tomaswolf commented on code in PR #237: URL: https://github.com/apache/mina-sshd/pull/237#discussion_r938746368
########## sshd-common/src/main/java/org/apache/sshd/common/config/PreferredAuthConfigEntry.java: ########## @@ -0,0 +1,92 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.config; + +import java.util.Objects; + +import org.apache.sshd.common.util.ValidateUtils; + +/** + * @author <a href="mailto:[email protected]";>Apache MINA SSHD Project</a> + */ +public final class PreferredAuthConfigEntry { + private final String configKeyName; + private final String authFactoryName; + private final boolean enabledByDefault; + private final int hashValue; + private final String strValue; + + public PreferredAuthConfigEntry( + String configKeyName, String authFactoryName, boolean enabledByDefault) { + this.configKeyName = ValidateUtils.checkNotNullAndNotEmpty(configKeyName, "No configuration key name provided"); + this.authFactoryName + = ValidateUtils.checkNotNullAndNotEmpty(authFactoryName, "No authentication factory name provided"); + this.enabledByDefault = enabledByDefault; + this.hashValue = Objects.hash(configKeyName, authFactoryName, enabledByDefault); + this.strValue Review Comment: Does it really make sense to pre-compute this toString() value? Normally I would expect toString() to be called only for debugging output. ########## docs/cli.md: ########## @@ -23,6 +23,60 @@ In general, the CLI clients accept most of their Linux counterpart arguments. Fu argument in order to provide **internal** SSHD code configurations (in addition to the ones specified as system properties via `-Dprop=value` JVM option. +### Non-standard options support/behavior + +Some of the `-o Option=Value` options have extra or special meaning - or are new altogether. + +#### `ShellFactory` + +One can use it specify a non-default shell factory - including disabling it altogether - or *add* the SCP shell to an existing one: + +``` +# Disable shell entirely +-o ShellFactory=none + +# Add the SCP shell to the default factory +-o ShellFactory=+scp + +# Use ONLY the SCP shell +-o ShellFactory=scp + +# Use a custom factory +-o ShellFactory=com.demo.MyShellFactory + +# Add the SCP shell to a custom factory +-o ShellFactory=scp+com.demo.MyShellFactory +``` + +#### `Subsystem` + +Can be used to specify built-in or custom subsystems to use in the server - or disable them altogether: + +``` +# Disable all subsystems +-o Subsystem=none + +# Use the built-in SFTP subsystem +-o Subsystem=sftp + +# Use one or more custom subsystems +-o Subsystem=Sub1,Sub2,Sub3 +``` + +**Note:** Subsystems are automatically detected via `ServiceLoader#load(SubsystemFactory.class)` call - the option value simply states which ones to use - according to their *logical* name. + +#### `PreferredAuthentications` + +The preferred user authentications factory names and their **order**: + +``` +# Allow only public key authentication +-o PreferredAuthentications=publickey + +# Prefer keyboard-interactive BEFORE publickey +-o PreferredAuthentications=keyboard-interactive,publickey +``` Review Comment: This doesn't appear to be a non-standard option. Normal OpenSSH allows overriding any config setting via "-o" on the command-line, and `PreferredAuthentications` is a standard SSH config key. ########## sshd-common/src/main/java/org/apache/sshd/common/config/ConfigFileReaderSupport.java: ########## @@ -64,7 +68,26 @@ public final class ConfigFileReaderSupport { public static final String DEFAULT_KBD_INTERACTIVE_AUTH = "yes"; public static final boolean DEFAULT_KBD_INTERACTIVE_AUTH_VALUE = parseBooleanValue(DEFAULT_KBD_INTERACTIVE_AUTH); + public static final String HOSTBASED_AUTH_CONFIG_PROTP = "HostbasedAuthentication"; + public static final String DEFAULT_HOSTBASED_AUTH = "no"; + public static final boolean DEFAULT_HOSTBASED_AUTH_VALUE = parseBooleanValue(DEFAULT_HOSTBASED_AUTH); + public static final String PREFERRED_AUTHS_CONFIG_PROP = "PreferredAuthentications"; + // NOTE: entries are ordered in the same order as the default setting for the client + public static final List<PreferredAuthConfigEntry> PREFERRED_AUTHS_CONFIG_ENTRIES = Collections Review Comment: Perhaps I'm missing something (can only review this in the Github Web UI right now), but I don't see any use of this list. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
