[ANNOUNCE] Apache MINA SSHD 2.12.0 released

[Guillaume Nodet]

The Apache Mina PMC is proud to announce the release of Mina SSHD 2.12.0.

This new minor release provides a bunch of bug enhancements and bug
fixes, see the details at:
  https://github.com/apache/mina-sshd/releases/tag/sshd-2.12.0

The release is available for download at
  https://mina.apache.org/sshd-project/download_2.12.0.html

# Introduced in 2.12.0

## Bug Fixes

 * GH-428/GH-392 SCP client fails silently when error signalled due to
missing file or
   lacking permissions
 * GH-434 Ignore unknown key types from agent or in OpenSSH host keys extension

## New Features

 * GH-429 Support GIT protocol-v2
 * GH-445 OpenSSH "strict key exchange" protocol extension (CVE-2023-48795
   mitigation)

# Behavioral changes and enhancements

## New ScpTransferEventListener callback method

Following GH-428/GH-392 a new handleReceiveCommandAckInfo method has
been added to enable users to inspect acknowledgements of a receive related
command. The user is free to inspect the command that was attempted as well
as the response code and decide how to handle it - including even throwing an
exception if OK status (if this makes sense for whatever reason). The default
implementation checks for ERROR code and throws an exception if so.

## OpenSSH protocol extension: strict key exchange

GH-445 implements an extension to the SSH protocol introduced in OpenSSH
9.6. This "strict key exchange" extension hardens the SSH key exchange against
the "Terrapin attack" (CVE-2023-48795). The extension is active if both parties
announce their support for it at the start of the initial key
exchange. If only one
party announces support, it is not activated to ensure compatibility with SSH
implementations that do not implement it. Apache MINA sshd clients and servers
always announce their support for strict key exchange.

On behalf of the Maven Mina PMC team,
Guillaume Nodet

-
To unsubscribe, e-mail: users-unsubscr...@mina.apache.org
For additional commands, e-mail: users-h...@mina.apache.org

Re: Implementing a 'filesystem' module in MINA to bridge with an Apache commons-net FTPClient

[Guillaume Nodet]

Maybe I misunderstand something, but Mina SSHD *provides* a
FileSystemFactory that completely supports SFTP.
Why would you want to re-implement it ?
See
https://github.com/apache/mina-sshd/blob/master/docs/sftp.md#using-sftpfilesystemprovider-to-create-an-sftpfilesystem

Guillaume

Le jeu. 7 déc. 2023 à 21:00, Soderberg, Will <
will.soderb...@gehealthcare.com> a écrit :

> Hello,
>
> Haven't had much luck finding answers on stackoverflow etc so trying here.
>
> I'm working on a project which uses both Apache MINA and Apache
> commons-net FTPClient to create a protocol adapter that provides an SFTP
> wrapper to access FTP servers (which cannot be upgraded to SFTP for complex
> reasons).
>
> I've been able to get authentication and file transfer working by
> hardcoding the paths, but what I'm struggling with is file+folder listing.
> FTPClient has a very simple API for this, but MINA seems to require an
> extremely sophisticated implementation of java.nio.file.FileSystem,
> FileSystemFactory, Path, etc to make this work.  I was hoping that
> implementing SftpFileSystemAccessor.openDirectory would be enough, but when
> setting breakpoints I'm not seeing that method be called in the way I would
> expect for it to be the solution.
>
> Am I overthinking this?  Which approach is correct for what I'm looking to
> do?  I can't provide a very complete implementation of FileSystem due to
> the limitations of FTP, but it seems like MINA only really uses a few
> methods from it anyway.
>
>
> Thank you
> Will
>


-- 

Guillaume Nodet

[ANNOUNCE] Apache MINA SSHD 2.11.0 released

[Guillaume Nodet]

 evicted from the
pool.

Properties to configure these pool parameters have been added to
`SftpModuleProperties`.

On behalf of the Apache MINA project,
Guillaume Nodet

[ANNOUNCE] Apache MINA SSHD 2.9.3 released

[Guillaume Nodet]

The Apache Mina PMC is proud to announce the release of Mina SSHD 2.9.3.

This is a bug fix release, see the details at:
  https://github.com/apache/mina-sshd/releases/tag/sshd-2.9.3

The release is available for download at
  https://mina.apache.org/sshd-project/download_2.9.3.html

Changelog:
 * CVE-2023-35887 / SSHD-1324 Rooted file system can leak informations
 * Fix reproducible builds issue
 * Support building with Maven 3.9.x

On behalf of the Apache MINA project,
Guillaume Nodet

CVE-2023-35887: Apache MINA SSHD: Information disclosure bugs with RootedFilesystem

[Guillaume Nodet]

Affected versions:

- Apache MINA SSHD 1.0 before 2.10

Description:

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in 
Apache Software Foundation Apache MINA.

In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, 
logged users may be able to discover "exists/does not exist" information about 
items outside the rooted tree via paths including parent navigation ("..") 
beyond the root, or involving symlinks.

This issue affects Apache MINA: from 1.0 before 2.10.

Thanks to Andrew Pikler for discovering the issue and helping to fix it.

This issue is being tracked as SSHD-1324 

References:

https://mina.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-35887
https://issues.apache.org/jira/browse/SSHD-1324


-
To unsubscribe, e-mail: users-unsubscr...@mina.apache.org
For additional commands, e-mail: users-h...@mina.apache.org

Re: symbolicy links errors

[Guillaume Nodet]

Please raise a JIRA issue.  This seems to have been overlooked.

Le jeu. 2 mars 2023 à 11:26, Simon IJskes - QCG  a écrit :

> Hi,
>
> i'm using the SftpFileSystemProvider to implement a simple rsync.
>
> When i use Files.delete( Path ) on a symbolic link there are some
> problems i havent managed to fix.
>
> When the symlink points to a non-existant file, i get an exception while
> reading its attributes.
>
> When the symlink points to a directory, i get an exception in the order
> of file not found.
>
> I've done some tracing and debugging, and it looks like the client does
> follow the symlink, this should not be the case,
>
> From: Package java.nio.file, Symbolic Links
>
> "For the most part, symbolic links are transparent to applications and
> operations on symbolic links are automatically redirected to the target
> of the link. Exceptions to this are when a symbolic link is deleted or
> renamed/moved in which case the link is deleted or removed rather than
> the target of the link."
>
> Is this a known bug or design choice, or does this merit a more complete
> bugreport?
>
> Gr. Simon
>
> -
> To unsubscribe, e-mail: users-unsubscr...@mina.apache.org
> For additional commands, e-mail: users-h...@mina.apache.org
>
>

-- 

Guillaume Nodet

CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server

[Guillaume Nodet]

Description:

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow 
the server causing an OutOfMemory error.  This issue affects the SFTP and port 
forwarding features of Apache Mina SSHD version 2.0.0 and later versions.  It 
was addressed in Apache Mina SSHD 2.7.0

This issue is being tracked as SSHD-1125


-
To unsubscribe, e-mail: users-unsubscr...@mina.apache.org
For additional commands, e-mail: users-h...@mina.apache.org

Re: [ANNOUNCE] Apache SSHD 2.7.0 released

[Guillaume Nodet]

Mina SSHD supports SSH2 and there's no plan to support SSH1.

Cheers
Guillaume Nodet

P.S.: Please do not cross-post to several lists...

Le lun. 31 mai 2021 à 11:32, Vishnu Priya  a
écrit :

> Does this support SSH version 1 and version 2 both?
>
> Regards,
> Vishnupriya
>
> On Mon, 31 May 2021 at 2:52 PM, Guillaume Nodet  wrote:
>
> > The Apache Mina team is pleased to announce the release of SSHD 2.7.0
> > version.
> >
> > Apache SSHD is a 100% pure java library to support the SSH protocols on
> > both the client and server side. This library can leverage NIO2, Apache
> > MINA and
> > also Netty - scalable and high performance asynchronous IO libraries.
> SSHD
> > does not really aim at being a replacement for the SSH client or SSH
> server
> > from Unix operating systems, but rather provides support for Java based
> > applications requiring SSH support.
> >
> > The major issues addressed in this release are:
> >
> > ** Bug
> > * [SSHD-] - wrong command line interpretation
> > * [SSHD-1123] - ChannelAsyncOutputStream breaks downloads of sftp
> > client by not chunking when the remote window is smaller than the packet
> > size
> > * [SSHD-1125] - Provide a boundary on BufferedIoOutputStream writing
> to
> > avoid memory overflow
> > * [SSHD-1136] - Diffie Hellmann group exchange falls back to insecure
> > DHG1 if agreement on modulo size is not possible
> > * [SSHD-1137] - IOException for unsupported NOFOLLOW_LINKS on AIX
> when
> > accessing with OpenSSH SFTP client
> > * [SSHD-1146] - Missing Import-Package header in sshd-osgi-2.6.0
> > * [SSHD-1154] - userauth_pubkey: unsupported public key algorithm:
> > rsa-sha2-512
> > * [SSHD-1158] - Channel closed by peer: extra SSH_MSG_CHANNEL_EOF
> sent
> >
> >
> > ** New Feature
> > * [SSHD-1097] - Provide an 'endlessh' tarpit capability
> >
> >
> > ** Improvement
> > * [SSHD-525] - Add support for "posix-ren...@openssh.com" SFTP
> > extension
> > * [SSHD-1083] - The nio2 connector/acceptor implementation should not
> > be tied to the FactoryManager
> > * [SSHD-1105] - Use all possible signatures for a public key type in
> > public key authentication
> > * [SSHD-1109] - Replace log4j with logback as the slf4j logger
> > implementation for tests
> > * [SSHD-1114] - Add client-side detailed authentication progress
> > callbacks
> > * [SSHD-1116] - Provide session context to the various XXXProvider(s)
> > * [SSHD-1132] - Add support for SFTP "filename-charset" extension
> > * [SSHD-1133] - Provide non-UTF8 charset encoding capability to SCP
> > implementation
> > * [SSHD-1141] - Implement server-sig-algs
> > * [SSHD-1145] - EdDSASecurityProviderRegistrar#isSupported() should
> > check more classloaders
> >
> >
> > ** Wish
> > * [SSHD-1147] - SftpClient is not able to download file from
> > proprietory SFTP servers (IBM) with a one time download policy
> >
> > The distributions are available from the Apache Software Foundation
> > distribution mirrors http://mina.apache.org/sshd-project/downloads.html
> > and
> > from maven central.
> >
> > On behalf of the Apache Mina team,
> > Guillaume Nodet
> >
> --
> Regards, Vishnupriya R Engineer Hewlett Packard Enterprise
>


-- 

Guillaume Nodet

[ANNOUNCE] Apache SSHD 2.7.0 released

[Guillaume Nodet]

The Apache Mina team is pleased to announce the release of SSHD 2.7.0
version.

Apache SSHD is a 100% pure java library to support the SSH protocols on
both the client and server side. This library can leverage NIO2, Apache
MINA and
also Netty - scalable and high performance asynchronous IO libraries. SSHD
does not really aim at being a replacement for the SSH client or SSH server
from Unix operating systems, but rather provides support for Java based
applications requiring SSH support.

