All Classes and Interfaces
Class
Description
Provides common client/server channel functionality
Provides a common base class for channel request handlers that deal with various "
exit-XXX"
requests.TODO Add javadoc
Provides default implementations of
ClientSession related methodsProvides some default implementations for managing channel/connection open/close state
Provides a basic useful skeleton for
Command executionsBase implementation of ConnectionService.
TODO Add javadoc
Base class for the Diffie-Hellman key agreement.
Provides a basic useful skeleton for
Command executions that require file system accessHolds a single
KeyPair which is generated the 1st time AbstractGeneratorHostKeyProvider.loadKeys(SessionContext) is called.TODO Add javadoc
Provides a default implementation for some
KeyPairProvider methodsServes as a common base class for the vast majority of classes that require some kind of logging.
Base class for various
XXX@openssh.com extension data reportsBase class for PEM file key-pair loaders
Useful base class implementation for a decoder of an
OpenSSH encoded key dataTODO Add javadoc
A no-op implementation of
ScpTransferEventListener for those who wish to implement only a small number of
methods.TODO Add javadoc
Provides default implementations for
ServerSession related methods
The AbstractSession handles all the basic SSH protocol such as key exchange, authentication, encoding and decoding.
An abstract base factory of sessions.
TODO Add javadoc
A no-op implementation of
SftpEventListener for those who wish to implement only a small number of methods.Useful base class for
Signature implementationA
ForwardingFilter that accepts all requestsAccepts all authentication attempts
Accepts all authentication attempts
A ServerKeyVerifier that accepts all server keys.
The "acl-supported" information as per
DRAFT 11 - section 5.4
The server side fake agent, acting as an agent, but actually forwarding the requests to the auth channel on the
client side.
A local SSH agent implementation
The server side fake agent, acting as an agent, but actually forwarding the requests to the auth channel on the
client side.
Provides different shell(s) based on some criteria of the provided
ChannelSessionRepresents a command capable of doing non-blocking io.
Type safe key for storage of user attributes.
Provides the capability to attach in-memory attributes to the entity
An
SshFuture for asynchronous authentication requests.Checks against a
Collection of AuthorizedKeyEntrys
Records the matched entry under a session attribute.Represents an entry in the user's
authorized_keys file according to the
OpenSSH
format.Uses the authorized keys file to implement
PublickeyAuthenticator while automatically re-loading the keys if
the file has changed when a new authentication request is received.Wraps a target instance and an
AutoCloseable delegate into a proxy instance that closes both when wrapper
close method called.Base class for dedicated client/server instance builders
Base class for all Cipher implementations delegating to the JCE provider.
Base class for Digest algorithms based on the JCE provider.
Algorithm parameters for AES/GCM that assumes the IV uses an 8-byte counter field as its most significant bytes.
Base class for
Mac implementations based on the JCE provider.BCrypt implements OpenBSD-style Blowfish password hashing using
the scheme described in "A Future-Adaptable Password Scheme" by
Niels Provos and David Mazieres.
BouncyCastle
Random.Named factory for the BouncyCastle
RandomProvides an abstract message buffer for encoding SSH messages
An
IoOutputStream capable of queuing write requests.TODO Add javadoc
Provides easy access to the currently implemented ciphers
Holds the result of
BuiltinCiphers.parseCiphersList(String)Holds the result of
BuiltinCompressions.parseCompressionsList(String)Represents the result of
BuiltinDHFactories.parseDHFactoriesList(String)Provides easy access to the currently implemented digests
A named optional factory.
Contains the names of the identities
Provides easy access to the currently implemented macs
Provides easy access to the currently implemented signatures
Holds the result of the
BuiltinSignatures.parseSignatureList(String)Provides a centralized location for the default built-in authentication factories
Provides a centralized location for the default built-in authentication factories
Holds the result of
BuiltinUserAuthFactories.parseFactoriesList(String)Holds the result of
BuiltinUserAuthFactories.parseFactoriesList(String)Provides an implementation of
Buffer using a backing byte arrayCaches the result per session - compensates for
OpenSSH behavior where it sends 2 requests with the same key
(see SSHD-300).Handler for "cancel-tcpip-forward" global request.
