Browse Source
Provide a wrapper interface and change the implementation such that a client can substitute its own database of known hosts keys instead of the default file-based mechanism. Bug: 547619 Change-Id: Ifc25a4519fa5bcf7bb8541b9f3e2de15215e3d66 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>stable-5.5
Thomas Wolf
6 years ago
6 changed files with 688 additions and 89 deletions
@ -0,0 +1,221 @@
|
||||
/* |
||||
* Copyright (C) 2019 Thomas Wolf <thomas.wolf@paranor.ch> |
||||
* and other copyright owners as documented in the project's IP log. |
||||
* |
||||
* This program and the accompanying materials are made available |
||||
* under the terms of the Eclipse Distribution License v1.0 which |
||||
* accompanies this distribution, is reproduced below, and is |
||||
* available at http://www.eclipse.org/org/documents/edl-v10.php
|
||||
* |
||||
* All rights reserved. |
||||
* |
||||
* Redistribution and use in source and binary forms, with or |
||||
* without modification, are permitted provided that the following |
||||
* conditions are met: |
||||
* |
||||
* - Redistributions of source code must retain the above copyright |
||||
* notice, this list of conditions and the following disclaimer. |
||||
* |
||||
* - Redistributions in binary form must reproduce the above |
||||
* copyright notice, this list of conditions and the following |
||||
* disclaimer in the documentation and/or other materials provided |
||||
* with the distribution. |
||||
* |
||||
* - Neither the name of the Eclipse Foundation, Inc. nor the |
||||
* names of its contributors may be used to endorse or promote |
||||
* products derived from this software without specific prior |
||||
* written permission. |
||||
* |
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND |
||||
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, |
||||
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR |
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER |
||||
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
||||
*/ |
||||
package org.eclipse.jgit.transport.sshd; |
||||
|
||||
import static org.junit.Assert.assertNotNull; |
||||
import static org.junit.Assert.assertTrue; |
||||
|
||||
import java.io.File; |
||||
import java.io.IOException; |
||||
import java.io.InputStream; |
||||
import java.io.UncheckedIOException; |
||||
import java.net.InetSocketAddress; |
||||
import java.nio.file.Files; |
||||
import java.nio.file.Path; |
||||
import java.security.GeneralSecurityException; |
||||
import java.security.KeyPair; |
||||
import java.security.PublicKey; |
||||
import java.util.Arrays; |
||||
import java.util.Collections; |
||||
import java.util.Iterator; |
||||
import java.util.List; |
||||
|
||||
import org.apache.sshd.common.NamedResource; |
||||
import org.apache.sshd.common.config.keys.KeyUtils; |
||||
import org.apache.sshd.common.keyprovider.KeyIdentityProvider; |
||||
import org.apache.sshd.common.session.SessionContext; |
||||
import org.apache.sshd.common.util.net.SshdSocketAddress; |
||||
import org.apache.sshd.common.util.security.SecurityUtils; |
||||
import org.eclipse.jgit.lib.Constants; |
||||
import org.eclipse.jgit.transport.CredentialsProvider; |
||||
import org.eclipse.jgit.transport.SshSessionFactory; |
||||
import org.eclipse.jgit.transport.ssh.SshTestHarness; |
||||
import org.eclipse.jgit.util.FS; |
||||
import org.junit.After; |
||||
import org.junit.Test; |
||||
|
||||
/** |
||||
* Test for using the SshdSessionFactory without files in ~/.ssh but with an |
||||
* in-memory setup. |
||||
*/ |
||||
public class NoFilesSshTest extends SshTestHarness { |
||||
|
||||
|
||||
private PublicKey testServerKey; |
||||
|
||||
private KeyPair testUserKey; |
||||
|
||||
@Override |
||||
protected SshSessionFactory createSessionFactory() { |
||||
SshdSessionFactory result = new SshdSessionFactory(new JGitKeyCache(), |
||||
null) { |
||||
|
||||
@Override |
||||
protected File getSshConfig(File dir) { |
||||
return null; |
||||
} |
||||
|
||||
@Override |
||||
protected ServerKeyDatabase getServerKeyDatabase(File homeDir, |
||||
File dir) { |
||||
return new ServerKeyDatabase() { |
||||
|
||||
@Override |
||||
public List<PublicKey> lookup(String connectAddress, |
||||
InetSocketAddress remoteAddress, |
||||
Configuration config) { |
||||
return Collections.singletonList(testServerKey); |
||||
} |
||||
|
||||
@Override |
||||
public boolean accept(String connectAddress, |
||||
InetSocketAddress remoteAddress, |
||||
PublicKey serverKey, Configuration config, |
||||
CredentialsProvider provider) { |
||||
return KeyUtils.compareKeys(serverKey, testServerKey); |
||||
} |
||||
|
||||
}; |
||||
} |
||||
|
||||
@Override |
||||
protected Iterable<KeyPair> getDefaultKeys(File dir) { |
||||
// This would work for this simple test case:
|
||||
// return Collections.singletonList(testUserKey);
|
||||
// But let's see if we can check the host and username that's used.