The major issues addressed in this release are:

** Bug
* [SSHD-] - wrong command line interpretation
* [SSHD-1123] - ChannelAsyncOutputStream breaks downloads of sftp
client by not chunking when the remote window is smaller than the packet
size
* [SSHD-1125] - Provide a boundary on BufferedIoOutputStream writing to
avoid memory overflow
* [SSHD-1136] - Diffie Hellmann group exchange falls back to insecure
DHG1 if agreement on modulo size is not possible
* [SSHD-1137] - IOException for unsupported NOFOLLOW_LINKS on AIX when
accessing with OpenSSH SFTP client
* [SSHD-1146] - Missing Import-Package header in sshd-osgi-2.6.0
* [SSHD-1154] - userauth_pubkey: unsupported public key algorithm:
rsa-sha2-512
* [SSHD-1158] - Channel closed by peer: extra SSH_MSG_CHANNEL_EOF sent


** New Feature
* [SSHD-1097] - Provide an 'endlessh' tarpit capability


** Improvement
* [SSHD-525] - Add support for "posix-ren...@openssh.com" SFTP extension
* [SSHD-1083] - The nio2 connector/acceptor implementation should not
be tied to the FactoryManager
* [SSHD-1105] - Use all possible signatures for a public key type in
public key authentication
* [SSHD-1109] - Replace log4j with logback as the slf4j logger
implementation for tests
* [SSHD-1114] - Add client-side detailed authentication progress
callbacks
* [SSHD-1116] - Provide session context to the various XXXProvider(s)
* [SSHD-1132] - Add support for SFTP "filename-charset" extension
* [SSHD-1133] - Provide non-UTF8 charset encoding capability to SCP
implementation
* [SSHD-1141] - Implement server-sig-algs
* [SSHD-1145] - EdDSASecurityProviderRegistrar#isSupported() should
check more classloaders


** Wish
* [SSHD-1147] - SftpClient is not able to download file from
proprietory SFTP servers (IBM) with a one time download policy

The distributions are available from the Apache Software Foundation
distribution mirrors http://mina.apache.org/sshd-project/downloads.html and
from maven central.

On behalf of the Apache Mina team,
Guillaume Nodet

Re: DirectoryScanner and have connection with sftpclient still I am getting base dir doesn’t exist error.

[Guillaume Nodet]

First, please don't cross-post to dev@ and @users.
Then, if you are looking for some help, provide some more information about
what you're doing exactly and the exact errors you get.  Just saying it
does not work without even explaining in detail what you're doing is just
useless.
And last, if you're not familiar with the NIO api, first do what you need
to do on the local file system, once it works, try with the SFTP file
system.  And only in such case, send an email with details.  We're not here
to provide support on the JDK API, there are tons of information that you
can find using any search engine.

Le mar. 22 sept. 2020 à 14:29, Leshika Sahu 6A  a
écrit :

> Hello Team,
>
> I am DirectoryScanner and have connection with sftpclient still I am
> getting base dir doesn’t exist error.
> And not able to get dir list from remote server.
>  Can you please let  me know how can I get dir list using DirectoryScanner
> with Sftpclient.
> --
> Thanks & Regards,
> Netram Sahu
> +91 9653330834
>


-- 

Guillaume Nodet

Re: Reminde: How to use ls command with SftpClient Apache library

[Guillaume Nodet]

Have you used the Java NIO glob api as indicated in this example
https://javapapers.com/java/glob-with-java-nio/ ?

Le mar. 22 sept. 2020 à 00:12, Leshika Sahu 6A  a
écrit :

> Hello GUillaume,
>
> This didn’t work for path
>
> home/ns75140/log*
> home/ns75140/log?
>
>
> On Mon, Sep 21, 2020 at 11:44 AM Guillaume Nodet 
> wrote:
>
>> You'll find an example of using the Sftp Client API in the following test:
>>
>>
>> https://github.com/apache/mina-sshd/blob/master/sshd-sftp/src/test/java/org/apache/sshd/sftp/client/SftpTransferTest.java
>>
>> Le lun. 21 sept. 2020 à 03:22, Leshika Sahu 6A  a
>> écrit :
>>
>>> Hello Team,
>>>
>>> I am passing this url from application and based on this url I want to
>>> get all file from this path.
>>>
>>> dir/dir1*/
>>> dir/dir1?
>>>
>>> So Can you please give me example ASAP.
>>>
>>>
>>> On Sun, Sep 20, 2020 at 8:02 AM Leshika Sahu 6A 
>>> wrote:
>>>
>>>> Hello Guillaume,
>>>> Thanks for your response.
>>>>
>>>> I am using remote server.
>>>>
>>>> So please let me know how can I use ls command to fetch file using
>>>> sftpclinet.
>>>>
>>>> Please give me some example ASAP
>>>>
>>>>
>>>> On Sat, Sep 19, 2020 at 8:17 PM Leshika Sahu 6A 
>>>> wrote:
>>>>
>>>>> I am passing this url from application and based on these url want to
>>>>> Remove Text.txt file.
>>>>>
>>>>> dir/dir1*/Test.txt,
>>>>> dir/dir1?/Test.txt
>>>>>
>>>>> How can I do it with Sftpfilesyatem,
>>>>>
>>>>> Can you please give me example.
>>>>>
>>>>>
>>>>> On Sat, Sep 19, 2020 at 3:24 PM Guillaume Nodet 
>>>>> wrote:
>>>>>
>>>>>> You can use the Sftp FileSystem so you can use the standard Path api
>>>>>> from the JDK.
>>>>>>
>>>>>> Le sam. 19 sept. 2020 à 08:58, Leshika Sahu 6A 
>>>>>> a écrit :
>>>>>>
>>>>>>> I didn’t get answer for this issue
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Hello Team,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I want to use Apache library for ls Unix command.
>>>>>>>
>>>>>>>
>>>>>>> Means same list I want to get using Apache library.
>>>>>>>
>>>>>>>
>>>>>>> So can lease advice.
>>>>>>>
>>>>>>>
>>>>>>> How to use ls command with SftpClient Apache library.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I want to use Apache library
>>>>>>>
>>>>>>>
>>>>>>> For matching pattern below:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> dir/dir1*/Test.txt
>>>>>>>
>>>>>>>
>>>>>>> dir/dir1?/Test.txt
>>>>>>>
>>>>>>>
>>>>>>> dir/*
>>>>>>>
>>>>>>>
>>>>>>> *
>>>>>>>
>>>>>>>
>>>>>>> *.*
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Sep 18, 2020 at 3:14 PM Leshika Sahu 6A <
>>>>>>> netram.s...@gmail.com>
>>>>>>>
>>>>>>>
>>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> > Hello Team,
>>>>>>>
>>>>>>>
>>>>>>> >
>>>>>>>
>>>>>>>
>>>>>>> > I want to use Apache library for ls Unix command.
>>>>>>>
>>>>>>>
>>>>>>> > Means same list I want to get using Apache library.
>>>>>>>
>>>>>>>
>>>>>>> > So can lease advice.
>>>>>>>
>>>>>>>
>>>>>>> > How to use ls command with SftpClient Apache library.
>>>>>>>
>>>>>>>
>>>>>>> >
>>>>>>>
>>>>>>>
>>>>>>> >
>>>>>>>
>>>>>>>
>>>>>>> > I want to use Apache library
>>>>>>>
>>>>>>>
>>>>>>> > For matching pattern below:
>>>>>>>
>>>>>>>
>>>>>>> >
>>>>>>>
>>>>>>>
>>>>>>> > dir/dir1*/Test.txt
>>>>>>>
>>>>>>>
>>>>>>> > dir/dir1?/Test.txt
>>>>>>>
>>>>>>>
>>>>>>> > dir/*
>>>>>>>
>>>>>>>
>>>>>>> > *
>>>>>>>
>>>>>>>
>>>>>>> > *.*
>>>>>>>
>>>>>>>
>>>>>>> >
>>>>>>>
>>>>>>>
>>>>>>> > Regards
>>>>>>>
>>>>>>>
>>>>>>> > Netram Sahu
>>>>>>>
>>>>>>>
>>>>>>> >
>>>>>>>
>>>>>>>
>>>>>>> > --
>>>>>>>
>>>>>>>
>>>>>>> > Thanks & Regards,
>>>>>>>
>>>>>>>
>>>>>>> > Netram Sahu
>>>>>>>
>>>>>>>
>>>>>>> > +91 9653330834
>>>>>>>
>>>>>>>
>>>>>>> >
>>>>>>>
>>>>>>>
>>>>>>> >
>>>>>>>
>>>>>>>
>>>>>>> >
>>>>>>>
>>>>>>>
>>>>>>> >
>>>>>>>
>>>>>>>
>>>>>>> >
>>>>>>>
>>>>>>>
>>>>>>> > --
>>>>>>>
>>>>>>>
>>>>>>> Thanks & Regards,
>>>>>>>
>>>>>>>
>>>>>>> Netram Sahu
>>>>>>>
>>>>>>>
>>>>>>> +91 9653330834
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>> Thanks & Regards,
>>>>> Netram Sahu
>>>>> +91 9653330834
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>> Thanks & Regards,
>>>> Netram Sahu
>>>> +91 9653330834
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>> Thanks & Regards,
>>> Netram Sahu
>>> +91 9653330834
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> --
>> 
>> Guillaume Nodet
>>
>>
>>
>> --
> Thanks & Regards,
> Netram Sahu
> +91 9653330834
>
>
>
>


-- 

Guillaume Nodet

Re: Reminde: How to use ls command with SftpClient Apache library

[Guillaume Nodet]

You'll find an example of using the Sftp Client API in the following test:

https://github.com/apache/mina-sshd/blob/master/sshd-sftp/src/test/java/org/apache/sshd/sftp/client/SftpTransferTest.java

Le lun. 21 sept. 2020 à 03:22, Leshika Sahu 6A  a
écrit :

> Hello Team,
>
> I am passing this url from application and based on this url I want to get
> all file from this path.
>
> dir/dir1*/
> dir/dir1?
>
> So Can you please give me example ASAP.
>
>
> On Sun, Sep 20, 2020 at 8:02 AM Leshika Sahu 6A 
> wrote:
>
>> Hello Guillaume,
>> Thanks for your response.
>>
>> I am using remote server.
>>
>> So please let me know how can I use ls command to fetch file using
>> sftpclinet.
>>
>> Please give me some example ASAP
>>
>>
>> On Sat, Sep 19, 2020 at 8:17 PM Leshika Sahu 6A 
>> wrote:
>>
>>> I am passing this url from application and based on these url want to
>>> Remove Text.txt file.
>>>
>>> dir/dir1*/Test.txt,
>>> dir/dir1?/Test.txt
>>>
>>> How can I do it with Sftpfilesyatem,
>>>
>>> Can you please give me example.
>>>
>>>
>>> On Sat, Sep 19, 2020 at 3:24 PM Guillaume Nodet 
>>> wrote:
>>>
>>>> You can use the Sftp FileSystem so you can use the standard Path api
>>>> from the JDK.
>>>>
>>>> Le sam. 19 sept. 2020 à 08:58, Leshika Sahu 6A 
>>>> a écrit :
>>>>
>>>>> I didn’t get answer for this issue
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Hello Team,
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> I want to use Apache library for ls Unix command.
>>>>>
>>>>>
>>>>> Means same list I want to get using Apache library.
>>>>>
>>>>>
>>>>> So can lease advice.
>>>>>
>>>>>
>>>>> How to use ls command with SftpClient Apache library.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> I want to use Apache library
>>>>>
>>>>>
>>>>> For matching pattern below:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> dir/dir1*/Test.txt
>>>>>
>>>>>
>>>>> dir/dir1?/Test.txt
>>>>>
>>>>>
>>>>> dir/*
>>>>>
>>>>>
>>>>> *
>>>>>
>>>>>
>>>>> *.*
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Sep 18, 2020 at 3:14 PM Leshika Sahu 6A >>>> >
>>>>>
>>>>>
>>>>> wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> > Hello Team,
>>>>>
>>>>>
>>>>> >
>>>>>
>>>>>
>>>>> > I want to use Apache library for ls Unix command.
>>>>>
>>>>>
>>>>> > Means same list I want to get using Apache library.
>>>>>
>>>>>
>>>>> > So can lease advice.
>>>>>
>>>>>
>>>>> > How to use ls command with SftpClient Apache library.
>>>>>
>>>>>
>>>>> >
>>>>>
>>>>>
>>>>> >
>>>>>
>>>>>
>>>>> > I want to use Apache library
>>>>>
>>>>>
>>>>> > For matching pattern below:
>>>>>
>>>>>
>>>>> >
>>>>>
>>>>>
>>>>> > dir/dir1*/Test.txt
>>>>>
>>>>>
>>>>> > dir/dir1?/Test.txt
>>>>>
>>>>>
>>>>> > dir/*
>>>>>
>>>>>
>>>>> > *
>>>>>
>>>>>
>>>>> > *.*
>>>>>
>>>>>
>>>>> >
>>>>>
>>>>>
>>>>> > Regards
>>>>>
>>>>>
>>>>> > Netram Sahu
>>>>>
>>>>>
>>>>> >
>>>>>
>>>>>
>>>>> > --
>>>>>
>>>>>
>>>>> > Thanks & Regards,
>>>>>
>>>>>
>>>>> > Netram Sahu
>>>>>
>>>>>
>>>>> > +91 9653330834
>>>>>
>>>>>
>>>>> >
>>>>>
>>>>>
>>>>> >
>>>>>
>>>>>
>>>>> >
>>>>>
>>>>>
>>>>> >
>>>>>
>>>>>
>>>>> >
>>>>>
>>>>>
>>>>> > --
>>>>>
>>>>>
>>>>> Thanks & Regards,
>>>>>
>>>>>
>>>>> Netram Sahu
>>>>>
>>>>>
>>>>> +91 9653330834
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>> Thanks & Regards,
>>> Netram Sahu
>>> +91 9653330834
>>>
>>>
>>>
>>>
>>>
>>> --
>> Thanks & Regards,
>> Netram Sahu
>> +91 9653330834
>>
>>
>>
>>
>>
>> --
> Thanks & Regards,
> Netram Sahu
> +91 9653330834
>
>
>
>


