public class DefaultAuthorizedKeysAuthenticator extends AuthorizedKeysAuthenticator implements UsernameHolder
~/.ssh/authorized_keys
file of the user currently running
the server, re-loading it if necessary. It also (optionally) enforces the same
permissions regime as OpenSSH
does for the file permissions. By default
also compares the current username with the authenticated one.Modifier and Type | Field and Description |
---|---|
static DefaultAuthorizedKeysAuthenticator |
INSTANCE
The default instance that enforces the same permissions regime as
OpenSSH |
options, STRICTLY_PROHIBITED_FILE_PERMISSION
log
Constructor and Description |
---|
DefaultAuthorizedKeysAuthenticator(boolean strict) |
DefaultAuthorizedKeysAuthenticator(File file,
boolean strict) |
DefaultAuthorizedKeysAuthenticator(Path path,
boolean strict,
LinkOption... options) |
DefaultAuthorizedKeysAuthenticator(String user,
boolean strict) |
DefaultAuthorizedKeysAuthenticator(String user,
File file,
boolean strict) |
DefaultAuthorizedKeysAuthenticator(String user,
Path path,
boolean strict,
LinkOption... options) |
Modifier and Type | Method and Description |
---|---|
String |
getUsername() |
boolean |
isStrict() |
protected boolean |
isValidUsername(String username,
ServerSession session) |
protected Collection<AuthorizedKeyEntry> |
reloadAuthorizedKeys(Path path,
String username,
ServerSession session) |
protected Path |
validateFilePath(Path path,
Collection<PosixFilePermission> perms,
Collection<PosixFilePermission> excluded) |
authenticate, getFallbackPublicKeyEntryResolver, resolvePublickeyAuthenticator
checkReloadRequired, exists, getPath, lastModified, resetReloadAttributes, size, toString, updateReloadAttributes, validateStrictConfigFilePermissions
public static final DefaultAuthorizedKeysAuthenticator INSTANCE
OpenSSH
public DefaultAuthorizedKeysAuthenticator(boolean strict)
strict
- If true
then makes sure that the containing folder
has 0700 access and the file 0600. Note: for Windows it
does not check these permissionspublic DefaultAuthorizedKeysAuthenticator(String user, boolean strict)
public DefaultAuthorizedKeysAuthenticator(File file, boolean strict)
public DefaultAuthorizedKeysAuthenticator(String user, File file, boolean strict)
public DefaultAuthorizedKeysAuthenticator(Path path, boolean strict, LinkOption... options)
public DefaultAuthorizedKeysAuthenticator(String user, Path path, boolean strict, LinkOption... options)
public final String getUsername()
getUsername
in interface UsernameHolder
null
/empty if holder
not yet initializedpublic final boolean isStrict()
protected boolean isValidUsername(String username, ServerSession session)
isValidUsername
in class AuthorizedKeysAuthenticator
protected Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(Path path, String username, ServerSession session) throws IOException
reloadAuthorizedKeys
in class AuthorizedKeysAuthenticator
IOException
protected Path validateFilePath(Path path, Collection<PosixFilePermission> perms, Collection<PosixFilePermission> excluded) throws IOException
path
- The Path
to be validatedperms
- The current PosixFilePermission
sexcluded
- The permissions not allowed to existIOException
- If an excluded permission appears in the current onesCopyright © 2008–2016 The Apache Software Foundation. All rights reserved.