public abstract class AbstractServerSession extends AbstractSession implements ServerSession
ServerSession
related methodsAbstractCloseable.State
Session.TimeoutStatus
AttributeRepository.AttributeKey<T>
channelListenerProxy, channelListeners, clientProposal, clientVersion, currentService, decodeLock, decoderBuffer, decoderLength, decoderState, encodeLock, firstKexPacketFollows, ignorePacketDataLength, ignorePacketsCount, ignorePacketsFrequency, ignorePacketsVariance, inBlocksCount, inBytesCount, inCipher, inCipherSize, inCompression, inMac, inMacResult, inPacketsCount, kex, kexFutureHolder, kexState, lastKeyTimeValue, maxRekeyBlocks, maxRekeyBytes, maxRekeyInterval, maxRekyPackets, negotiationResult, outBlocksCount, outBytesCount, outCipher, outCipherSize, outCompression, outMac, outPacketsCount, pendingPackets, random, requestLock, seqi, seqo, serverProposal, serverVersion, SESSION, sessionId, sessionListenerProxy, sessionListeners, tunnelListenerProxy, tunnelListeners, uncompressBuffer
closeFuture, lock, state
log
DEFAULT_SSH_VERSION_PREFIX, FALLBACK_SSH_VERSION_PREFIX, MAX_VERSION_LINE_LENGTH
EMPTY
NONE
CLOSE_WAIT_TIMEOUT, DEFAULT_CLOSE_WAIT_TIMEOUT
AUTH_METHODS, AUTO_WELCOME_BANNER_VALUE, DEFAULT_BANNER_PHASE, DEFAULT_MAX_AUTH_REQUESTS, DEFAULT_USER_AUTH_GSS_FACTORY, DEFAULT_USER_AUTH_KB_INTERACTIVE_FACTORY, DEFAULT_USER_AUTH_PASSWORD_FACTORY, DEFAULT_USER_AUTH_PUBLIC_KEY_FACTORY, DEFAULT_WELCOME_BANNER_LANGUAGE, MAX_AUTH_REQUESTS, WELCOME_BANNER, WELCOME_BANNER_CHARSET, WELCOME_BANNER_LANGUAGE, WELCOME_BANNER_PHASE
Modifier | Constructor and Description |
---|---|
protected |
AbstractServerSession(ServerFactoryManager factoryManager,
IoSession ioSession) |
Modifier and Type | Method and Description |
---|---|
protected void |
checkKeys()
Indicates the the key exchange is completed and the exchanged keys
can now be verified - e.g., client can verify the server's key
|
int |
getActiveSessionCountForUser(String userName)
Retrieve the current number of sessions active for a given username.
|
SocketAddress |
getClientAddress() |
protected ConnectionService |
getConnectionService() |
ServerFactoryManager |
getFactoryManager() |
GSSAuthenticator |
getGSSAuthenticator()
Retrieve the
GSSAuthenticator to be used by the SSH server. |
HostBasedAuthenticator |
getHostBasedAuthenticator()
Retrieve the
HostBasedAuthenticator to be used by the SSH server. |
KeyPair |
getHostKey() |
long |
getId()
Returns the session id.
|
KeyboardInteractiveAuthenticator |
getKeyboardInteractiveAuthenticator()
Retrieve the
KeyboardInteractiveAuthenticator to be used by
the SSH server. |
KeyPairProvider |
getKeyPairProvider()
Retrieve the
KeyPairProvider that will be used to find
the host key to use on the server side or the user key on the client side. |
PasswordAuthenticator |
getPasswordAuthenticator()
Retrieve the
PasswordAuthenticator to be used by the SSH server. |
PublickeyAuthenticator |
getPublickeyAuthenticator()
Retrieve the
PublickeyAuthenticator to be used by SSH server. |
ServerProxyAcceptor |
getServerProxyAcceptor() |
List<NamedFactory<UserAuth>> |
getUserAuthFactories()
Retrieve the list of named factories for
UserAuth objects. |
protected void |
handleServiceAccept(String serviceName,
Buffer buffer) |
protected boolean |
handleServiceRequest(String serviceName,
Buffer buffer) |
protected boolean |
readIdentification(Buffer buffer)
Read the other side identification.