|
||||
// For that, we need access to the sshd SessionContext:
|
||||
return new KeyAuthenticator(); |
||||
} |
||||
|
||||
@Override |
||||
protected String getDefaultPreferredAuthentications() { |
||||
return "publickey"; |
||||
} |
||||
}; |
||||
|
||||
// The home directory is mocked at this point!
|
||||
result.setHomeDirectory(FS.DETECTED.userHome()); |
||||
result.setSshDirectory(sshDir); |
||||
return result; |
||||
} |
||||
|
||||
private class KeyAuthenticator implements KeyIdentityProvider, Iterable<KeyPair> { |
||||
|
||||
@Override |
||||
public Iterator<KeyPair> iterator() { |
||||
// Should not be called. The use of the Iterable interface in
|
||||
// SshdSessionFactory.getDefaultKeys() made sense in sshd 2.0.0,
|
||||
// but sshd 2.2.0 added the SessionContext, which although good
|
||||
// (without it we couldn't check here) breaks the Iterable analogy.
|
||||
// But we're stuck now with that interface for getDefaultKeys, and
|
||||
// so this override throwing an exception is unfortunately needed.
|
||||
throw new UnsupportedOperationException(); |
||||
} |
||||
|
||||
@Override |
||||
public Iterable<KeyPair> loadKeys(SessionContext session) |
||||
throws IOException, GeneralSecurityException { |
||||
if (!TEST_USER.equals(session.getUsername())) { |
||||
return Collections.emptyList(); |
||||
} |
||||
SshdSocketAddress remoteAddress = SshdSocketAddress |
||||
.toSshdSocketAddress(session.getRemoteAddress()); |
||||
switch (remoteAddress.getHostName()) { |
||||
case "localhost": |
||||
case "127.0.0.1": |
||||
return Collections.singletonList(testUserKey); |
||||
default: |
||||
return Collections.emptyList(); |
||||
} |
||||
} |
||||
} |
||||
|
||||
@After |
||||
public void cleanUp() { |
||||
testServerKey = null; |
||||
testUserKey = null; |
||||
} |
||||
|
||||
@Override |
||||
protected void installConfig(String... config) { |
||||
File configFile = new File(sshDir, Constants.CONFIG); |
||||
if (config != null) { |
||||
try { |
||||
Files.write(configFile.toPath(), Arrays.asList(config)); |
||||
} catch (IOException e) { |
||||
throw new UncheckedIOException(e); |
||||
} |
||||
} |
||||
} |
||||
|
||||
private KeyPair load(Path path) throws Exception { |
||||
try (InputStream in = Files.newInputStream(path)) { |
||||
return SecurityUtils |
||||
.loadKeyPairIdentities(null, |
||||
NamedResource.ofName(path.toString()), in, null) |
||||
.iterator().next(); |
||||
} |
||||
} |
||||
|
||||
@Test |
||||
public void testCloneWithBuiltInKeys() throws Exception { |
||||
// This test should fail unless our in-memory setup is taken: no
|
||||
// known_hosts file, and a config that specifies a non-existing key.