Represents a channel opened over an SSH session - holds information that is common both to server and client
channels.
The client side channel that will receive requests forwards by the SSH server.
Receiving end of the data stream from the client.
TODO Add javadoc
Client channel to run a remote command
Provides a simple listener for client / server channels being established or torn down.
TODO Add javadoc
TODO Add javadoc
Client side channel session
Server side channel session
Command can implement this optional interface to receive a reference to ChannelSession.Client channel to open a remote shell
The ChannelStreamWriter is used when writing to the channel data stream.
A special mechanism that enables users to intervene in the way packets are sent from
ChannelOutputStream-s -
e.g., by introducing throttlingTODO Add javadoc
Client channel to run a subsystem
Implements "check-file-handle" extension
Implements "check-file-name" extension
Wrapper for a cryptographic cipher, used either for encryption or decryption.
The reported algorithm name refers to the cipher base name - e.g., "AES", "ARCFOUR", etc.
Represents a no-op cipher.
This provider loads private keys from the specified resources that are accessible via
ClassLoader.getResourceAsStream(String).TODO Add javadoc
Holds information required for the client to perform authentication with the server
SshClient builder
A client channel used to communicate with the SSH server.
Various events used by
ClientChannel.waitFor(java.util.Collection, long)TODO Add javadoc
This is a specialized
SshFutureListener that is used to enqueue data that is sent while the channel is being
set-up, so that when it is established it will send them in the same order as they have been received.Client side
ssh-connection service.The
ClientFactoryManager enable the retrieval of additional configuration needed specifically for the
client side.Watches over a group of files that contains client identities
Provides keys loading capability from the user's keys folder - e.g.,
id_rsaA
ClientIdentityProvider that watches a given key file re-loading its contents if it is ever modified,
deleted or (re-)createdTODO Add javadoc
Provides a way to implement proxied connections where some metadata about the client is sent before the actual
SSH protocol is executed - e.g., the <A HREF=@http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt">PROXY
protocol.
An authenticated session to a given SSH server.
The default implementation of a
ClientSessionClient side
ssh-auth service.A
Closeable is a resource that can be closed.A
/dev/null stream that can be closed - in which case it will throw IOExceptions if invoked after
being closedAn
ScpClient wrapper that also closes the underlying session when closedAn
SshFuture for asynchronous close requests.
Represents a command, shell or subsystem that can be used to send command.
Commands are executed on the server side when an "exec" channel is requested by the SSH client.
Configurable properties for sshd-common.
Interface used to compress the stream of data between the SSH server and clients.
Enum identifying if this object will be used to compress or uncompress data.
Provides a "bridge" between the configuration values and the actual
NamedFactory for the Compression.ZLib delayed compression.
ZLib based Compression.
Watches for changes in a configuration file and automatically reloads any changes
An
SshFuture for asynchronous connections requests.Interface implementing ssh-connection service.
Implements the "copy-data" extension
Implements the "copy-data" extension
Implements the "copy-file" extension
Configurable properties for sshd-core.
Simple helper class which gets GSS credential using a fixed Krb5 login configuration.
A login configuration which is defined from code.
Privileged action which runs as the subject to get the credentials.
A default implementation of
AuthFuture.Monitors the
~/.ssh/authorized_keys file of the user currently running the server, re-loading it if
necessary.A ChannelStreamWriter that simply calls the
Channel.writePacket(Buffer) method.Detects if the server sends a
"server-sig-algs" and updates the client
session by adding the "rsa-sha2-256/512" signature
factories (if not already added).
A default implementation of
CloseFuture.Monitors the
~/.ssh/config file of the user currently running the client, re-loading it if necessary.A default implementation of
ConnectFuture.Requests a "tcpip-forward" action
The default
ForwarderFactory implementation.Provides a default implementation for
KeyboardInteractiveAuthenticator where it prompts for the password.Monitors the
~/.ssh/known_hosts file of the user currently running the client, updating and re-loading it if
necessary.A default implementation of
OpenFuture.TODO Add javadoc
TODO Add javadoc
A default implementation of
SshFuture.A
ServerKeyVerifier that delegates verification to the instance found in the ClientSession metadata
The verifier can be specified at the SshClient level, which may have connections to multiple hosts.A bare minimum DER parser - just enough to be able to decode signatures and private keys
A bare-minimum DER encoder - just enough so we can encoder signatures and keys data
Diffie-Hellman key generator.