-- 

Guillaume Nodet

[ANNOUNCE] Apache SSHD 2.5.1 released

[Guillaume Nodet]

The Apache Mina team is pleased to announce the release of SSHD 2.5.1
version.

Apache SSHD is a 100% pure java library to support the SSH protocols on
both the client and server side. This library can leverage NIO2, Apache
MINA and
also Netty - scalable and high performance asynchronous IO libraries. SSHD
does not really aim at being a replacement for the SSH client or SSH server
from Unix operating systems, but rather provides support for Java based
applications requiring SSH support.

This version is a bug fix release for this issue:

   - [SSHD-1022 <https://issues.apache.org/jira/browse/SSHD-1022>] - NPE in
   SftpOutputStreamAsync.flush()


The distributions are available from the Apache Software Foundation
distribution mirrors http://mina.apache.org/sshd-project/downloads.html and
from maven central.

On behalf of the Apache Mina team,
Guillaume Nodet

[ANNOUNCE] Apache SSHD 2.5.0 released

[Guillaume Nodet]

The Apache Mina team is pleased to announce the release of SSHD 2.5.0
version.

Apache SSHD is a 100% pure java library to support the SSH protocols on
both the client and server side. This library can leverage NIO2, Apache
MINA and
also Netty - scalable and high performance asynchronous IO libraries. SSHD
does not really aim at being a replacement for the SSH client or SSH server
from Unix operating systems, but rather provides support for Java based
applications requiring SSH support.

The major issues addressed in this release are:New Feature

   -
   - [SSHD-979 <https://issues.apache.org/jira/browse/SSHD-979>] - Rework
   SFTP streams so that we can send or receive as much data as possible
   [SSHD-972 <https://issues.apache.org/jira/browse/SSHD-972>] - Add
   support for peers using OpenSSH "security key" key types
   - [SSHD-984 <https://issues.apache.org/jira/browse/SSHD-984>] - Utility
   method to export KeyPair in OpenSSH format
   - [SSHD-986 <https://issues.apache.org/jira/browse/SSHD-986>] -
   Implement ECDSA public key recovery
   - [SSHD-1003 <https://issues.apache.org/jira/browse/SSHD-1003>] - Use
   asynchronous streams when forwarding ports
   - [SSHD-1009 <https://issues.apache.org/jira/browse/SSHD-1009>] -
   Support WinSCP shell interactions

Improvement

   - [SSHD-660 <https://issues.apache.org/jira/browse/SSHD-660>] - Add
   support for authentication using signed client/server keys
   - [SSHD-707 <https://issues.apache.org/jira/browse/SSHD-707>] - Add
   support for writing OpenSSH ed25519 private keys to file
   - [SSHD-968 <https://issues.apache.org/jira/browse/SSHD-968>] -
   SshClient times out during keep-alive, when SSH_MSG_GLOBAL_REQUEST is
   replied with SSH_MSG_UNSUPPORTED
   - [SSHD-977 <https://issues.apache.org/jira/browse/SSHD-977>] - Apply
   consistent logging policy to caught exceptions
   - [SSHD-980 <https://issues.apache.org/jira/browse/SSHD-980>] - Make the
   SFTP Api cleaner by moving the implementation classes into the non public
   package
   - [SSHD-992 <https://issues.apache.org/jira/browse/SSHD-992>] -
   Customizing sftp stat commands
   - [SSHD-978 <https://issues.apache.org/jira/browse/SSHD-978>] -
   Autoformat source code instead of using checkstyle

Bug

   - [SSHD-964 <https://issues.apache.org/jira/browse/SSHD-964>] -
   SSH_MSG_CHANNEL_EOF never sent or received for local and remote port
   forwarding
   - [SSHD-967 <https://issues.apache.org/jira/browse/SSHD-967>] -
   transferTo function of SftpRemotePathChannel always add some extra bytes in
   the end of file
   - [SSHD-970 <https://issues.apache.org/jira/browse/SSHD-970>] -
   transferTo function of SftpRemotePathChannel will loop if count parameter
   is greater than file size
   - [SSHD-975 <https://issues.apache.org/jira/browse/SSHD-975>] -
   SshClient subclasses fail in OSGi environment
   - [SSHD-982 <https://issues.apache.org/jira/browse/SSHD-982>] - Race
   condition when loading known hosts
   - [SSHD-987 <https://issues.apache.org/jira/browse/SSHD-987>] -
   AESPrivateKeyObfuscator generates wrong IV length
   - [SSHD-998 <https://issues.apache.org/jira/browse/SSHD-998>] - respect
   SftpVersionSelector when establishing a new connection


The distributions are available from the Apache Software Foundation
distribution mirrors http://mina.apache.org/sshd-project/downloads.html and
from maven central.

On behalf of the Apache Mina team,
Guillaume Nodet

Re: Mina Sshd, JGit, RSA Passphrases

[Guillaume Nodet]

Le mer. 8 janv. 2020 à 04:38, David Blevins  a
écrit :

> Hello fine folks!
>

Hey David !


>
> I've been looking into using Mina Sshd in some JGit code I have, working
> under the assumption I can perhaps get some better passphrase support and
> potentially get rid of Jsch.
>
> The docs are thin on what capabilities there are around password protected
> keys.  I've dug around the code a bit, but probably better to ask some high
> level questions so I know what I'm looking at.
>

Yes, though the docs on the website should be removed and users pointed to
the main git repo (see below)


>  - Are password protected RSA keys supported? (think that's a clear, yes)
>

Yes

 - Is there support for prompting a user for the passphrase via masked
> input? (I didn't find any use of java.io.Console.readPassword)
>

Yes.  The SshClient can be configured with a FilePasswordProvider using the
setFilePasswordProvider method which is used to prompt the user for a
password.
See
https://github.com/apache/mina-sshd/blob/master/docs/client-setup.md#clientidentityloaderkeypairprovider


>  - Is there any support for ssh-agents, eliminating the need for user
> interaction or file storage of passphrases? (think that's a no, but
> interested in any plans or pointers to previous discussion)
>

Yes, there's an SshAgent interface which can be set indirectly (through the
SshAgentFactory) on the SshClient using the setAgentFactory method. There
are 3 implementations:
 * LocalAgentFactory: creates or reuses an SshAgent in the JVM which can be
configured using the addIdentity methods
 * UnixAgentFactory: communicates with the agent using the APR library
using the *SSH_AUTH_SOCK* environment variable
 * ProxyAgentFactory: communicates with a remote agent when using agent
forwarding


>
> I'm happy to create an FAQ of some kind for the website.  Any pointers on
> where I'd put the doc?
>

The website should point to the main git repo and the readme:
  https://github.com/apache/mina-sshd
and the various doc bits in
  https://github.com/apache/mina-sshd/tree/master/docs
An entry is clearly missing for agent support...

Guillaume


>
>
> -David
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@mina.apache.org
> For additional commands, e-mail: users-h...@mina.apache.org
>
>

-- 

Guillaume Nodet

[ANNOUNCE] Apache SSHD 2.1.0 released

[Guillaume Nodet]

The Apache SSHD project is pleased to announce the release of SSHD 2.1.0
version.

Apache SSHD is a 100% pure java library to support the SSH protocols on both
the client and server side. This library can leverage Apache MINA and also
Netty - scalable and high performance asynchronous IO libraries. SSHD does
not really aim at being a replacement for the SSH client or SSH server from
Unix operating systems, but rather provides support for Java based
applications
requiring SSH support.

A few backward incompatible changes have been made since the previous
release, thus the version has been named 2.1 accordingly, in order to
emphasize this fact. The major issues addressed in this release are:

* In accordance with the policy of making the SSHD code less monolithic in
nature, 2 new artifacts have been established:

- sshd-common - contains common code that is used throughout the other
artifacts - mainly SSH related definitions and support code that
deals with keys, ciphers, fingerprints, etc.. - but no client or server
code. The Maven dependencies have been updated accordingly, so
users who declare a dependency on "sshd-core" (and other previous
version artifacts) will automatically include the "sshd-common" artifact as
well.

- sshd-putty - ("spin off" from sshd-contrib) - contains the code
necessary to use Putty key files for authentication. Users who
previously used "sshd-contrib" Maven dependency for this purpose should
replace it with "sshd-putty".

* Fixed some issues related to port forwarding - mainly correctly
un-binding the locally bound ports used for tunnels.

* Fixed the ability to disable registering security providers using system
property configuration.

* Use Nio2ServiceFactoryFactory as the hardwired default if no other found
or explicitly set.

Users are encouraged to read the documentation available at
https://github.com/apache/mina-sshd/ which has been updated to reflect the
necessary code changes.

Advisory notice regarding building the code from the released (ZIP/TAR.GZ)
sources distribution:


A minor issue has been discovered in this context for users who wish to
build the artifacts from these distributions instead of the GIT repository.
There are 2 "hostkey.ser" files that have been included by mistake - one in
the "sshd-core" folder and the other in the"sshd-netty" one. These files
are actually products of previous builds, and they interfere with the unit
tests causing them to fail. Users who wish to build the project from the
ZIP/TAR.GZ source distributions should delete the 2 aforementioned files
before proceeding with the build.

In this context it is important to emphasize:

* The said problem affects the build process only when it is attempting to
run the unit tests - the released production artifacts on Maven Central or
the ones generated locally as a result of the build process are not
affected in any way.
* This issue does not affect in any way users who wish to build the
artifacts from the GIT repository sources.
* The "offending" files have been correctly excluded in the latest
development master branch - so future releases should no longer suffer from
this problem.

We recommend all users to upgrade to this release - we consider this a
stable
and production ready release.

On behalf of the Apache Mina team,
Guillaume Nodet

Re: Different root and initial directories for SFTP

[Guillaume Nodet]

Ah, I see.
It's currently not supported unfortunately : please raise a JIRA for that.
In the mean time, you should derive the SftpSubsystem class and override
the getDefaultDirectory method to return the Path you want for the given
user.

