import com.google.common.collect.Lists;
import io.netty.channel.EventLoopGroup;
-import io.netty.channel.local.LocalAddress;
import java.io.IOException;
-import java.net.InetSocketAddress;
import java.nio.channels.AsynchronousChannelGroup;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import org.apache.sshd.SshServer;
+import org.apache.sshd.common.Cipher;
import org.apache.sshd.common.FactoryManager;
-import org.apache.sshd.common.KeyPairProvider;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.RuntimeSshException;
+import org.apache.sshd.common.cipher.ARCFOUR128;
+import org.apache.sshd.common.cipher.ARCFOUR256;
import org.apache.sshd.common.io.IoAcceptor;
import org.apache.sshd.common.io.IoConnector;
import org.apache.sshd.common.io.IoHandler;
import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
import org.apache.sshd.common.util.CloseableUtils;
import org.apache.sshd.server.Command;
-import org.apache.sshd.server.PasswordAuthenticator;
+import org.apache.sshd.server.ServerFactoryManager;
/**
* Proxy SSH server that just delegates decrypted content to a delegate server within same VM.
*/
public class SshProxyServer implements AutoCloseable {
+ private static final ARCFOUR128.Factory DEFAULT_ARCFOUR128_FACTORY = new ARCFOUR128.Factory();
+ private static final ARCFOUR256.Factory DEFAULT_ARCFOUR256_FACTORY = new ARCFOUR256.Factory();
private final SshServer sshServer;
private final ScheduledExecutorService minaTimerExecutor;
private final EventLoopGroup clientGroup;
this.sshServer = SshServer.setUpDefaultServer();
}
- public void bind(final InetSocketAddress bindingAddress, final LocalAddress localAddress, final PasswordAuthenticator authenticator, final KeyPairProvider keyPairProvider) throws IOException {
- sshServer.setHost(bindingAddress.getHostString());
- sshServer.setPort(bindingAddress.getPort());
-
- sshServer.setPasswordAuthenticator(authenticator);
- sshServer.setKeyPairProvider(keyPairProvider);
+ public void bind(final SshProxyServerConfiguration sshProxyServerConfiguration) throws IOException {
+ sshServer.setHost(sshProxyServerConfiguration.getBindingAddress().getHostString());
+ sshServer.setPort(sshProxyServerConfiguration.getBindingAddress().getPort());
+
+ //remove rc4 ciphers
+ final List<NamedFactory<Cipher>> cipherFactories = sshServer.getCipherFactories();
+ for (Iterator<NamedFactory<Cipher>> i = cipherFactories.iterator(); i.hasNext(); ) {
+ final NamedFactory<Cipher> factory = i.next();
+ if (factory.getName().contains(DEFAULT_ARCFOUR128_FACTORY.getName())
+ || factory.getName().contains(DEFAULT_ARCFOUR256_FACTORY.getName())) {
+ i.remove();
+ }
+ }
+ sshServer.setPasswordAuthenticator(sshProxyServerConfiguration.getAuthenticator());
+ sshServer.setKeyPairProvider(sshProxyServerConfiguration.getKeyPairProvider());
sshServer.setIoServiceFactoryFactory(nioServiceWithPoolFactoryFactory);
sshServer.setScheduledExecutorService(minaTimerExecutor);
+ sshServer.setProperties(getProperties(sshProxyServerConfiguration));
final RemoteNetconfCommand.NetconfCommandFactory netconfCommandFactory =
- new RemoteNetconfCommand.NetconfCommandFactory(clientGroup, localAddress);
+ new RemoteNetconfCommand.NetconfCommandFactory(clientGroup, sshProxyServerConfiguration.getLocalAddress());
sshServer.setSubsystemFactories(Lists.<NamedFactory<Command>>newArrayList(netconfCommandFactory));
sshServer.start();
}
+ private static Map<String, String> getProperties(final SshProxyServerConfiguration sshProxyServerConfiguration) {
+ return new HashMap<String, String>()
+ {
+ {
+ put(ServerFactoryManager.IDLE_TIMEOUT, String.valueOf(sshProxyServerConfiguration.getIdleTimeout()));
+ // TODO make auth timeout configurable on its own
+ put(ServerFactoryManager.AUTH_TIMEOUT, String.valueOf(sshProxyServerConfiguration.getIdleTimeout()));
+ }
+ };
+ }
+
@Override
public void close() {
try {