|
protected void |
receiveKexInit(Map<KexProposalOption,String> proposal,
byte[] seed) |
protected String |
resolveAvailableSignaturesProposal(FactoryManager proposedManager) |
protected String |
resolveEmptySignaturesProposal(Iterable<String> supported,
Iterable<String> provided)
Called by
resolveAvailableSignaturesProposal(FactoryManager)
if none of the provided keys is supported - last chance for the derived
implementation to do something |
protected byte[] |
sendKexInit(Map<KexProposalOption,String> proposal)
Send the key exchange initialization packet.
|
protected IoWriteFuture |
sendServerIdentification(String... headerLines)
Sends the server identification + any extra header lines
|
void |
setClientAddress(SocketAddress clientAddress) |
void |
setGSSAuthenticator(GSSAuthenticator gssAuthenticator) |
void |
setHostBasedAuthenticator(HostBasedAuthenticator hostBasedAuthenticator) |
protected void |
setKexSeed(byte... seed) |
void |
setKeyboardInteractiveAuthenticator(KeyboardInteractiveAuthenticator interactiveAuthenticator) |
void |
setKeyPairProvider(KeyPairProvider keyPairProvider) |
void |
setPasswordAuthenticator(PasswordAuthenticator passwordAuthenticator) |
void |
setPublickeyAuthenticator(PublickeyAuthenticator publickeyAuthenticator) |
void |
setServerProxyAcceptor(ServerProxyAcceptor proxyAcceptor) |
void |
setUserAuthFactories(List<NamedFactory<UserAuth>> userAuthFactories) |
void |
startService(String name) |
addChannelListener, addPortForwardingEventListener, addSessionListener, attachSession, checkRekey, comparePreferredKexProposalOption, createBuffer, decode, doHandleMessage, doWritePacket, encode, getChannelListenerProxy, getCipherInformation, getClientKexData, getClientVersion, getCompressionInformation, getInnerCloseable, getKex, getMacInformation, getNegotiatedKexParameter, getPortForwardingEventListenerProxy, getServerKexData, getServerVersion, getService, getServices, getSession, getSession, getSessionId, getSessionListenerProxy, handleFirstKexPacketFollows, handleKexInit, handleKexMessage, handleMessage, handleNewKeys, handleServiceAccept, handleServiceRequest, isRekeyBlocksCountExceeded, isRekeyDataSizeExceeded, isRekeyPacketCountsExceeded, isRekeyRequired, isRekeyTimeIntervalExceeded, messageReceived, negotiate, notImplemented, preClose, prepareBuffer, receiveKexInit, receiveKexInit, receiveNewKeys, reExchangeKeys, refreshConfiguration, removeChannelListener, removePortForwardingEventListener, removeSessionListener, request, requestFailure, requestNewKeysExchange, requestSuccess, resolveAvailableSignaturesProposal, resolveIgnoreBufferDataLength, sendKexInit, sendPendingPackets, setClientKexData, setNegotiationResult, setServerKexData, validateKexState, validateTargetBuffer, writePacket
attributeKeys, calculateNextIgnorePacketCount, checkAuthenticationTimeout, checkForTimeouts, checkIdleTimeout, clearAttributes, computeAttributeIfAbsent, createProposal, disconnect, doReadIdentification, exceptionCaught, getAttribute, getAttributesCount, getAuthTimeout, getAuthTimeoutStart, getBoundLocalPortForward, getBoundRemotePortForward, getChannelStreamPacketWriterResolver, getForwardingFilter, getIdleTimeout, getIdleTimeoutStart, getIoSession, getLocalForwardsBindings, getLock, getParentPropertyResolver, getProperties, getRemoteForwardsBindings, getReservedSessionMessagesHandler, getStartedLocalPortForwards, getStartedRemotePortForwards, getTimeoutStatus, getUnknownChannelReferenceHandler, getUsername, handleDebug, handleDisconnect, handleDisconnect, handleIgnore, handleUnimplemented, invokeSessionSignaller, isAuthenticated, isLocalPortForwardingStartedForPort, isRemotePortForwardingStartedForPort, isServerSession, mergeProposals, removeAttribute, resetAuthTimeout, resetIdleTimeout, resizeKey, resolveChannelStreamPacketWriterResolver, resolveIdentificationString, resolvePeerAddress, resolveReservedSessionMessagesHandler, resolveUnknownChannelReferenceHandler, sendDebugMessage, sendIdentification, sendIgnoreMessage, sendNewKeys, sendNotImplemented, setAttribute, setAuthenticated, setChannelStreamPacketWriterResolver, setReservedSessionMessagesHandler, setUnknownChannelReferenceHandler, setUsername, signalDisconnect, signalDisconnect, signalExceptionCaught, signalExceptionCaught, signalNegotiationEnd, signalNegotiationEnd, signalNegotiationStart, signalNegotiationStart, signalSessionClosed, signalSessionClosed, signalSessionCreated, signalSessionCreated, signalSessionEvent, signalSessionEvent, toString, writePacket
getCipherFactories, getCompressionFactories, getDelegate, getKeyExchangeFactories, getMacFactories, getSignatureFactories, resolveEffectiveFactories, resolveEffectiveProvider, setCipherFactories, setCompressionFactories, setKeyExchangeFactories, setMacFactories, setSignatureFactories
doCloseGracefully, doCloseImmediately
addCloseFutureListener, builder, close, isClosed, isClosing, removeCloseFutureListener
getSimplifiedLogger
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
createBuffer, createBuffer, disconnect, exceptionCaught, getAuthTimeout, getAuthTimeoutStart, getCipherInformation, getCompressionInformation, getIdleTimeout, getIdleTimeoutStart, getIoSession, getKex, getLocalAddress, getMacInformation, getNegotiatedKexParameter, getRemoteAddress, getService, getTimeoutStatus, prepareBuffer, reExchangeKeys, request, resetAuthTimeout, resetIdleTimeout, resolveAttribute, resolveAttribute, sendDebugMessage, sendIgnoreMessage, setAuthenticated, writePacket
getClientVersion, getServerVersion, getSessionId, isAuthenticated, isValidVersionPrefix
getBoolean, getBooleanProperty, getInteger, getIntProperty, getLong, getLongProperty, getObject, getParentPropertyResolver, getProperties, getString, getStringProperty
clearAttributes, computeAttributeIfAbsent, removeAttribute, setAttribute
attributeKeys, getAttribute, getAttributesCount, ofAttributesMap, ofKeyValuePair
setUsername
getUsername
getCipherFactories, getCipherFactoriesNameList, getCipherFactoriesNames, getCompressionFactories, getCompressionFactoriesNameList, getCompressionFactoriesNames, getKeyExchangeFactories, getMacFactories, getMacFactoriesNameList, getMacFactoriesNames, setCipherFactories, setCipherFactoriesNameList, setCipherFactoriesNames, setCipherFactoriesNames, setCompressionFactories, setCompressionFactoriesNameList, setCompressionFactoriesNames, setCompressionFactoriesNames, setKeyExchangeFactories, setMacFactories, setMacFactoriesNameList, setMacFactoriesNames, setMacFactoriesNames
getSignatureFactories, getSignatureFactories, getSignatureFactoriesNameList, getSignatureFactoriesNames, resolveSignatureFactories, setSignatureFactories, setSignatureFactoriesNameList, setSignatureFactoriesNames, setSignatureFactoriesNames
addSessionListener, getSessionListenerProxy, removeSessionListener
getReservedSessionMessagesHandler, setReservedSessionMessagesHandler
addChannelListener, getChannelListenerProxy, removeChannelListener
getChannelStreamPacketWriterResolver, resolveChannelStreamPacketWriter, resolveChannelStreamPacketWriterResolver, setChannelStreamPacketWriterResolver