|
||||
File newHostKey = new File(getTemporaryDirectory(), "newhostkey"); |
||||
copyTestResource("id_ed25519", newHostKey); |
||||
server.addHostKey(newHostKey.toPath(), true); |
||||
testServerKey = load(newHostKey.toPath()).getPublic(); |
||||
assertTrue(newHostKey.delete()); |
||||
testUserKey = load(privateKey1.getAbsoluteFile().toPath()); |
||||
assertNotNull(testServerKey); |
||||
assertNotNull(testUserKey); |
||||
cloneWith( |
||||
"ssh://" + TEST_USER + "@localhost:" + testPort |
||||
+ "/doesntmatter", |
||||
new File(getTemporaryDirectory(), "cloned"), null, //
|
||||
"Host localhost", //
|
||||
"IdentityFile " |
||||
+ new File(sshDir, "does_not_exist").getAbsolutePath()); |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,182 @@
|
||||
/* |
||||
* Copyright (C) 2019 Thomas Wolf <thomas.wolf@paranor.ch> |
||||
* and other copyright owners as documented in the project's IP log. |
||||
* |
||||
* This program and the accompanying materials are made available |
||||
* under the terms of the Eclipse Distribution License v1.0 which |
||||
* accompanies this distribution, is reproduced below, and is |
||||
* available at http://www.eclipse.org/org/documents/edl-v10.php
|
||||
* |
||||
* All rights reserved. |
||||
* |
||||
* Redistribution and use in source and binary forms, with or |
||||
* without modification, are permitted provided that the following |
||||
* conditions are met: |
||||
* |
||||
* - Redistributions of source code must retain the above copyright |
||||
* notice, this list of conditions and the following disclaimer. |
||||
* |
||||
* - Redistributions in binary form must reproduce the above |
||||
* copyright notice, this list of conditions and the following |
||||
* disclaimer in the documentation and/or other materials provided |
||||
* with the distribution. |
||||
* |
||||
* - Neither the name of the Eclipse Foundation, Inc. nor the |
||||
* names of its contributors may be used to endorse or promote |
||||
* products derived from this software without specific prior |
||||
* written permission. |
||||
* |
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND |
||||
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, |
||||
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR |
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER |
||||
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
||||
*/ |
||||
package org.eclipse.jgit.internal.transport.sshd; |
||||
|
||||
import java.net.InetSocketAddress; |
||||
import java.net.SocketAddress; |
||||
import java.security.PublicKey; |
||||
import java.util.Collections; |
||||
import java.util.List; |
||||
import java.util.Locale; |
||||
|
||||
import org.apache.sshd.client.config.hosts.HostConfigEntry; |
||||
import org.apache.sshd.client.config.hosts.KnownHostHashValue; |
||||
import org.apache.sshd.client.keyverifier.ServerKeyVerifier; |
||||
import org.apache.sshd.client.session.ClientSession; |
||||
import org.apache.sshd.common.util.net.SshdSocketAddress; |
||||
import org.eclipse.jgit.annotations.NonNull; |
||||
import org.eclipse.jgit.transport.CredentialsProvider; |
||||
import org.eclipse.jgit.transport.SshConstants; |
||||
import org.eclipse.jgit.transport.sshd.ServerKeyDatabase; |
||||
import org.slf4j.Logger; |
||||
import org.slf4j.LoggerFactory; |
||||
|
||||
/** |
||||
* A bridge between the {@link ServerKeyVerifier} from Apache MINA sshd and our |
||||
* {@link ServerKeyDatabase}. |
||||
*/ |
||||
public class JGitServerKeyVerifier |
||||
implements ServerKeyVerifier, ServerKeyLookup { |
||||
|
||||
private static final Logger LOG = LoggerFactory |
||||
.getLogger(JGitServerKeyVerifier.class); |
||||
|
||||
private final @NonNull ServerKeyDatabase database; |
||||
|
||||
/** |
||||
* Creates a new {@link JGitServerKeyVerifier} using the given |
||||
* {@link ServerKeyDatabase}. |
||||
* |
||||
* @param database |
||||
* to use |
||||
*/ |
||||
public JGitServerKeyVerifier(@NonNull ServerKeyDatabase database) { |
||||
this.database = database; |
||||
} |
||||
|
||||
@Override |
||||
public List<PublicKey> lookup(ClientSession session, |
||||
SocketAddress remoteAddress) { |
||||
if (!(session instanceof JGitClientSession)) { |
||||
LOG.warn("Internal error: wrong session kind: " //$NON-NLS-1$
|
||||
+ session.getClass().getName()); |
||||
return Collections.emptyList(); |
||||
} |
||||
if (!(remoteAddress instanceof InetSocketAddress)) { |
||||
return Collections.emptyList(); |
||||
} |
||||
SessionConfig config = new SessionConfig((JGitClientSession) session); |
||||
SshdSocketAddress connectAddress = SshdSocketAddress |
||||
.toSshdSocketAddress(session.getConnectAddress()); |
||||
String connect = KnownHostHashValue.createHostPattern( |
||||
connectAddress.getHostName(), connectAddress.getPort()); |
||||
return database.lookup(connect, (InetSocketAddress) remoteAddress, |
||||
config); |
||||
} |
||||
|
||||
@Override |
||||
public boolean verifyServerKey(ClientSession session, |
||||
SocketAddress remoteAddress, PublicKey serverKey) { |
||||
if (!(session instanceof JGitClientSession)) { |
||||
LOG.warn("Internal error: wrong session kind: " //$NON-NLS-1$
|
||||
+ session.getClass().getName()); |
||||
return false; |
||||
} |
||||
if (!(remoteAddress instanceof InetSocketAddress)) { |
||||
return false; |
||||
} |
||||
SessionConfig config = new SessionConfig((JGitClientSession) session); |
||||
SshdSocketAddress connectAddress = SshdSocketAddress |
||||
.toSshdSocketAddress(session.getConnectAddress()); |
||||
String connect = KnownHostHashValue.createHostPattern( |
||||
connectAddress.getHostName(), connectAddress.getPort()); |
||||
CredentialsProvider provider = ((JGitClientSession) session) |
||||
.getCredentialsProvider(); |
||||
return database.accept(connect, (InetSocketAddress) remoteAddress, |
||||
serverKey, config, provider); |
||||
} |
||||
|
||||
private static class SessionConfig |
||||
implements ServerKeyDatabase.Configuration { |
||||
|
||||
private final JGitClientSession session; |
||||
|
||||
public SessionConfig(JGitClientSession session) { |
||||
this.session = session; |
||||
} |
||||
|
||||
private List<String> get(String key) { |
||||
HostConfigEntry entry = session.getHostConfigEntry(); |
||||
if (entry instanceof JGitHostConfigEntry) { |
||||
// Always true!