Guillaume

2018-05-24 21:00 GMT+02:00 Quinn Stevenson <qu...@pronoia-solutions.com>:

> Yeah - I’ve tried that.  What it does is set’s the root of the virtual
> filesystem to a different spot for that user.  So if I set the
> defaultHomeDir to target/sftp and the userHomeDir for my test user to
> target/sftp/home/user, the “root” of the virtual filesystem is
> target/sftp/home/user.  What I need is the root of the virtual filesystem
> to be target/sftp, and the initial/login directory for the user to be
> target/sftp/home/user.
>
> I think I need to set the “current directory” for the user when they
> login, but I have no idea how to do that on the SSHD server.
>
> Hopefully that helps describe what I’m trying to do.
>
>
> > On May 24, 2018, at 8:56 AM, Guillaume Nodet <gno...@apache.org> wrote:
> >
> > Have you tried setting home dirs for your users on the
> VirtualFileSystemFactory
> > ?
> >
> > vfsf.setUserHomeDir("the user", the_home_dir);
> >
> > 2018-05-24 15:49 GMT+02:00 Quinn Stevenson <qu...@pronoia-solutions.com
> >:
> >
> >> I’m using Mina SSHD (1.7.0) as an embedded SFTP server for unit testing,
> >> and I’ve come across an issue I can’t figure out.
> >>
> >> I’m looking for a way to set the initial directory in a virtual
> filesystem
> >> for a user when the login to the SFTP server.
> >>
> >> I’m simulating some systems that have not chroot-ed their SFTP users, so
> >> the initial directory for the user is /home/username, but the users can
> >> access the entire filesystem (I know - not a good idea, but I didn’t set
> >> this up).
> >>
> >> My problem is that when I setup the SFTP sever using Mina SSHD with a
> >> VirtualFileSystemFactory, the user is always placed in the “root”
> directory
> >> (i.e. / ) when they login.  This makes is really hard for me to simulate
> >> navigating the virtual filesystem in my tests because the paths are
> >> different.
> >>
> >> Any ideas/suggestions would be greatly appreciated!!
> >>
> >> Quinn Stevenson
> >>
> >>
> >>
> >
> >
> > --
> > 
> > Guillaume Nodet
>
>


-- 

Guillaume Nodet

Re: Different root and initial directories for SFTP

[Guillaume Nodet]

Have you tried setting home dirs for your users on the VirtualFileSystemFactory
?

vfsf.setUserHomeDir("the user", the_home_dir);

2018-05-24 15:49 GMT+02:00 Quinn Stevenson <qu...@pronoia-solutions.com>:

> I’m using Mina SSHD (1.7.0) as an embedded SFTP server for unit testing,
> and I’ve come across an issue I can’t figure out.
>
> I’m looking for a way to set the initial directory in a virtual filesystem
> for a user when the login to the SFTP server.
>
> I’m simulating some systems that have not chroot-ed their SFTP users, so
> the initial directory for the user is /home/username, but the users can
> access the entire filesystem (I know - not a good idea, but I didn’t set
> this up).
>
> My problem is that when I setup the SFTP sever using Mina SSHD with a
> VirtualFileSystemFactory, the user is always placed in the “root” directory
> (i.e. / ) when they login.  This makes is really hard for me to simulate
> navigating the virtual filesystem in my tests because the paths are
> different.
>
> Any ideas/suggestions would be greatly appreciated!!
>
> Quinn Stevenson
>
>
>


-- 

Guillaume Nodet

[ANN] Apache Mina SSHD 1.7.0 Released

[Guillaume Nodet]

We're pleases to announce the release of Mina SSHD 1.7.0.

The release is available from the ASF download sites and also from Maven
Central:
  http://mina.apache.org/sshd-project/download_1.7.0.html

Release notes:

https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12341097=Text=12310849=Create_token=A5KQ-2QAV-T4JA-FDED%7C47f5fd1e799680219ff14477b5b2c29ce7aaf6fd%7Clin

Cheers,
Guillaume Nodet

Re: SSHD session init issue? (msg order)

[Guillaume Nodet]

That looks legit to me,  see rfc4253 section 5.2

5.2 <https://tools.ietf.org/html/rfc4253#section-5.2>.  New Client, Old Server

   Since the new client MAY immediately send additional data after its
   identification string (before receiving the server's identification
   string), the old protocol may already be corrupt when the client
   learns that the server is old.  When this happens, the client SHOULD
   close the connection to the server, and reconnect using the old
   protocol.


This implies that what you see is correct from a client point of view.
Would it be possible to enable debug logging on the cisco server to get
more traces ?


2017-11-02 9:38 GMT+01:00 Maroš Maršálek <mmarsa...@frinx.io>:

> Hello mina(sshd) devs,
>
>
>
> While using mina-sshd I ran into a possible issue.
>
> Basically, when connecting as a client to SSH server, session
> initialization halts. The message exchange (observed by wireshark) looked
> like this:
>
>
>
> Mina-SSHD-client -> SSH serverSSH-2.0-...
>
> Mina-SSHD-client -> SSH serverKEX_INIT
>
> SSH server -> Mina-SSHD-client SSH-2.0-Cisco-1.25
>
>
>
> No further messages were exchanged.
>
> This does not always happen, if the timing is right and the message order
> looks like:
>
>
>
> SSH-2.0...
>
> SSH-2.0-Cisco-1.25
>
> KEX_INIT
>
> KEX_INIT
>
>
>
> ... the communication continues as expected.
>
>
>
> So my questions would be:
>
> Is that an issue ? Should the „SSH protocol identifiers“ be exchanged
> first and only then KEX_INIT messages ? Is that message order valid by the
> SSH protocol standards ?
>
> If so, can that be considered a possible issue in mina-sshd library and
> should it wait to send KEX_INIT only after SSH protocol identifier was
> received ?
>
> Or is this just a bug in this particular SSH server...
>
>
>
> I tested this with mina-sshd 1.16.0 and also 0.14 versions.
>
> The SSH server is part of Cisco IOSv software (version 15.5(3) and above).
>
>
>
> Regards,
>
> Maroš Maršalek
>
> *Software Engineer*
>
>
>
> Frinx s.r.o.
>
> Mlynské Nivy 48 / 821 09 Bratislava / Slovakia
> <https://maps.google.com/?q=Mlynsk%C3%A9+Nivy+48+/+821+09+Bratislava+/+Slovakia=gmail=g>
>
> +421 2 209 101 41 / mmarsa...@frinx.io
> <2%20209%20101%2041%20/%20mmarsa...@frinx.io> / *www.frinx.io
> <http://www.frinx.io>*
>
>
>
> [image: cid:image001.jpg@01D26688.DDA92180]
>
>
>



-- 

Guillaume Nodet

Re: How to configure ChannelShell correctly? (Part 2)

[Guillaume Nodet]

Here is an example of this integration:

https://github.com/jline/jline3/blob/master/remote-ssh/src/main/java/org/jline/builtins/ssh/Ssh.java#L165-L265

For the server side, you can look at:

https://github.com/jline/jline3/blob/master/remote-ssh/src/main/java/org/jline/builtins/ssh/ShellFactoryImpl.java#L119

The invertedIn stream is an OutputStream which you can use to write to the
remote input stream of the ssh channel.  What you write will be the input
on the server side.  It's created when the channel is opened.
If an in channel is set (using setIn) before the channel is opened, a
thread will be created which will read from that InputStream and write the
data to the invertedIn.

You also have the ability to use an async mode where you can use streams
using the IoInputStream and IoOutputStream interfaces.


2017-06-29 11:07 GMT+02:00 Nick Lee <lee1n...@yahoo.ca.invalid>:

> Hello,
> One thing I forgot to mention 
> The terminal emulator needs an InputStream and an OutputStream.
> I use ChannelShell.getOut() to obtain the OutputStream.
> I use ChannelShell.getInvertedOut() to obtain the InputStream, because
> ChannelShell.getIn() initially returns null and I did not check again later.
> Is that the right way to do it? Should I call getIn() later to obtain an
> InputStream? What is "inverted out" for?
> Thanks,Nick
>



-- 

Guillaume Nodet

Re: Regarding the SSHD 1.5.0 Release ETA

[Guillaume Nodet]

Unfortunately, it can't be published. There's a licensing issue that needs
to get sorted and we'll have to recut a release.

2017-05-19 11:06 GMT+02:00 Oleg Nenashev <o.v.nenas...@gmail.com>:

> Hi all,
>
> Thanks a lot for the release cut off, I see it in GitHub. Unfortunately
> SSHD 1.5.0 has not been published in Maven Central yet:
> http://central.maven.org/maven2/org/apache/sshd/sshd-core/ . Likely it is
> just waiting for the approval in staging. Would it be possible to get it
> published?
>
> There is also an issue with the changelog entry for SSHD-727. It says
> "Upgrade EdDSA artifact version to 1.1", but actually it has been upgraded
> from 1.1 to 1.2 as it has been mentioned in the issue comments.
>
> Thanks in advance,
> Oleg Nenashev
>
> 2017-05-11 13:55 GMT+02:00 Emmanuel Lécharny <elecha...@gmail.com>:
>
> >
> >
> > Le 11/05/2017 à 09:45, Oleg Nenashev a écrit :
> > > Hello,
> > >
> > > Thanks for the response! Looking forward to get a decision.
> > >
> > > I would probably wait till the Jigsaw mess gets resolved somehow ;)
> >
> > You mean, 2027 ?
> >
> > --
> > Emmanuel Lecharny
> >
> > Symas.com
> > directory.apache.org
> >
> >
>



-- 

Guillaume Nodet

Re: Is there a maven snapshot reporitory for this projet

[Guillaume Nodet]

You can try with the github clone
  https://github.com/apache/mina-sshd.git

I've also uploaded a snapshot at :

https://repository.apache.org/content/repositories/snapshots/org/apache/sshd/sshd-core/1.4.0-SNAPSHOT/sshd-core-1.4.0-20161128.120923-1.jar


2016-11-28 12:42 GMT+01:00 Claude Warren <cla...@xenei.com>:

> I get the following error:
>
> git clone http://git-wip-us.apache.org/repos/asf/mina-sshd.git sshd
> Initialized empty Git repository in /home/iei77703/git/sshd/.git/
> error: RPC failed; result=22, HTTP code = 405
>
>
> On Sun, Nov 27, 2016 at 10:13 AM, Emmanuel Lécharny <elecha...@gmail.com>
> wrote:
>
> >
> >
> > Le 27/11/16 à 10:44, Claude Warren a écrit :
> > > I was looking for a maven snapshot repository for the sshd modules.  Is
> > > there one or do I have to build from source?
> >
> > Building the project from source is as easy as doing :
> >
> > $ git clone http://git-wip-us.apache.org/repos/asf/mina-sshd.git sshd
> > $ mvn clean install
> >
> > It taes a couple of mins, all include, it only requires Java 7 and Maven
> > 3.x.
> >
> >
> > --
> >
> > Emmanuel Lecharny
> >
> > Symas.com
> > directory.apache.org
> >
> >
>
>
> --
> I like: Like Like - The likeliest place on the web
> <http://like-like.xenei.com>
> LinkedIn: http://www.linkedin.com/in/claudewarren
>



-- 

Guillaume Nodet

Red Hat, Open Source Integration

Email: gno...@redhat.com
Web: http://fusesource.com
Blog: http://gnodet.blogspot.com/

Re: SSHD client - is it possible to reuse a session?

[Guillaume Nodet]

It's a valid use case and it should work.