Base class for DHG key exchange algorithms.
Simple class holding the data for DH group key exchanges.
Interface used to compute digests, based on algorithms such as MD5 or SHA1.
The reported algorithm name refers to the type of digest being calculated.
Class for scanning a directory for files/directories which match certain criteria.
Utilities for working with elliptic curves.
The various
ECPoint representation compression indicatorsElliptic Curve Diffie-Hellman key agreement.
TODO Add javadoc
TODO complete this when SSHD-440 is done
TODO Add javadoc
A
/dev/null implementation - always openInterface providing access to the environment map and allowing the registration of listeners for certain signals.
Notify about the occurrence of an event
Callback used by the shell to notify the SSH server is has exited
Factory is a simple interface that is used to create other objects.
This interface allows retrieving all the
NamedFactory used in the SSH protocol.This host key provider loads private keys from the specified files.
TODO Add javadoc
Interface that can be implemented by a command to be able to access the file system in which this command will be
used.
Factory for file system implementations - it returns the file system for user.
Tracks a file containing
KeyPair-s an re-loads it whenever a change has been sensed in the monitored file (if
it exists)TODO Add javadoc
A factory for creating forwarder objects for client port forwarding
Determines if a forwarding request will be permitted.
Provides both structured and raw SFTP access
Class providing basic GSS authentication services.
Invoked when "hostbased" authentication is used
Represents an entry in the client's configuration file as defined by the
ssh_config configuration file format
Represents a pattern definition in the known_hosts file
Represents an SSH key type - the referenced algorithm is the one used to generate the key - e.g., "RSA",
"DSA", "EC".
A dummy map that ignores all
put/remove callsA class for turning a byte stream into a character stream.
Represents a server "challenge" as per RFC-4256
A simplistic interactive shell factory
This shell have inverted streams, such as the one obtained when launching a new
Process from java.A shell implementation that wraps an instance of
InvertedShell as a Command.The complement to the
Callable interface - accepts one argument and possibly throws somethingInvokes some I/O function on the input returning some output and potentially throwing an
IOException in the
processRepresents a stream that can be read asynchronously.
Represents a stream that can be written asynchronously.
TODO Add javadoc
TODO Add javadoc
A
Random implementation using the built-in SecureRandom PRNG.Named factory for the JCE
RandomHandler for "keepalive@xxx" global request.
Used to support RFC 8308
Provides a hint as to the context in which
isKexExtensionsAvailable is invokedThe phase at which
sendKexExtensions is invokedTODO Add javadoc
Parses a known KEX extension
Provides some helpers for RFC 8308
Holds KEX negotiation stage configuration
Used to track the key-exchange (KEX) protocol progression
Uses an
SshAgent to generate the identity signatureProvides pluggable authentication using the "keyboard-interactive" method as specified by
RFC-4256?
Key exchange algorithm.
TODO Add javadoc
Uses a
KeyPair to generate the identity signatureThe reported algorithm name refers to the encryption algorithm name - e.g., "RSA", "DSA"
Provider for key pairs.
Loads
KeyPairs from text resourcesA
KeyPairResourceWriter can serialize keys to an external representation.Draw an ASCII-Art representing the fingerprint so human brain can profit from its built-in pattern recognition
ability.
Checks against a
Collection of PublicKeysTODO Add javadoc
Utility class for keys
Available digesters for known hosts entries
Contains a representation of an entry in the
known_hosts fileRepresents an entry in the internal verifier's cache
Wraps several
ClientIdentityProvider into a KeyPair Iterator that invokes each provider
"lazily" - i.e., only when Iterator.hasNext() is invoked.TODO Add javadoc
Creates a "smooth" wrapping
Iterable using several underlying ones to provide the values.Provides a selective
Iterable over values that match a specific type out of all available.An
Iterator that selects only objects of a certain type from the underlying available ones.Reads from another
InputStream up to specified max.Used to hold the result of parsing a list of value.