addPortForwardingEventListener, getPortForwardingEventListenerProxy, removePortForwardingEventListener
getUnknownChannelReferenceHandler, resolveUnknownChannelReferenceHandler, setUnknownChannelReferenceHandler
getBoundLocalPortForward, getBoundRemotePortForward, getLocalForwardsBindings, getRemoteForwardsBindings, getStartedLocalPortForwards, getStartedRemotePortForwards, isLocalPortForwardingStartedForPort, isRemotePortForwardingStartedForPort
writePacket
addCloseFutureListener, close, close, close, getMaxCloseWaitTime, isClosed, isClosing, isOpen, removeCloseFutureListener
getUserAuthFactoriesNameList, getUserAuthFactoriesNames, resolveUserAuthFactories, resolveUserAuthFactories, setUserAuthFactoriesNameList, setUserAuthFactoriesNames, setUserAuthFactoriesNames
protected AbstractServerSession(ServerFactoryManager factoryManager, IoSession ioSession)
public ServerFactoryManager getFactoryManager()
getFactoryManager
in interface FactoryManagerHolder
getFactoryManager
in interface ServerSession
getFactoryManager
in class SessionHelper
FactoryManager
public ServerProxyAcceptor getServerProxyAcceptor()
getServerProxyAcceptor
in interface ServerProxyAcceptorHolder
public void setServerProxyAcceptor(ServerProxyAcceptor proxyAcceptor)
setServerProxyAcceptor
in interface ServerProxyAcceptorHolder
public SocketAddress getClientAddress()
getClientAddress
in interface ServerSession
SocketAddress
of the remote client. If no proxy wrapping
was used then this is the same as the IoSession#getRemoteAddress()
.
Otherwise, it indicates the real client's address that was somehow transmitted
via the proxy meta-datapublic void setClientAddress(SocketAddress clientAddress)
public PasswordAuthenticator getPasswordAuthenticator()
ServerAuthenticationManager
PasswordAuthenticator
to be used by the SSH server.
If no authenticator has been configured (i.e. this method returns
null
), then client authentication requests based on passwords
will be rejected.getPasswordAuthenticator
in interface ServerAuthenticationManager
PasswordAuthenticator
or null
public void setPasswordAuthenticator(PasswordAuthenticator passwordAuthenticator)
setPasswordAuthenticator
in interface ServerAuthenticationManager
public PublickeyAuthenticator getPublickeyAuthenticator()
ServerAuthenticationManager
PublickeyAuthenticator
to be used by SSH server.
If no authenticator has been configured (i.e. this method returns
null
), then client authentication requests based on keys will be
rejected.getPublickeyAuthenticator
in interface ServerAuthenticationManager
PublickeyAuthenticator
or null
public void setPublickeyAuthenticator(PublickeyAuthenticator publickeyAuthenticator)
setPublickeyAuthenticator
in interface ServerAuthenticationManager
public KeyboardInteractiveAuthenticator getKeyboardInteractiveAuthenticator()
ServerAuthenticationManager
KeyboardInteractiveAuthenticator
to be used by
the SSH server. If no authenticator has been configured (i.e. this method returns
null
), then client authentication requests based on this method
will be rejected.getKeyboardInteractiveAuthenticator
in interface ServerAuthenticationManager
KeyboardInteractiveAuthenticator
or null
public void setKeyboardInteractiveAuthenticator(KeyboardInteractiveAuthenticator interactiveAuthenticator)
setKeyboardInteractiveAuthenticator
in interface ServerAuthenticationManager
public GSSAuthenticator getGSSAuthenticator()
ServerAuthenticationManager
GSSAuthenticator
to be used by the SSH server.