However, if you stack your sessions for too long, the client or server may
consider the session idle for too long and close it.
Before reusing the session, check the session state with a call isOpen().
You can change the timeout on the client or server (if using sshd) with the
following code.  The default value is FactoryManager.DEFAULT_IDLE_TIMEOUT with
is 10 minutes.

final long idleTimeoutValue = TimeUnit.SECONDS.toMillis(5L);
PropertyResolverUtils.updateProperty(sshd,
FactoryManager.IDLE_TIMEOUT, idleTimeoutValue);


2016-11-17 15:57 GMT+01:00 Claude Warren <cla...@xenei.com>:

> I am attempting to create a client session and then use it to send multiple
> commands.  Is this possible?
>
> {noformat}
>
>ConnectFuture connect = client.connect(cred.getUserName(),
> socketAddress);
> if (connect.await(1)) {
> session = connect.getSession();
> if (session != null) {
> session.addPasswordIdentity(cred.getPassword());
> AuthFuture future = session.auth();
> future.await(config.getConnectionTimeout());
> if (future.isFailure()) {
> if (LOG.isDebugEnabled()) {
> LOG.debug(String.format(
> "Login to %s with id '%s' failed",
> socketAddress, cred.getUserName()));
> session.close(false);
> }
> } else {
>
> return session;
> }
> } else {
> LOG.info(String.format("Unable to create session with
> %s",
> socketAddress));
> }
>
>  === snip ===
>
>   ClientChannel channel =
> session.createChannel(Channel.CHANNEL_EXEC,
> command.getSend());
> ByteArrayOutputStream out = new ByteArrayOutputStream();
> ByteArrayOutputStream err = new ByteArrayOutputStream();
> channel.setOut(out);
> channel.setErr(err);
>
> channel.open().await(1);
> channel.waitFor(EnumSet.of(ClientChannelEvent.CLOSED), 0);
>
> {noformat}
>
> Basically I call the first part to create the session and then execute the
> command in the second part.  I process the results and depending on output
> I run other commands by calling the second part again. (same session, and I
> have closed the previous channel).
>
> The issue I see is that the session is closed when the channel is closed.
> The implementation is using the NIO2 packages.
>
> I am not certiain if this is a bug,
> a misconfiguraiton on my part,
> or patently not possible.
>
> Any assistance would be appreciated.
>
> Claude Warren
> --
> I like: Like Like - The likeliest place on the web
> <http://like-like.xenei.com>
> LinkedIn: http://www.linkedin.com/in/claudewarren
>



-- 

Guillaume Nodet

Red Hat, Open Source Integration

Email: gno...@redhat.com
Web: http://fusesource.com
Blog: http://gnodet.blogspot.com/

Re: SshClient#start call multiple times

[Guillaume Nodet]

The client (and server) are not supposed to be started multiple times.
This could be improved, but for now, you'd better only call start / stop
once.

2016-03-18 16:45 GMT+01:00 Alexis de Talhouët <adetalho...@inocybe.ca>:

> Hello sshd-dev,
>
> Let say I have an SshClient shared across my app, used to establish
> connection
>  to remote devices. Each time the app is attempting a connection, the
> #start() method
> of SshClient is called. Doing so created a FD leak in the app.
>
> So I’m wondering if by design, the SshClient#start() can be called
> multiple time.
> Else, a quick and easy check in the start method to see if already started
> would
> be an easy fix.
>
> More context:
> [0]: is the static final definition of the SshClient, where the client is
> started the first time
> [1]: and here is where the SshClient is started on each connect attempt
>
> Thanks,
> Alexis
>
> [0]:
> https://github.com/opendaylight/netconf/blob/master/netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/client/AsyncSshHandler.java#l46l59
> <
> https://github.com/opendaylight/netconf/blob/master/netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/client/AsyncSshHandler.java#l46l59
> >
> [1]:
> https://github.com/opendaylight/netconf/blob/master/netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/client/AsyncSshHandler.java#l89
> <
> https://github.com/opendaylight/netconf/blob/master/netconf/netconf-netty-util/src/main/java/org/opendaylight/netconf/nettyutil/handler/ssh/client/AsyncSshHandler.java#l89
> >




-- 

Guillaume Nodet

Red Hat, Open Source Integration

Email: gno...@redhat.com
Web: http://fusesource.com
Blog: http://gnodet.blogspot.com/

Re: Extending sshd to support streaming files from a file repository

[Guillaume Nodet]

I'm not sure to understand.
You want your client to use the SSH / SFTP protocol to connect to the
server, and then, the server would call a web service to actually query the
file system over the web service, right ?

If you don't want your client to directly use the custom
FileSystemProvider, and force it to use SFTP instead, you can achieve that
by setting your custom FileSystemFactory on the ssh server and that should
be enough.


2015-12-18 2:52 GMT+01:00 rockyfm :

> We are looking to extend sshd 1.0 to support a file system that does not
> exist natively on the server running the sshd process. File operations like
> "ls" would query a web service to return a structure that represents the
> access the user has to files and directories on the remote file repository.
> Similarly a "GET" would retrieve a file from the repository while a "PUT"
> would save it to the repository. My initial understanding is that I could
> achieve what I need by implementing something as follows (based on the
> RootedFileSystemProvider)
>  1. MyCustomFileSystemProvider extending  FileSystemProvider
>  2. MyCustomPath  extending BasePath
>  3. MyCustomtFileSystem extending BaseFileSystem< MyCustomPath >
>  4. MyCustomFileSystemFactory implementing FileSystemFactory
>
>  I was wondering if I was on the right track. Do I need to extend the
> SftpSubsystem, if I need to stream a file from a remote server ?
>
>  Any pointers is greatly appreciated.
>
>
>
> --
> View this message in context:
> http://apache-mina.10907.n7.nabble.com/Extending-sshd-to-support-streaming-files-from-a-file-repository-tp49141.html
> Sent from the Apache MINA User Forum mailing list archive at Nabble.com.
>

Re: Is there an easy way to parse an OpenSSH RSA/DSA/ECDSA pub/priv keypair?

[Guillaume Nodet]

Sure, but that's definitely now how the private key looks like.
It usually looks like:

-BEGIN RSA PRIVATE KEY-

-END RSA PRIVATE KEY-


And loading the public key only won't really give you a KeyPair.
The method I pointed you to in SecurityUtils needs an InputStream
containing such a private key.

Guillaume

2015-11-02 17:25 GMT+01:00 Jonathan S. Fisher <
jonat...@springventuregroup.com>:

> Jsch loads encrypted ones just fine :) It will not connect with ECDSA
> though, which is why we switched to mina-sshd.
>
> And those are definitely PEM encoded keys. Typically with the ssh-keygen
> tool, your generated pubkey will be in this format:
>
> jonathan.fisher@apollo:~/.ssh$ cat id_dsa.pub
> ssh-dss
>
> B3NzaC1kc3MAAACBANgv/c/e+Urs13PJiwCAeGZshnmv4eea8+c8NEPS5fYi9WHSdSGacyZJPxqd1/8dlmzma91lx2i20f1jTUngiXal2OUzADxIiUf+nf0LFRSrzPbo6B6bLcaYz0RHoSzICbcImreJ06Cow9nKGM0zCwho3aRrPo41L9hDzDFjYPKJFQC4ybSPtFEb2GuIqTpz3HRAlOU0kwAAAIEArBxXFV+CgEh57uPSsQ/G2p2KhEXyOTP8SZ753sRswH5PTv8X3wq1BjuSneonm9Z+1w6AtC0HDQ6ibTG+Kx0e3HjAdVdkvVEP2MNLxlYG5eUozGJWEdb3tmAGJgtP4Y3pQ789I1fbaEtN7JT7+tn9IXtclGP66du6XhU3lHemqVMAAACAFVAaT56J7KnM2FGD4ghQ5+dduM3mzRrokac7oEt9gz18n0yK5bBRMUq4evEwsRyqEH8lipdvF416ggK/I5U5ww2XwsfqqJ8mAPuGpC49cIQzuCWDi1WMG0OA91t/bTD4yEt0DA/7Vqo+PVFbxzVbAZtoGMa/0trjvIgxRJfLOss=
> jonathan.fisher@apollo
>
>
> On Mon, Nov 2, 2015 at 10:20 AM, Guillaume Nodet <gno...@apache.org>
> wrote:
>
> > The code is used to load the following keys:
> >
> >
> >
> https://github.com/apache/mina-sshd/tree/master/sshd-core/src/test/resources/org/apache/sshd/client/config/keys
> >
> > Isn't that what you need ?
> >
> > Fwiw, afaik, JSch can't load encrypted keys.
> >
> >
> > 2015-11-02 17:00 GMT+01:00 Jonathan S. Fisher <
> > jonat...@springventuregroup.com>:
> >
> > > If I could press you just a bit further
> > >
> > > I have the private key and the public key as separate strings in the
> > > typical OpenSSH format. I noticed the source code for the
> > > SecurityUtils. loadKeyPairIdentity() seems to invoke methods based
> around
> > > PEM formats, which is not common at all for SSH.
> > >
> > > Is there a way to parse, combine, and convert the keys I have to PEM
> > format
> > > in Java?
> > >
> > > On Mon, Nov 2, 2015 at 9:44 AM, Jonathan S. Fisher <
> > > jonat...@springventuregroup.com> wrote:
> > >
> > > > https://mina.apache.org/sshd-project/downloads.html
> > > >
> > > > Just noticed this is not showing a changelog or a download link for
> > 1.0.
> > > I
> > > > saw v1.0 in Nexus, but since it wasn't listed as a release I figured
> it
> > > was
> > > > a fluke.
> > > >
> > > > On Sun, Nov 1, 2015 at 2:50 AM, Guillaume Nodet <gno...@apache.org>
> > > wrote:
> > > >
> > > >> Here's the code from SSHD 1.0
> > > >> I think the javadoc on the web site is outdated, i'll try to fix it.
> > > >>
> > > >>
> > > >>
> > >
> >
> https://github.com/apache/mina-sshd/blob/sshd-1.0.0/sshd-core/src/main/java/org/apache/sshd/common/util/SecurityUtils.java#L202
> > > >>
> > > >> 2015-10-31 16:24 GMT+01:00 Jonathan S. Fisher <
> > > >> jonat...@springventuregroup.com>:
> > > >>
> > > >> > Using Jsch, I was able to parse the keys:
> > > >> >
> > > >> > JSch jSch = new JSch();
> > > >> > try {
> > > >> > com.jcraft.jsch.KeyPair jschKeypair =
> > > com.jcraft.jsch.KeyPair.load(jSch,
> > > >> > privateKey.getBytes(), publicKey.getBytes());
> > > >> > jschKeypair.decrypt(keyPass);
> > > >> > byte[] fromAgent = jschKeypair.forSSHAgent();
> > > >> > Buffer buffer = new Buffer(fromAgent);
> > > >> > return buffer.getKeyPair();
> > > >> > } catch (JSchException | SshException e) {
> > > >> > throw new RuntimeException(e);
> > > >> > }
> > > >> >
> > > >> > However, is there a way to do this without bringing in Jsch?
> > > >> >
> > > >> >
> > > >> > On Sat, Oct 31, 2015 at 9:12 AM, Jonathan S. Fisher <
> > > >> > jonat...@springventuregroup.com> wrote:
> > > >> >
> > > >> > >
> > > >> > >
> > > >> >
> > > >>
> > 

Re: Is there an easy way to parse an OpenSSH RSA/DSA/ECDSA pub/priv keypair?

[Guillaume Nodet]

The code is used to load the following keys:

https://github.com/apache/mina-sshd/tree/master/sshd-core/src/test/resources/org/apache/sshd/client/config/keys

Isn't that what you need ?

Fwiw, afaik, JSch can't load encrypted keys.