|
||||
return ((JGitHostConfigEntry) entry).getMultiValuedOptions() |
||||
.get(key); |
||||
} |
||||
return Collections.emptyList(); |
||||
} |
||||
|
||||
@Override |
||||
public List<String> getUserKnownHostsFiles() { |
||||
return get(SshConstants.USER_KNOWN_HOSTS_FILE); |
||||
} |
||||
|
||||
@Override |
||||
public List<String> getGlobalKnownHostsFiles() { |
||||
return get(SshConstants.GLOBAL_KNOWN_HOSTS_FILE); |
||||
} |
||||
|
||||
@Override |
||||
public StrictHostKeyChecking getStrictHostKeyChecking() { |
||||
HostConfigEntry entry = session.getHostConfigEntry(); |
||||
String value = entry |
||||
.getProperty(SshConstants.STRICT_HOST_KEY_CHECKING, "ask"); //$NON-NLS-1$
|
||||
switch (value.toLowerCase(Locale.ROOT)) { |
||||
case SshConstants.YES: |
||||
case SshConstants.ON: |
||||
return StrictHostKeyChecking.REQUIRE_MATCH; |
||||
case SshConstants.NO: |
||||
case SshConstants.OFF: |
||||
return StrictHostKeyChecking.ACCEPT_ANY; |
||||
case "accept-new": //$NON-NLS-1$
|
||||
return StrictHostKeyChecking.ACCEPT_NEW; |
||||
default: |
||||
return StrictHostKeyChecking.ASK; |
||||
} |
||||
} |
||||
|
||||
@Override |
||||
public String getUsername() { |
||||
return session.getUsername(); |
||||
} |
||||
} |
||||
} |
||||
@ -0,0 +1,169 @@
|
||||
/* |
||||
* Copyright (C) 2019 Thomas Wolf <thomas.wolf@paranor.ch> |
||||
* and other copyright owners as documented in the project's IP log. |
||||
* |
||||
* This program and the accompanying materials are made available |
||||
* under the terms of the Eclipse Distribution License v1.0 which |
||||
* accompanies this distribution, is reproduced below, and is |
||||
* available at http://www.eclipse.org/org/documents/edl-v10.php
|
||||
* |
||||
* All rights reserved. |
||||
* |
||||
* Redistribution and use in source and binary forms, with or |
||||
* without modification, are permitted provided that the following |
||||
* conditions are met: |
||||
* |
||||
* - Redistributions of source code must retain the above copyright |
||||
* notice, this list of conditions and the following disclaimer. |
||||
* |
||||
* - Redistributions in binary form must reproduce the above |
||||
* copyright notice, this list of conditions and the following |
||||
* disclaimer in the documentation and/or other materials provided |
||||
* with the distribution. |
||||
* |
||||
* - Neither the name of the Eclipse Foundation, Inc. nor the |
||||
* names of its contributors may be used to endorse or promote |
||||
* products derived from this software without specific prior |
||||
* written permission. |
||||
* |
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND |
||||
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, |
||||
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR |
||||
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER |
||||
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
||||
*/ |
||||
package org.eclipse.jgit.transport.sshd; |
||||
|
||||
import java.net.InetSocketAddress; |
||||
import java.security.PublicKey; |
||||
import java.util.List; |
||||
|
||||
import org.eclipse.jgit.annotations.NonNull; |
||||
import org.eclipse.jgit.transport.CredentialsProvider; |
||||
|
||||
/** |
||||
* An interface for a database of known server keys, supporting finding all |
||||
* known keys and also deciding whether a server key is to be accepted. |
||||
* <p> |
||||
* Connection addresses are given as strings of the format |
||||
* {@code [hostName]:port} if using a non-standard port (i.e., not port 22), |
||||
