
ServerAuthenticationManager
PublickeyAuthenticator
to be used by SSH server. If no authenticator has been
configured (i.e. this method returns null
), then client authentication requests based on keys will be
rejected.getPublickeyAuthenticator
in interface ServerAuthenticationManager
PublickeyAuthenticator
or null
public void setPublickeyAuthenticator(PublickeyAuthenticator publickeyAuthenticator)
setPublickeyAuthenticator
in interface ServerAuthenticationManager
public KeyboardInteractiveAuthenticator getKeyboardInteractiveAuthenticator()
ServerAuthenticationManager
KeyboardInteractiveAuthenticator
to be used by the SSH server. If no authenticator has
been configured (i.e. this method returns null
), then client authentication requests based on this method
will be rejected.getKeyboardInteractiveAuthenticator
in interface ServerAuthenticationManager
KeyboardInteractiveAuthenticator
or null
public void setKeyboardInteractiveAuthenticator(KeyboardInteractiveAuthenticator interactiveAuthenticator)
setKeyboardInteractiveAuthenticator
in interface ServerAuthenticationManager
public GSSAuthenticator getGSSAuthenticator()
ServerAuthenticationManager
GSSAuthenticator
to be used by the SSH server. If no authenticator has been configured
(i.e. this method returns null
), then client authentication requests based on gssapi will be rejected.getGSSAuthenticator
in interface ServerAuthenticationManager
GSSAuthenticator
or null
public void setGSSAuthenticator(GSSAuthenticator gssAuthenticator)
setGSSAuthenticator
in interface ServerAuthenticationManager
public HostBasedAuthenticator getHostBasedAuthenticator()
ServerAuthenticationManager
HostBasedAuthenticator
to be used by the SSH server. If no authenticator has been configured
(i.e. this method returns null
), then client authentication requests based on this method will be
rejected.getHostBasedAuthenticator
in interface ServerAuthenticationManager
HostBasedAuthenticator
or null
public void setHostBasedAuthenticator(HostBasedAuthenticator hostBasedAuthenticator)
setHostBasedAuthenticator
in interface ServerAuthenticationManager
public List<UserAuthFactory> getUserAuthFactories()
UserAuthFactoriesManager
UserAuth
objects.getUserAuthFactories
in interface UserAuthFactoriesManager<ServerSession,UserAuth,UserAuthFactory>
UserAuth
factories, never null
/emptypublic void setUserAuthFactories(List<UserAuthFactory> userAuthFactories)
setUserAuthFactories
in interface UserAuthFactoriesManager<ServerSession,UserAuth,UserAuthFactory>
public KeyPairProvider getKeyPairProvider()
KeyPairProviderHolder
KeyPairProvider
that will be used to find the host key to use on the server side or the
user key on the client side.getKeyPairProvider
in interface KeyPairProviderHolder
KeyPairProvider
, never null
public HostKeyCertificateProvider getHostKeyCertificateProvider()
getHostKeyCertificateProvider
in interface ServerAuthenticationManager
HostKeyCertificateProvider
if available, null as defaultpublic void setHostKeyCertificateProvider(HostKeyCertificateProvider hostKeyCertificateProvider)
setHostKeyCertificateProvider
in interface ServerAuthenticationManager
public void setKeyPairProvider(KeyPairProvider keyPairProvider)
setKeyPairProvider
in interface KeyPairProviderHolder
protected IoWriteFuture sendServerIdentification(List<String> headerLines) throws Exception
headerLines
- Extra header lines to be prepended to the actual identification string - ignored if
null
/emptyIoWriteFuture
that can be used to be notified of identification data being written
successfully or failingException
- If failed to send identificationprotected void checkKeys()
AbstractSession
checkKeys
in class AbstractSession
protected boolean handleServiceRequest(String serviceName, Buffer buffer) throws Exception
handleServiceRequest
in class AbstractSession
Exception
public void startService(String name, Buffer buffer) throws Exception
startService
in interface Session
name
- Service namebuffer
- Extra information provided when the service start request was receivedException
- If failed to start itpublic IoWriteFuture signalAuthenticationSuccess(String username, String authService, Buffer buffer) throws Exception
ServerSession
SSH_MSG_USERAUTH_SUCCESS
message.signalAuthenticationSuccess
in interface ServerSession
username
- The authenticated usernameauthService
- The service to startbuffer
- Any extra data received to use to start the serviceIoWriteFuture
that can be used to wait for the SSH_MSG_USERAUTH_SUCCESS
message send resultException
- if cannot handle the requestprotected void handleServiceAccept(String serviceName, Buffer buffer) throws Exception
handleServiceAccept
in class AbstractSession
Exception
protected byte[] sendKexInit(Map<KexProposalOption,String> proposal) throws Exception
AbstractSession
sendKexInit
in class AbstractSession
proposal
- our proposal for key exchange negotiationException
- if an error occurred sending the packetprotected void setKexSeed(byte... seed)
setKexSeed
in class AbstractSession
seed
- The result of the KEXINIT handshake - required for correct session key establishmentprotected String resolveAvailableSignaturesProposal(FactoryManager proposedManager) throws IOException, GeneralSecurityException
SessionHelper
resolveAvailableSignaturesProposal
in class SessionHelper
proposedManager
- The FactoryManager
null
/empty if no proposalIOException
- If failed to read/parse the keys dataGeneralSecurityException
- If failed to generate the keysprotected String resolveEmptySignaturesProposal(Iterable<String> supported, Iterable<String> provided)
resolveAvailableSignaturesProposal(FactoryManager)
if none of the provided keys is supported -
last chance for the derived implementation to do somethingsupported
- The supported key types - may be null
/emptyprovided
- The available signature types - may be null
/emptynull
by defaultprotected boolean readIdentification(Buffer buffer) throws Exception
AbstractSession
SessionHelper.doReadIdentification(Buffer, boolean)
and store the result in the needed property.readIdentification
in class AbstractSession
buffer
- The Buffer
containing the remote identificationtrue
if the identification has been fully read or false
if more data
is neededException
- if an error occurs such as a bad protocol version or unsuccessful KEX was involvedprotected void receiveKexInit(Map<KexProposalOption,String> proposal, byte[] seed) throws IOException
receiveKexInit
in class AbstractSession
IOException
public KeyPair getHostKey()
getHostKey
in interface ServerSession
KeyPair
representing the current session's used keys on KEX - null
if not negotiated
yetpublic int getActiveSessionCountForUser(String userName)
ServerSession
getActiveSessionCountForUser
in interface ServerSession
userName
- The name of the user - ignored if null
/emptySshSession
objects associated with the userpublic long getId()
IoSession
id.protected ConnectionService getConnectionService()
getConnectionService
in class SessionHelper
Copyright © 2008–2024 The Apache Software Foundation. All rights reserved.