2015-11-02 17:00 GMT+01:00 Jonathan S. Fisher <
jonat...@springventuregroup.com>:

> If I could press you just a bit further
>
> I have the private key and the public key as separate strings in the
> typical OpenSSH format. I noticed the source code for the
> SecurityUtils. loadKeyPairIdentity() seems to invoke methods based around
> PEM formats, which is not common at all for SSH.
>
> Is there a way to parse, combine, and convert the keys I have to PEM format
> in Java?
>
> On Mon, Nov 2, 2015 at 9:44 AM, Jonathan S. Fisher <
> jonat...@springventuregroup.com> wrote:
>
> > https://mina.apache.org/sshd-project/downloads.html
> >
> > Just noticed this is not showing a changelog or a download link for 1.0.
> I
> > saw v1.0 in Nexus, but since it wasn't listed as a release I figured it
> was
> > a fluke.
> >
> > On Sun, Nov 1, 2015 at 2:50 AM, Guillaume Nodet <gno...@apache.org>
> wrote:
> >
> >> Here's the code from SSHD 1.0
> >> I think the javadoc on the web site is outdated, i'll try to fix it.
> >>
> >>
> >>
> https://github.com/apache/mina-sshd/blob/sshd-1.0.0/sshd-core/src/main/java/org/apache/sshd/common/util/SecurityUtils.java#L202
> >>
> >> 2015-10-31 16:24 GMT+01:00 Jonathan S. Fisher <
> >> jonat...@springventuregroup.com>:
> >>
> >> > Using Jsch, I was able to parse the keys:
> >> >
> >> > JSch jSch = new JSch();
> >> > try {
> >> > com.jcraft.jsch.KeyPair jschKeypair =
> com.jcraft.jsch.KeyPair.load(jSch,
> >> > privateKey.getBytes(), publicKey.getBytes());
> >> > jschKeypair.decrypt(keyPass);
> >> > byte[] fromAgent = jschKeypair.forSSHAgent();
> >> > Buffer buffer = new Buffer(fromAgent);
> >> > return buffer.getKeyPair();
> >> > } catch (JSchException | SshException e) {
> >> > throw new RuntimeException(e);
> >> > }
> >> >
> >> > However, is there a way to do this without bringing in Jsch?
> >> >
> >> >
> >> > On Sat, Oct 31, 2015 at 9:12 AM, Jonathan S. Fisher <
> >> > jonat...@springventuregroup.com> wrote:
> >> >
> >> > >
> >> > >
> >> >
> >>
> https://mina.apache.org/sshd-project/apidocs/org/apache/sshd/common/util/SecurityUtils.html
> >> > >
> >> > > Can you point me to that method in the docs? I'm not seeing it
> >> there...
> >> > >
> >> > > On Fri, Oct 30, 2015 at 5:59 PM, Guillaume Nodet <gno...@apache.org
> >
> >> > > wrote:
> >> > >
> >> > >> You can try with
> >> > >>   SecurityUtils.loadKeyPairIdentity
> >> > >>
> >> > >> 2015-10-30 17:36 GMT+01:00 Jonathan S. Fisher <
> >> > >> jonat...@springventuregroup.com>:
> >> > >>
> >> > >> > Hey guys,
> >> > >> >
> >> > >> > I've been pouring through examples and source code, and I cannot
> >> > figure
> >> > >> out
> >> > >> > how to do this. I have a pair of Strings that is the contents of
> a
> >> > >> user's
> >> > >> > id_ecdsa and id_ecdsa.pub. The private key is encrypted.
> >> > >> >
> >> > >> > Is there not a conversion utility class to go from OpenSSH to a
> >> > KeyPair
> >> > >> > anywhere? If not, what would be the shortest steps to write one?
> I
> >> > >> noticed
> >> > >> > the Buffer class and the SecurityUtils, but they don't seem to
> >> handle
> >> > >> > encryption.
> >> > >> >
> >> > >> > Thanks,
> >> > >> > -Jonathan
> >> > >> >
> >> > >> > --
> >> > >> > Email Confidentiality Notice: The information contained in this
> >> > >> > transmission is confidential, proprietary or privileged and may
> be
> >> > >> subject
> >> > >> > to protection under the law, including the Health Insurance
> >> > Portability
> >> > >> and
> >> > >> >

Re: Apache SSHD and Apache MINA integration

[Guillaume Nodet]

It may be easier for you to go to a lower level though.

SshClient client = SshClient.setUpDefaultClient();
ClientSession session = new ClientSessionImpl(client, new MinaSession(null,
ioSession));
session.setUsername(...);
...

I suppose your code snippet should work too, though you'd have to call
client.connect() with a dummy address.


2015-10-21 8:24 GMT+02:00 Vikram Darsi :

> Hi
>
> We have a Netconf protocol implementation on top of Apache MINA and Apache
> SSHD, and currently working on new feature "reverse SSH"
>
>
> 1. Apache MINA's NioSocketAcceptor is used to accept incoming connections
> and a StreamIOhandler is set to it.
>
> 2. So, when a connection is accepted, we have a IoSession, InputStream and
> OutputStream with us
>
> 3.  As per the concept of reverseSSH, all further request's should use the
> same channel.
>
> Here comes the need to attach the IoSession to Apache SSHD's SshClient
>
> The following is the code snippet written for achieving this
>
>
> sshClient.setIoServiceFactoryFactory(new IoServiceFactoryFactory() {
> @Override
> public IoServiceFactory create(final FactoryManager manager) {
> return new MinaServiceFactory(manager) {
> @Override
> public IoConnector createConnector(final IoHandler
> handler) {
> try {
> return new Nio2Connector(manager, handler,
> AsynchronousChannelGroup.withThreadPool(MoreExecutors.sameThreadExecutor()))
> {
> @Override
> public IoConnectFuture connect(final
> SocketAddress address) {
> DefaultIoConnectFuture
> defaultIoConnectFuture = new DefaultIoConnectFuture(null);
>
> defaultIoConnectFuture.setSession(ioSession);
> return defaultIoConnectFuture;
> }
> };
> } catch (IOException e) {
> // FIXME
> e.printStackTrace();
> }
> return null;
> }
> };
> }
> });
>
>
> sshClient.start();
>
> Are these steps correct? If not, can you please let us know the correct
> steps.
>
> 4. For further communication can we use this SshClient API to talk to the
> devices in usual manner?
>
>
>
> Thanks
> Vikram
>
>
> This email and attachments may contain privileged or confidential
> information intended only for the addressee(s) indicated. The sender does
> not waive any of its rights, privileges or protections respecting this
> information. If you are not the named addressee, an employee, or agent
> responsible for sending this message to the named addressee (or this
> message was received by mistake), you are not authorized to read, print,
> retain, copy or disseminate this message or any part of it. If received in
> error, please notify us immediately by e-mail, discard any paper copies and
> delete all electronic files of the email.
>
> Computer viruses can be transmitted via email. The recipient should check
> this email and any attachments for viruses. Email transmission cannot be
> guaranteed to be secured or error-free as information could be intercepted,
> corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
> The sender accepts no liability for any damage caused by any transmitted
> viruses or errors or omissions in the contents of this message.
>
> Overture Networks, Inc. 637 Davis Drive, Morrisville, NC USA 27560
> www.overturenetworks.com
>

Re: Sftp client - large directory listing

[Guillaume Nodet]

You need to call  readDir(h) multiple times until it returns null which
signifies that the whole directory has been read.

2015-10-15 20:20 GMT+02:00 Gabriel Kapitany :

> Hi all,
>
>
>
> I’m using the SSH client library and trying to list a remote directory
> containing large number of files +10,000.
>
>
>
> Something along this line:
>
> …..
>
> sftp = session.createSftpClient();
>
> …
>
> List myList = *new* ArrayList();
>
>SftpClient.DirEntry[] dir = *null*;
>
>*try* {
>
>   h = sftp.openDir(folder);
>
>   dir = sftp.readDir(h);
>
>
>
>
>
>} *catch* (IOException e) {
>
>
>
>   *throw* *new* InterruptedException("Can't open directory: "
> + e);
>
>}
>
>
>
>*int* count = dir.length;
>
>
>
>
>
> I’m looking for files in the list with a particular extension
> filexx.ext, for which I call sftp.get.
>
> The listing returns around 100 files unsorted, which doesn’t hold any of
> the *.ext files, even though there are many of them on the remote folder.
> At this point my application gets stuck.
>
>
>
> I think this is due to the buffer size. How can I retrieve the whole
> list?  Or, is there any other way to deal with the problem?
>
>
>
> Thanks,
>
> Gabriel
>
>
>
> CONFIDENTIALITY WARNING
> This communication, including any attachments, is for the exclusive use of
> addressee and may contain proprietary and/or confidential information. If
> you are not the intended recipient, any use, copying, disclosure,
> dissemination or distribution is strictly prohibited. If you are not the
> intended recipient, please notify the sender immediately by return e-mail,
> delete this communication and destroy all copies.
>
> AVERTISSEMENT RELATIF À LA CONFIDENTIALITÉ
> Ce message, ainsi que les pièces qui y sont jointes, est destiné à l’usage
> exclusif de la personne à laquelle il s’adresse et peut contenir de
> l’information personnelle ou confidentielle. Si le lecteur de ce message
> n’en est pas le destinataire, nous l’avisons par la présente que toute
> diffusion, distribution, reproduction ou utilisation de son contenu est
> strictement interdite. Veuillez avertir sur-le-champ l’expéditeur par
> retour de courrier électronique et supprimez ce message ainsi que toutes
> les pièces jointes.
>
>

Re: SFTP - Strange Heap Behaviour under load

[Guillaume Nodet]

Yes, please reproduce the error and take a memory dump somehow, and raise a
JIRA issue and attach the dump to it.

2015-10-27 8:17 GMT+01:00 Stefan Magnus Landrø :

> Have you performed a heap dump and tried analyzing it with eclipse mat (
> https://eclipse.org/mat/) or similar? You could add a jvm flag to have it
> dump memory when oom-ing (
> http://www.oracle.com/technetwork/java/javase/clopts-139448.html)?
>
> Stefan
>
> 2015-10-27 8:04 GMT+01:00 Olivier Girardot :
>
> > any idea ? this is a blocker for us and it makes us consider dropping
> sshd
> > :-/
> >
> > 2015-10-19 19:09 GMT+02:00 Olivier Girardot :
> >
> >> Hi everyone,
> >> we're experiencing some trouble using sshd 1.0.0 as an SFTP server under
> >> high load with many small files (< 15 M).
> >> We do not see a lot of GC Activity when the server is idle, and when
> >> "some" load appears sometimes the heap usage go down, and sometimes we
> >> gradually go up until an OOM Error kills everything.
> >>
> >> Here's some of the Heap/Thread behaviour we observe :
> >>
> >> [image: Images intégrées 1]
> >>
> >> Any idea what we could be doing wrong ?
> >>
> >>
> >> --
> >> *Olivier Girardot*
> >>
> >
> >
>
>
> --
> BEKK Open
> http://open.bekk.no
>
> TesTcl - a unit test framework for iRules
> http://testcl.com
>

Re: Is there an easy way to parse an OpenSSH RSA/DSA/ECDSA pub/priv keypair?