Dumps everything that is written to the stream to the logger
Replicates the functionality of the existing
SSH_FXP_SETSTAT operation but does not follow symbolic linksMessage Authentication Code for use in SSH.
The reported algorithm name refers to the MAC being used
Represents an un-modifiable pair of values
Implements "md5-hash" extension
Implements "md5-hash-handle" extension
Special exception returned by
AbstractSession.getSession(org.apache.sshd.common.io.IoSession, boolean) to
indicate that there is no currently attached SSH sessionWatches over changes for a file and re-loads them if file has changed - including if file is deleted or (re-)created
Helper class to load DH group primes from a file.
Iterates over several
KeyIdentityProvider-s exhausting their keys one by one (lazily).Aggregates several
KeyIdentityProvider-s into a single logical one that (lazily) exposes the keys from each
aggregated providerSpecial exception thrown by
AbstractSession.attachSession(org.apache.sshd.common.io.IoSession, AbstractSession) in order to indicate an
already attached I/O sessionHolds the result of parsing a list of
NamedFactoryiesA named factory is a factory identified by a name.
Native file system factory.
The "newline" extension information as per
DRAFT 09
Section 4.3
TODO Add javadoc
Wraps an
ExecutorService as a CloseableExecutorService and avoids calling its shutdown
methods when the wrapper is shut downTODO Add javadoc
TODO Add javadoc
Handler for "no-more-sessions@xxx" global request.
Provides an "empty" file system that has no files/folders and throws exceptions on any attempt to access a
file/folder on it
Provides an "empty"
FileSystemProvider that has no files of any type.A
/dev/null input streamA {code /dev/null} output stream
A generic builder interface
An
SshFuture for asynchronous channel opening requests.Represents and OpenSSH certificate key as specified in
PROTOCOL.certkeys
Implements the "fsync@openssh.com" extension
A handler for the "hostkeys-00@openssh.com" request - for now, only reads the presented host key.
An initial handler for "hostkeys-prove-00@openssh.com" request
A
PrivateKeyEncryptionContext for use with a OpenSSHKeyPairResourceWriter.Basic support for OpenSSH
key file(s)
A
KeyPairResourceWriter for writing keys in the modern OpenSSH format, using the OpenBSD bcrypt KDF for
passphrase-protected encrypted private keys.A key encryptor for modern-style OpenSSH private keys using the bcrypt KDF.
Response for the "statvfs@openssh.com" and "fstatvfs@openssh.com" extension commands.
Implements the "fstatvfs@openssh.com" extension command
Implements the "statvfs@openssh.com" extension command
Operating system dependent utility methods.
Waits for a group of
Closeables to complete in any order, then signals the completion by setting the
"parent" future as closedUsed to authenticate users based on a password.
A special exception that can be thrown by the
PasswordAuthenticator to indicate that the password requires
changing or is not string enoughFuture holding a packet pending key exchange termination.
ChannelDataReceiver that buffers the received data into byte buffer and provides an InputStream to
consume them.
PrivateKeyInfo ::= SEQUENCE {
version Version,
privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
privateKey PrivateKey,
attributes [0] IMPLICIT Attributes OPTIONAL
}
Version ::= INTEGER
PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
PrivateKey ::= OCTET STRING
Attributes ::= SET OF Attribute
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
Marker interface for classes that allow to add/remove port forwarding listeners.
Bridges the I/O streams between the SSH command and the process that executes it
Executes commands by invoking the underlying shell
Property definition.
Indicates an entity that can be configured using properties.
Serves as the base channel session for executing remote commands - including a full shell.
A enum describing the tty modes according to RFC 4254 -
section 8.