If no authenticator has been configured (i.e. this method returns
null
), then client authentication requests based on gssapi
will be rejected.getGSSAuthenticator
in interface ServerAuthenticationManager
GSSAuthenticator
or null
public void setGSSAuthenticator(GSSAuthenticator gssAuthenticator)
setGSSAuthenticator
in interface ServerAuthenticationManager
public HostBasedAuthenticator getHostBasedAuthenticator()
ServerAuthenticationManager
HostBasedAuthenticator
to be used by the SSH server. If
no authenticator has been configured (i.e. this method returns null
),
then client authentication requests based on this method will be rejected.getHostBasedAuthenticator
in interface ServerAuthenticationManager
HostBasedAuthenticator
or null
public void setHostBasedAuthenticator(HostBasedAuthenticator hostBasedAuthenticator)
setHostBasedAuthenticator
in interface ServerAuthenticationManager
public List<NamedFactory<UserAuth>> getUserAuthFactories()
ServerAuthenticationManager
UserAuth
objects.getUserAuthFactories
in interface ServerAuthenticationManager
UserAuth
factories, never null
/emptypublic void setUserAuthFactories(List<NamedFactory<UserAuth>> userAuthFactories)
setUserAuthFactories
in interface ServerAuthenticationManager
public KeyPairProvider getKeyPairProvider()
KeyPairProviderHolder
KeyPairProvider
that will be used to find
the host key to use on the server side or the user key on the client side.getKeyPairProvider
in interface KeyPairProviderHolder
KeyPairProvider
, never null
public void setKeyPairProvider(KeyPairProvider keyPairProvider)
setKeyPairProvider
in interface KeyPairProviderHolder
protected IoWriteFuture sendServerIdentification(String... headerLines) throws IOException
headerLines
- Extra header lines to be prepended to the actual
identification string - ignored if null
/emptyIoWriteFuture
that can be used to be notified of
identification data being written successfully or failingIOException
- If failed to send identificationprotected void checkKeys()
AbstractSession
checkKeys
in class AbstractSession
protected boolean handleServiceRequest(String serviceName, Buffer buffer) throws Exception
handleServiceRequest
in class AbstractSession
Exception
public void startService(String name) throws Exception
startService
in interface Session
name
- Service nameException
- If failed to start itprotected void handleServiceAccept(String serviceName, Buffer buffer) throws Exception
handleServiceAccept
in class AbstractSession
Exception
protected byte[] sendKexInit(Map<KexProposalOption,String> proposal) throws IOException
AbstractSession
sendKexInit
in class AbstractSession
proposal
- our proposal for key exchange negotiationIOException
- if an error occurred sending the packetprotected void setKexSeed(byte... seed)
setKexSeed
in class AbstractSession
seed
- The result of the KEXINIT handshake - required for correct session key establishmentprotected String resolveAvailableSignaturesProposal(FactoryManager proposedManager) throws IOException, GeneralSecurityException
resolveAvailableSignaturesProposal
in class AbstractSession
proposedManager
- The FactoryManager
null
/empty if no proposalIOException
- If failed to read/parse the keys dataGeneralSecurityException
- If failed to generate the keysprotected String resolveEmptySignaturesProposal(Iterable<String> supported, Iterable<String> provided)
resolveAvailableSignaturesProposal(FactoryManager)
if none of the provided keys is supported - last chance for the derived
implementation to do somethingsupported
- The supported key types - may be null
/emptyprovided
- The available signature types - may be null
/emptynull
by defaultprotected boolean readIdentification(Buffer buffer) throws IOException, GeneralSecurityException
AbstractSession
SessionHelper.doReadIdentification(Buffer, boolean)
and
store the result in the needed property.readIdentification
in class AbstractSession
buffer
- The Buffer
containing the remote identificationtrue
if the identification has been fully read or
false
if more data is neededIOException
- if an error occurs such as a bad protocol versionGeneralSecurityException
- If unsuccessful KEX was involvedprotected void receiveKexInit(Map<KexProposalOption,String> proposal, byte[] seed) throws IOException
receiveKexInit
in class AbstractSession
IOException
public KeyPair getHostKey()
getHostKey
in interface ServerSession
KeyPair
representing the current session's used keys
on KEX - null
if not negotiated yetpublic int getActiveSessionCountForUser(String userName)
ServerSession
getActiveSessionCountForUser
in interface ServerSession
userName
- The name of the user - ignored if null
/emptySshSession
objects associated with the userpublic long getId()
protected ConnectionService getConnectionService()
getConnectionService
in class SessionHelper
Copyright © 2008–2022 The Apache Software Foundation. All rights reserved.