[Guillaume Nodet]

Here's the code from SSHD 1.0
I think the javadoc on the web site is outdated, i'll try to fix it.

https://github.com/apache/mina-sshd/blob/sshd-1.0.0/sshd-core/src/main/java/org/apache/sshd/common/util/SecurityUtils.java#L202

2015-10-31 16:24 GMT+01:00 Jonathan S. Fisher <
jonat...@springventuregroup.com>:

> Using Jsch, I was able to parse the keys:
>
> JSch jSch = new JSch();
> try {
> com.jcraft.jsch.KeyPair jschKeypair = com.jcraft.jsch.KeyPair.load(jSch,
> privateKey.getBytes(), publicKey.getBytes());
> jschKeypair.decrypt(keyPass);
> byte[] fromAgent = jschKeypair.forSSHAgent();
> Buffer buffer = new Buffer(fromAgent);
> return buffer.getKeyPair();
> } catch (JSchException | SshException e) {
> throw new RuntimeException(e);
> }
>
> However, is there a way to do this without bringing in Jsch?
>
>
> On Sat, Oct 31, 2015 at 9:12 AM, Jonathan S. Fisher <
> jonat...@springventuregroup.com> wrote:
>
> >
> >
> https://mina.apache.org/sshd-project/apidocs/org/apache/sshd/common/util/SecurityUtils.html
> >
> > Can you point me to that method in the docs? I'm not seeing it there...
> >
> > On Fri, Oct 30, 2015 at 5:59 PM, Guillaume Nodet <gno...@apache.org>
> > wrote:
> >
> >> You can try with
> >>   SecurityUtils.loadKeyPairIdentity
> >>
> >> 2015-10-30 17:36 GMT+01:00 Jonathan S. Fisher <
> >> jonat...@springventuregroup.com>:
> >>
> >> > Hey guys,
> >> >
> >> > I've been pouring through examples and source code, and I cannot
> figure
> >> out
> >> > how to do this. I have a pair of Strings that is the contents of a
> >> user's
> >> > id_ecdsa and id_ecdsa.pub. The private key is encrypted.
> >> >
> >> > Is there not a conversion utility class to go from OpenSSH to a
> KeyPair
> >> > anywhere? If not, what would be the shortest steps to write one? I
> >> noticed
> >> > the Buffer class and the SecurityUtils, but they don't seem to handle
> >> > encryption.
> >> >
> >> > Thanks,
> >> > -Jonathan
> >> >
> >> > --
> >> > Email Confidentiality Notice: The information contained in this
> >> > transmission is confidential, proprietary or privileged and may be
> >> subject
> >> > to protection under the law, including the Health Insurance
> Portability
> >> and
> >> > Accountability Act (HIPAA). The message is intended for the sole use
> of
> >> the
> >> > individual or entity to whom it is addressed. If you are not the
> >> intended
> >> > recipient, you are notified that any use, distribution or copying of
> the
> >> > message is strictly prohibited and may subject you to criminal or
> civil
> >> > penalties. If you received this transmission in error, please contact
> >> the
> >> > sender immediately by replying to this email and delete the material
> >> from
> >> > any computer.
> >> >
> >>
> >
> >
>
> --
> Email Confidentiality Notice: The information contained in this
> transmission is confidential, proprietary or privileged and may be subject
> to protection under the law, including the Health Insurance Portability and
> Accountability Act (HIPAA). The message is intended for the sole use of the
> individual or entity to whom it is addressed. If you are not the intended
> recipient, you are notified that any use, distribution or copying of the
> message is strictly prohibited and may subject you to criminal or civil
> penalties. If you received this transmission in error, please contact the
> sender immediately by replying to this email and delete the material from
> any computer.
>

Re: Is there an easy way to parse an OpenSSH RSA/DSA/ECDSA pub/priv keypair?

[Guillaume Nodet]

You can try with
  SecurityUtils.loadKeyPairIdentity

2015-10-30 17:36 GMT+01:00 Jonathan S. Fisher <
jonat...@springventuregroup.com>:

> Hey guys,
>
> I've been pouring through examples and source code, and I cannot figure out
> how to do this. I have a pair of Strings that is the contents of a user's
> id_ecdsa and id_ecdsa.pub. The private key is encrypted.
>
> Is there not a conversion utility class to go from OpenSSH to a KeyPair
> anywhere? If not, what would be the shortest steps to write one? I noticed
> the Buffer class and the SecurityUtils, but they don't seem to handle
> encryption.
>
> Thanks,
> -Jonathan
>
> --
> Email Confidentiality Notice: The information contained in this
> transmission is confidential, proprietary or privileged and may be subject
> to protection under the law, including the Health Insurance Portability and
> Accountability Act (HIPAA). The message is intended for the sole use of the
> individual or entity to whom it is addressed. If you are not the intended
> recipient, you are notified that any use, distribution or copying of the
> message is strictly prohibited and may subject you to criminal or civil
> penalties. If you received this transmission in error, please contact the
> sender immediately by replying to this email and delete the material from
> any computer.
>

Re: Extending SFTP Subsystem to push to HDFS

[Guillaume Nodet]

SSHD 1.0 uses the standard NIO2 FileSystem api.
For hadoop, see https://issues.apache.org/jira/browse/HADOOP-3518 and
there's a link to an implementation at
https://github.com/damiencarol/jsr203-hadoop
So simply registering the provider should work with SFTP.

2015-09-17 10:29 GMT+02:00 Olivier Girardot :

> Hi everyone,
> we're currently trying to extend the SftpSubsystem class of the
> sshd-core project to use an underlying remote Hadoop filesystem
> (HDFS).
> I wondered if you had any input on this, considering we based our
> initial draft on the 0.14 and 1.0.0 seems to be changing a lot of the
> API.
>
> Would you have any insights into whether it would be possible to
> replace the default "Filesystem" used to another "abstraction" in
> order to achieve a push into HDFS ?
>
> Regards,
>
> Olivier.
>

Re: [sshd][client]How to detect command completion?

[Guillaume Nodet]

If you're using an exec channel, the channel should close when the command
is finished and the all the output has been sent.
If you're using a shell channel, there's no notion of command from the
client point of view, it's just a bidirectional stream of characters, so I
don't think there's an easy way to do so.

Guillaume Nodet

2015-06-12 8:36 GMT+02:00 Satya Deep Maheshwari connus...@gmail.com:

 Hi

 I am using ClientChannel to invoke commands on a remote machine via ssh. I
 am sending remote commands by writing on the NoCloseInputStream associated
 with this channel and the output of the command is getting written on the
 associated NoCloseOutputStream.

 Is there some way I can determine that the command that I invoked has
 completed and its output is available on the associated output stream?

 Thanks

Re: sshd-sftp hasn't been released since version 0.11

[Guillaume Nodet]

The problem is that this module has never been fully completed and given
the lack of work on it and duplication with the embedded version of sftp
support, it has not been released for some time.
It has even been deleted from the master branch for 1.x.

If anyone is willing to support it, this decision could be revisited though
...

2015-05-08 1:14 GMT+02:00 Stephen Judkins stephen.judk...@gmail.com:

 There have been some bug fixes since then, but I can't find a release
 for sshd-sftp anywhere on Maven since version 0.11. Everything else seems
 to be up to date. Is this a known issue?

Re: Idle SSHD sessions still managed

[Guillaume Nodet]

This should work.
The idle timeout will close the ssh session which should in turn close the
ioSession, and that session should be removed from the list of managed
sessions.
However, this happens slightly asynchronously, as the idle timeout will
trigger the write of the disconnect message and the session will only be
closed after the message has been written.

2015-05-07 17:40 GMT+02:00 Pellerin, Clement clement_pelle...@ibi.com:

 I am implementing an SshServer with SSHD 0.14.0
 When a connection becomes idle, the client gets disconnected,
 but the connection remains managed.
 It still appears in
 session.getIoSession().getService().getManagedSessions()
 What am I doing wrong?

Re: Equivalent of BlacklistFilter for SSHD

[Guillaume Nodet]

You could try to implement your own derived class of
org.apache.sshd.server.session.SessionFactory and throw an exception if the
connection is to be blacklisted.
However, looking at the code, I think you're right, as any exception will
not result in the session to be unmanaged, at least in the Nio2Acceptor
service.
That's a bug, could you please raise a JIRA issue for that ?

2015-05-07 17:36 GMT+02:00 Pellerin, Clement clement_pelle...@ibi.com:

 I need to accept SSHD connections only from a predetermined list of IP
 addresses.
 I am trying to find the equivalent of the Mina BlacklistFilter for SSHD.
 SSHD can run with NIO2 or Mina underneath so this should probably be done
 in a higher layer.
 I tried implementing the peer address check in
 MySessionListener.sessionCreated()
 but that confuses SSHD when running with NIO2. If I throw, SSHD stops
 listening on the server socket.
 If I simply close the session, the closed session is added permanently to
 the managed sessions.
 Is there a way to do this in SSHD without hardcoding to the Mina IO
 service?
 I am using SSHD 0.14.0

Re: [ANN] SSHD 0.14.0 released

[Guillaume Nodet]

Thx, it should be fixed now.

2015-03-16 10:18 GMT+01:00 Stefan Mueller stefan.muel...@menten.com:

 1) Link to binary file is wrong on all servers:

 Example link from website:
 http://mirror.synyx.de/apache/mina/sshd/0.14.0/dist/apache-sshd-0.14.0.zip

 Path on server:
 http://mirror.synyx.de/apache/mina/sshd/0.14.0/apache-sshd-0.14.0.zip

 The link contains the directory dist which does not exist on server.



 --
 View this message in context:
 http://apache-mina.10907.n7.nabble.com/ANN-SSHD-0-14-0-released-tp46393p46487.html
 Sent from the Apache MINA User Forum mailing list archive at Nabble.com.

[ANN] SSHD 0.14.0 released

[Guillaume Nodet]

Apache Mina SSHD 0.14.0 has been released.
The release is available from the web site:
http://mina.apache.org/sshd-project/download_0.14.0.html

Release Notes - MINA SSHD - Version 0.14.0

** Bug
* [SSHD-348] - Some SSH threads get blocked in Object.wait() method
forever
* [SSHD-374] - Nio2Acceptor never unbinding
* [SSHD-375] - Buffer.MAX_LEN and DefaultSftpClient#write() don't play
well together
* [SSHD-384] - Fix broken client demo when executing a command
* [SSHD-388] - SSH server fails during bundle update
* [SSHD-391] - Incorrect defaulting to DHG1 in 'No suitable primes
found' scenario
* [SSHD-393] - Ssh server freezing when under heavy load
* [SSHD-402] - Strange behaviour when overwriting files using SCP
(ScpCommandFactory)
* [SSHD-412] - Avoid SCP problems for zero-length files
* [SSHD-422] - Take into account local file separator when converting
to/from SFTP paths

** Improvement
* [SSHD-366] - Need to cross reference provided host keys with
configured signature factories
* [SSHD-368] - Add a timeout on the client to better handle the ssh
server being slow to respond or some packets being lost
* [SSHD-372] - Server doesn't reject connections that don't send client
identification, has to time out
* [SSHD-385] - Fix log statement when a window is unblocked
* [SSHD-386] - Allow controlling socket options
* [SSHD-387] - When using inverted streams on the client, the window
should only be decreased when reading, not when writing to the pipe
* [SSHD-389] - Implement a disconnect timeout
* [SSHD-394] - Use an ExecutorService to spawn SftpSubsystem command
* [SSHD-395] - Use an ExecutorService to run ScpCommand(s)
* [SSHD-397] - Added more detailed log messages about the KEX
negotiation process
* [SSHD-398] - Provide read-only access to the session KEX negotiation
result parameters
* [SSHD-399] - Add KexCompleted session event
* [SSHD-400] - Ignore SFTP extension data in SSH_FXP_INIT message
* [SSHD-401] - Allow user control over ScpCommand send/receive buffer
size
* [SSHD-403] - Lay down the groundwork for more event listeners
* [SSHD-406] - Stop parsing pty-req modes for undefined opcodes
* [SSHD-410] - Do not seek SshFile(s) input/output streams if requested
offset is zero
* [SSHD-411] - SSH_FX_OP_UNSUPPORTED should not be logged as error
* [SSHD-414] - Make the source code (including tests) truly 1.5
compatible

** New Feature
* [SSHD-371] - Support Socks proxy with ssh tunnelling on the client
side
* [SSHD-382] - Add support for custom properties on the command line
for client and server
* [SSHD-383] - Support for loading ecdsa keys in the client demo
* [SSHD-390] - Support switching to a none cipher on the client side
for performances

** Task
* [SSHD-380] - Refactor tests to let the system choose the port instead
of using getFreePort() which can lead to problems
* [SSHD-381] - Wrong values used for SSH_FXP_OPEN flags

** Test
* [SSHD-396] - Fixed SftpTest#testOpen to work correctly on Windows

** Wish
* [SSHD-405] - Please review AbstractClientChannel @deprecated getter
methods

Guillaume Nodet

Re: SSHD Server subsystem supporting parameters?