* otherwise just {@code hostname}. |
||||
* </p> |
||||
* |
||||
* @since 5.5 |
||||
*/ |
||||
public interface ServerKeyDatabase { |
||||
|
||||
/** |
||||
* Retrieves all known host keys for the given addresses. |
||||
* |
||||
* @param connectAddress |
||||
* IP address the session tried to connect to |
||||
* @param remoteAddress |
||||
* IP address as reported for the remote end point |
||||
* @param config |
||||
* giving access to potentially interesting configuration |
||||
* settings |
||||
* @return the list of known keys for the given addresses |
||||
*/ |
||||
@NonNull |
||||
List<PublicKey> lookup(@NonNull String connectAddress, |
||||
@NonNull InetSocketAddress remoteAddress, |
||||
@NonNull Configuration config); |
||||
|
||||
/** |
||||
* Determines whether to accept a received server host key. |
||||
* |
||||
* @param connectAddress |
||||
* IP address the session tried to connect to |
||||
* @param remoteAddress |
||||
* IP address as reported for the remote end point |
||||
* @param serverKey |
||||
* received from the remote end |
||||
* @param config |
||||
* giving access to potentially interesting configuration |
||||
* settings |
||||
* @param provider |
||||
* for interacting with the user, if required; may be |
||||
* {@code null} |
||||
* @return {@code true} if the serverKey is accepted, {@code false} |
||||
* otherwise |
||||
*/ |
||||
boolean accept(@NonNull String connectAddress, |
||||
@NonNull InetSocketAddress remoteAddress, |
||||
@NonNull PublicKey serverKey, |
||||
@NonNull Configuration config, CredentialsProvider provider); |
||||
|
||||
/** |
||||
* A simple provider for ssh config settings related to host key checking. |
||||
* An instance is created by the JGit sshd framework and passed into |
||||
* {@link ServerKeyDatabase#lookup(String, InetSocketAddress, Configuration)} |
||||
* and |
||||
* {@link ServerKeyDatabase#accept(String, InetSocketAddress, PublicKey, Configuration, CredentialsProvider)}. |
||||
*/ |
||||
interface Configuration { |
||||
|
||||
/** |
||||
* Retrieves the list of file names from the "UserKnownHostsFile" ssh |
||||
* config. |
||||
* |
||||
* @return the list as configured, with ~ already replaced |
||||
*/ |
||||
List<String> getUserKnownHostsFiles(); |
||||
|
||||
/** |
||||
* Retrieves the list of file names from the "GlobalKnownHostsFile" ssh |
||||
* config. |
||||
* |
||||
* @return the list as configured, with ~ already replaced |
||||
*/ |
||||
List<String> getGlobalKnownHostsFiles(); |
||||
|
||||
/** |
||||
* The possible values for the "StrictHostKeyChecking" ssh config. |
||||
*/ |
||||
enum StrictHostKeyChecking { |
||||
/** |
||||
* "ask"; default: ask the user whether to accept (and store) a new |
||||
* or mismatched key. |
||||
*/ |
||||
ASK, |
||||
/** |
||||
* "yes", "on": never accept new or mismatched keys. |
||||
*/ |
||||
REQUIRE_MATCH, |
||||
/** |
||||
* "no", "off": always accept new or mismatched keys. |
||||
*/ |
||||
ACCEPT_ANY, |
||||
/** |
||||
* "accept-new": accept new keys, but never accept modified keys. |
||||
*/ |
||||
ACCEPT_NEW |
||||
} |
||||
|
||||
/** |
||||
* Obtains the value of the "StrictHostKeyChecking" ssh config. |
||||
* |
||||
* @return the {@link StrictHostKeyChecking} |
||||
*/ |
||||
@NonNull |
||||
StrictHostKeyChecking getStrictHostKeyChecking(); |
||||
|
||||
/** |
||||
* Obtains the user name used in the connection attempt. |
||||
* |
||||
* @return the user name |
||||
*/ |
||||
@NonNull |
||||
String getUsername(); |
||||
} |
||||
} |
||||
Loading…
Reference in new issue