The
PublickeyAuthenticator is used on the server side to authenticate user public keys.TODO Add javadoc
Represents a decoder of an
OpenSSH encoded key dataRepresents a public key identity
Loads a
KeyPair from PuTTY's ".ppk" file.Helper class for
Putty key files decodersHandles Putty specific channel requests as indicated by
Appendix F: SSH-2 names specified for
PuTTY
A pseudo random number generator.
Generic options
A
ForwardingFilter that rejects all requestsRejects all authentication attempts
Rejects all authentication attempts
A global request handler.
A ServerKeyVerifier that accepts one server key (specified in the constructor)
Provides a way to listen and handle the
SSH_MSG_IGNORE and SSH_MSG_DEBUG messages that are received
by a session, as well as proprietary and/or extension messages.Delegates the main interface methods to specific ones after having decoded each message buffer
File system provider which provides a rooted file system.
Exception used in the SSH client or server.
This commands provide SCP support on both server and client side.
This
CommandFactory can be used as a standalone command factory or can be used to augment another
CommandFactory and provides SCP support.A useful
ObjectBuilder for ScpCommandFactoryPlug-in mechanism for users to intervene in the SCP process - e.g., apply some kind of traffic shaping mechanism,
display upload/download progress, etc...
Represents a local or remote SCP location in the format "user@host:path" or
"scp://[user@]host[:port][/path]" for a remote path and a simple path for a local one.
Configurable properties for sshd-scp.
Holds the details of a "Dmmmm " command - e.g., "D0755 0 dirname"
Holds the details of a "Cmmmm " command - e.g., "C0644 299 file1.txt"
Helps transfer files between 2 servers rather than between server and local file system by using 2
ClientSession-s and simply copying from one server to the otherThis commands SCP support for a ChannelSession.
Represents an SCP timestamp definition
Can be registered in order to receive events about SCP transfers
A
ByteArrayOutputStream that clears its internal buffer after resizing and when it is closed.Specific security providers related code
This is a utility class used by selectors and DirectoryScanner.
Waits for a group of
Closeables to complete in the given order, then signals the completion by setting the
"parent" future as closedHolds providers and helpers related to the server side authentication process
SshServer builder
Server side
ssh-connection service.The
ServerFactoryManager enable the retrieval of additional configuration needed specifically for the
server side.Loads server identity key files - e.g.,
/etc/ssh/ssh_host_rsa_keyThe
ServerKeyVerifier is used on the client side to authenticate the key provided by the server.Provides a way to implement proxied connections where some metadata about the client is sent before the actual
SSH protocol is executed - e.g., the <A HREF=@http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt">PROXY
protocol.
The default implementation for a
ServerSessionSee RFC 4253 [SSH-TRANS] and the SSH_MSG_SERVICE_REQUEST packet.
Represents an SSH session.
Interface that can be implemented by a command to be able to access the server session in which this command will be
used.
A "succinct" summary of the most important attributes of an SSH session
Invoked when the internal session code decides it should disconnect a session due to some consideration.
TODO Add javadoc
A factory of client sessions.
A factory of server sessions.
Contains split code in order to make
AbstractSession class smallerRepresents an interface receiving session events.
Marker interface for classes that allow to add/remove session listeners.
Task that iterates over all currently open
Sessions and checks each of them for timeouts.Uses an
SftpClient to scan a directory (possibly recursively) and find files that match a given set of
inclusion patterns.The result of a scan
TODO Add javadoc
Implements a remote
DirectoryStreamIterates over the available directory entries for a given path.
Invoked in order to format failed commands messages
Can be used register for SFTP events.
Provides user hooks into the process of creating a
SftpFileSystem via a SftpFileSystemProviderA registered
FileSystemProvider that registers the "sftp://" scheme so that URLs with this protocol
are handled as remote SFTP Path-s - e.g., "sftp://user:password@host/remote/file/path"Provides an
Iterable implementation of the SftpClient.DirEntry-ies for a remote directoryConfigurable properties for sshd-sftp.
Implements an output stream for a given remote file
An SFTP-aware
DirectoryScanner that assumes all Path-s refer to SFTP remote ones and match patterns
use "/" as their separator with case sensitive matching by default (though the latter can be modified).SFTP subsystem
Some universal identifiers used in owner and/or group specification strings
Wraps a
SftpVersionSelector and assigns it a name.Shell(s) are executed on the server side when a "shell" channel is established
System signals definition that the shell can receive.
