(username, password, session)
-> sshProxyServerConfiguration.getAuthenticator().authenticated(username, password));
+ sshProxyServerConfiguration.getPublickeyAuthenticator().ifPresent(sshServer::setPublickeyAuthenticator);
+
sshServer.setKeyPairProvider(sshProxyServerConfiguration.getKeyPairProvider());
sshServer.setIoServiceFactoryFactory(nioServiceWithPoolFactoryFactory);
import com.google.common.base.Preconditions;
import io.netty.channel.local.LocalAddress;
import java.net.InetSocketAddress;
+import java.util.Optional;
import org.apache.sshd.common.KeyPairProvider;
+import org.apache.sshd.server.PublickeyAuthenticator;
import org.opendaylight.netconf.auth.AuthProvider;
public final class SshProxyServerConfiguration {
private final AuthProvider authenticator;
private final KeyPairProvider keyPairProvider;
private final int idleTimeout;
+ private final Optional<PublickeyAuthenticator> publickeyAuthenticator;
SshProxyServerConfiguration(final InetSocketAddress bindingAddress, final LocalAddress localAddress,
final AuthProvider authenticator, final KeyPairProvider keyPairProvider, final int idleTimeout) {
+ this(bindingAddress, localAddress, authenticator, null, keyPairProvider, idleTimeout);
+ }
+
+ SshProxyServerConfiguration(final InetSocketAddress bindingAddress, final LocalAddress localAddress,
+ final AuthProvider authenticator, final PublickeyAuthenticator publickeyAuthenticator,
+ final KeyPairProvider keyPairProvider, final int idleTimeout) {
this.bindingAddress = Preconditions.checkNotNull(bindingAddress);
this.localAddress = Preconditions.checkNotNull(localAddress);
this.authenticator = Preconditions.checkNotNull(authenticator);
// Idle timeout cannot be disabled in the sshd by using =< 0 value
Preconditions.checkArgument(idleTimeout > 0, "Idle timeout has to be > 0");
this.idleTimeout = idleTimeout;
+ this.publickeyAuthenticator = Optional.ofNullable(publickeyAuthenticator);
}
public InetSocketAddress getBindingAddress() {
return idleTimeout;
}
-
+ public Optional<PublickeyAuthenticator> getPublickeyAuthenticator() {
+ return publickeyAuthenticator;
+ }
}
import io.netty.channel.local.LocalAddress;
import java.net.InetSocketAddress;
import org.apache.sshd.common.KeyPairProvider;
+import org.apache.sshd.server.PublickeyAuthenticator;
import org.opendaylight.netconf.auth.AuthProvider;
public final class SshProxyServerConfigurationBuilder {
private AuthProvider authenticator;
private KeyPairProvider keyPairProvider;
private int idleTimeout;
+ private PublickeyAuthenticator publicKeyAuthenticator = null;
public SshProxyServerConfigurationBuilder setBindingAddress(final InetSocketAddress bindingAddress) {
this.bindingAddress = bindingAddress;
return this;
}
+ public SshProxyServerConfigurationBuilder setPublickeyAuthenticator(final PublickeyAuthenticator authenticator) {
+ this.publicKeyAuthenticator = authenticator;
+ return this;
+ }
+
public SshProxyServerConfigurationBuilder setKeyPairProvider(final KeyPairProvider keyPairProvider) {
this.keyPairProvider = keyPairProvider;
return this;
}
public SshProxyServerConfiguration createSshProxyServerConfiguration() {
- return new SshProxyServerConfiguration(bindingAddress, localAddress, authenticator,
+ return new SshProxyServerConfiguration(bindingAddress, localAddress, authenticator, publicKeyAuthenticator,
keyPairProvider, idleTimeout);
}
private final NetconfKeystoreAdapter keystoreAdapter;
private final AAAEncryptionService encryptionService;
- private Optional<KeyPair> keyPair;
+ private Optional<KeyPair> keyPair = Optional.empty();
public DatastoreBackedPublicKeyAuth(final String username, final String pairId,
final NetconfKeystoreAdapter keystoreAdapter,
.setBindingAddress(bindingAddress)
.setLocalAddress(tcpLocalAddress)
.setAuthenticator((username, password) -> true)
+ .setPublickeyAuthenticator(((username, key, session) -> {
+ LOG.info("Auth with public key: {}", key);
+ return true;
+ }))
.setKeyPairProvider(keyPairProvider)
.setIdleTimeout(Integer.MAX_VALUE)
.createSshProxyServerConfiguration();