Define a listener to receive signals
Signature interface for SSH used to sign or verify packets.
DSA
SignatureSignature algorithm for EC keys using ECDSA.
Manage the list of named factories for
Signature.RSA
SignatureProvides a simplified and synchronous view of the available SSH client functionality.
TODO Add javadoc
An implementation of
IoOutputStream using a synchronous ChannelOutputStream.A simplified synchronous API for obtaining SCP sessions.
TODO Add javadoc
A simplified synchronous API for creating client sessions
A simplified synchronous API for obtaining SFTP sessions.
A random factory wrapper that uses a single random instance.
SOCKS proxy server, supporting simple socks4/5 protocols.
Implements the "space-available" extension
Implements "space-available" extension
Decodes a public key file encoded according to The Secure Shell (SSH)
Public Key File Format
SSH key agent server
The
SshAgentFactory is used to communicate with an SshAgent.Documents failure of a channel to open as expected.
Entry point for the client side of the SSH protocol.
Reads and interprets some useful configurations from an OpenSSH configuration file.
This interface defines constants for the SSH protocol.
A simple socket address holding the host name and port number.
Default
ThreadFactory used by ThreadUtils to create thread pools if user did provide oneRepresents an SSH related exception
Represents the completion of an asynchronous SSH operation on a given object (it may be an SSH session or an SSH
channel).
Something interested in being notified when the completion of an asynchronous SSH operation :
SshFuture.
The SshServer class is the main entry point for the server side of the SSH protocol.
Reads and interprets some useful configurations from an OpenSSH configuration file.
A
ForwardingFilter implementation that returns the same "static" result for all the queries.Returns the same constant result
true/false regardlessReturns the same constant result
true/false regardlessReturns the same constant answer
true/false regardlessA channel that can be either configured to use synchronous or asynchrounous streams.
Support for stty command on unix
Parses the "supported2" extension as defined in
DRAFT 13 section 5.4
Parses the "supported" extension as defined in
DRAFT 05 -
section 4.4
A wrapper that exposes a read-only
Map access to the system properties.The type of requested connection forwarding.
TODO Add javadoc
Type of channel being created.
Handler for "tcpip-forward" global request.
Special marker interface used to signal to the forwarding filter that an exception has been caught on the forwarded
channel
TODO Add javadoc
Utility class for thread pools.
Used to convey information about an expired timeout
Timeout status.
Handles the input while taking into account the
PtyModes for handling CR / LFHandles the output stream while taking care of the
PtyMode for CR / LF and ECHO settingsChecks equality between 2 entities of same type
Implementation of an unknown command that can be returned by
CommandFactory when the command is not
known, as it is supposed to always return a valid Command object.Represents a user authentication mechanism
Server side authentication mechanism.
UserAuthFactoriesManager<S extends SessionContext,M extends UserAuthInstance<S>,F extends UserAuthMethodFactory<S,M>>
Prototype user authentication handling gssapi-with-mic.
Factory class.
Represents an authentication-in-progress tracker for a specific session
Manages a "keyboard-interactive" exchange according to
RFC4256
Issue a "keyboard-interactive" command according to
RFC4256
Represents a user authentication method
TODO Add javadoc
Implements the client-side "password" authentication mechanism
Implements the server-side "password" authentication mechanism
Implements the "publickey" authentication mechanism
TODO Add javadoc
Interface used by the ssh client to communicate with the end user.
The "vendor-id" information as per
DRAFT 09 -
section 4.4
Represents an asynchronous operation whose successful result can be verified somehow.
The "versions" extension data as per
DRAFT 09
Section 4.6
SSHd file system factory to reduce the visibility to a physical folder.
Represents an asynchronous operation which one can wait for its completion.
Used to indicate at which authentication phase to send the welcome banner (if any configured)
A Window for a given channel.
Indicates a
Window has been closed.Special marker interface used to signal to the forwarding filter that an exception has been caught on the forwarded
channel