[Guillaume Nodet]

No that's not supported. I think the correct way would be for the client to
send arguments through the streams that are used to communicate with the
subsystem.

2015-02-10 22:50 GMT+01:00 Wen, Bo b...@ciena.com:

 Hi,

 Is there a way for SSHD server subsystem to support extra parameters?  For
 example, from SSH client:

 % ssh user@localhost -s netconf 10.1.1.1

 Expecting: netconf is a subsystem name and 10.1.1.1 is a parameter.
 So, is there a way to pass in extra parameters to the subsystem?

 Currently it seems the whole string netconf 10.1.1.1 is treated as a
 subsystem name, and the match is via equal()

 ChannelSession.handleSubSystem()
 NamedFactory.Utils.create()
 If (f.getName().equals(name)) 

 Anyway I can override this equals() matching to have my own matching?  Or
 any other way?

 Thanks in advance!
 Bo

Re: SSHd restrict failed login attempts

[Guillaume Nodet]

Unfortunately, this counter is not publicly available.

2015-01-13 13:42 GMT+01:00 Simon Temple simon.tem...@amalto.com:

 Thank you Guillaume.

 Ideally I’d like to log an ERROR when a user reaches the MAX_AUTH_REQUESTS
 attempts.
 Any other time I’ll simply log a warning.

 Is there any way I can ask the session if the current authentication
 attempt is the last allowed request?
 … just trying to avoid having to track this in my code.



 Simon


  On 13 Jan 2015, at 11:52, Guillaume Nodet gno...@apache.org wrote:
 
  2015-01-13 12:00 GMT+01:00 Simon Temple simon.tem...@amalto.com:
 
 
  I see that the MINA FtpServer can be configured with max-login-failures
 
  I’d like to configure our MINA SSHd server to behave a little more like
  the Linux sshd when hit with multiple failed login attempts.
 
  How could I do that?
 
 
  You can configure the ssh server with the ServerFactoryManager.
  MAX_AUTH_REQUESTS property.
 
 
  I’d also like to log information about the source of the failed attempts
  so a tool like fail2ban can take some action.  However I can’t see how I
  can extract source IP details from the ServerSession presented to the
  Authenticator interface.
 
 
  session.getIoSession().getRemoteAddress()
 
 
 
  TIA
 
  Simon Temple
 
 
 
  Guillaume Nodet

Re: [Apache SSHD] list command problem for directories containing broken filelinks

[Guillaume Nodet]

Here's a fix for this problem:

https://github.com/gnodet/mina-sshd/commit/36b224f58192b3cfc2cc112f473661f660931a6b
I haven't pushed it to the official repo yet, but will do that tomorrow.


2014-11-19 22:11 GMT+01:00 Kowalski, Thomas thomas.kowal...@solers.com:

 Aaron,

 I tried what you described in your post with the latest
 version (0.13.0) and I also noticed this problem.  If anyone on the
 development staff can provide any insight on this issue I would greatly
 appreciate it (i.e. Is this a known issue or are there plans to fix this).

 After installing the binary I downloaded from this site, I
 created a filelink that I could list when connect to the SFTP server.  Then
 I broke the link and tried to list the same directory and received
 Couldn't read directory: Failure error message.

 Maybe there is a configuration value I have not stumbled
 upon that will address this issue?

 Tom




-- 
---
Guillaume Nodet

Red Hat, Open Source Integration

Email: gno...@redhat.com
Web: http://fusesource.com
Blog: http://gnodet.blogspot.com/

Re: [mina-sshd] How to do `ssh -D` port forwarding with the SshClient

[Guillaume Nodet]

I've tried your setup using mina sshd, a native ssh client (ssh -Nn -D 1080
-p 8000 admin@localhost) and firefox with socks5 and it seems to work well,
all http requests being routed through the ssh server.
However, the socks protocol is not supported using mina sshd as a client
(hence the use of the native ssh executable above).

2014-11-17 7:35 GMT+01:00 Jianbao (Jim) Tao jianbao@gmail.com:

 Hi,

 Does mina-sshd support `ssh -D` kind of port forwarding, as in
 ```
 ssh -N -p 22 remote.server.host.name -D 1080
 ```
 If so, can someone kindly share some sample code, please? I really
 appreciate it.

 Best,
 Jim

Re: [mina-sshd] How to do `ssh -D` port forwarding with the SshClient

[Guillaume Nodet]

I played with socks a bit today and came up with this initial
implementation:

https://github.com/gnodet/mina-sshd/commit/3807bcf07655e7759ba08b42896f62708a4970c5


2014-11-17 11:30 GMT+01:00 Guillaume Nodet gno...@apache.org:

 I've tried your setup using mina sshd, a native ssh client (ssh -Nn -D
 1080 -p 8000 admin@localhost) and firefox with socks5 and it seems to
 work well, all http requests being routed through the ssh server.
 However, the socks protocol is not supported using mina sshd as a client
 (hence the use of the native ssh executable above).

 2014-11-17 7:35 GMT+01:00 Jianbao (Jim) Tao jianbao@gmail.com:

 Hi,

 Does mina-sshd support `ssh -D` kind of port forwarding, as in
 ```
 ssh -N -p 22 remote.server.host.name -D 1080
 ```
 If so, can someone kindly share some sample code, please? I really
 appreciate it.

 Best,
 Jim

Re: How to set max count connections in sshd service.

[Guillaume Nodet]

Currently, we only have a max concurrent session per user, not a global one.
It can be configured using:
  server.setProperty(ServerFactoryManager.MAX_CONCURRENT_SESSIONS, 1)
to only accept a single session for each user.
Unfortunately, there's no way to configure a global maximum number of
sessions.
If it's not sufficient for you, feel free to raise a JIRA issue to improve
that.

2014-11-09 13:30 GMT+01:00 范华忠 fhzdzq1...@163.com:

 Dear my Friends:
   Now,I am using Apache SSHD of the version is 0.11.0.  I would like
 restraint client connections count in the service. But I do not know
 whether to support Now.
 Looking forward to your reply. Thank you very much.

Re: OpenSSH integration

[Guillaume Nodet]

If you look at the main SshClient code, you'll see the main() method will
do exactly that:
https://github.com/apache/mina-sshd/blob/master/sshd-core/src/main/java/org/apache/sshd/SshClient.java#L443

2014-10-30 22:04 GMT+01:00 Rob Vesse rve...@dotnetrdf.org:

 Hey All

 Is anyone integrating SSHD with OpenSSH, specifically I would like to do
 the
 following:

 * Use the local ~/.ssh folder as a source of public keys for authenticating
 incoming connections
 * Use the public key from the ~/.ssh folder as the host key
 I found a gist (https://gist.github.com/jdennaho/5492130) which mostly
 solves the first one (though only copes with RSA keys) but I wondered if
 anyone else was doing anything else similar and had more robust solutions

 Thanks,

 Rob

Re: ClientSession.authPassword(user, pwd) documentation required

[Guillaume Nodet]

A plain IOException sent usually means an abnormal condition.
A failed authentication should usually result in no exceptions, but
a AuthFuture#isFailure() to return true or a SshException sent from
AuthFuture#verify().
If the exception you see is an SshException, this means the server rejected
the authentication for some reason.
A simple reason is if password authentication has been disabled (this is
very often the case, even if you log in with a password, it's usually the
interactive authentication which is configured).   If you hit this problem,
I'd suggest moving to the newer authentication mechanism using
   client.addPasswordIdentity(xx);
   client.auth().verify();
which will be easier from a user point of view, as you won't have to deal
with password/interactive stuff.

Cheers,
Guillaume Nodet



2014-10-27 10:18 GMT+01:00 Sapna Bhargava sapnabhargava...@gmail.com:

 Hi All,

 org.apache.sshd.ClientSession.authPassword() throws an IOException. I need
 to know the cause/scenario of this exception. Could anyone point me to the
 relevant documentation.

 reason : I want to put relevant error messages in my application, so that
 the user knows where the issue is.

 Thanks,
 Sapna

Re: SSHD Example

[Guillaume Nodet]

If you want more than simple unit tests, you can have a look at karaf for
example:

https://github.com/apache/karaf/blob/master/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java#L127

2014-10-16 20:17 GMT+02:00 Robert Middleton osfan6...@gmail.com:

 Does anybody have a working example of embedding SSHD into an application?
 The documentation from
 http://mina.apache.org/sshd-project/embedding_ssh.html is useless.

 Also, it would appear as though most of the download links (= SSHD 0.10.0)
 from the download page(http://mina.apache.org/sshd-project/downloads.html)

 -Robert Middleton

Re: SSHD Problems with SFTP

[Guillaume Nodet]

Ok, i understand now.
Please raise a JIRA issue.

I think there are a few things to review around that.

2014-09-26 15:56 GMT+02:00 Stefan Mueller stefan.muel...@menten.com:

 It did work. So the method isWritable() has to be called in truncate() as
 it
 is already done in other methods.
 And developers (me ;) ) have to make sure to call it in their
 implementation
 of SshFile.



 --
 View this message in context:
 http://apache-mina.10907.n7.nabble.com/SSHD-Problems-with-SFTP-tp42625p44101.html
 Sent from the Apache MINA User Forum mailing list archive at Nabble.com.

Re: ChannelExec API Help required

[Guillaume Nodet]

You have 3 ways to use a client channel now:

 * direct : using setIn(), setOut() and setErr() before opening the channel

https://github.com/apache/mina-sshd/blob/master/sshd-core/src/test/java/org/apache/sshd/ClientTest.java#L282

* inverted: using getInvertedIn(), getInvertedOut() and getInvertedErr()
after the channel has been opened

https://github.com/apache/mina-sshd/blob/master/sshd-core/src/test/java/org/apache/sshd/PortForwardingTest.java#L273

You can actually mix both direct and inverted, as it's a per stream case:

https://github.com/apache/mina-sshd/blob/master/sshd-core/src/test/java/org/apache/sshd/ClientTest.java#L321

 * async: it's a bit more complicated, but gives you asynchronous streams

https://github.com/apache/mina-sshd/blob/master/sshd-core/src/test/java/org/apache/sshd/ClientTest.java#L172


2014-09-25 11:35 GMT+02:00 Sapna Bhargava sapnabhargava...@gmail.com:

 Hi All,


 Im using the Apache sshd-core ChannellExec API to execute command on a
 SSHClient. I need some documentation on how to set /read the input, output
 and error streams.

 Both the links below give me a 404 error :

 http://mina.apache.org/sshd-project/apidocs/org/apache/sshd/client/channel/class-use/ChannelExec.html

 http://mina.apache.org/sshd-project/apidocs/index.html?org/apache/sshd/client/channel/ChannelExec.html

 Any help would be appreciated.

 Thanks,
 Sapna

Re: Problem Using SFTP Client

[Guillaume Nodet]

Would you mind raising a JIRA for that ?
This is a bug, as the the Closeeable interface specifies If the stream is
already closed then invoking this method has no effect.

Cheers,
Guillaume

2014-09-22 4:18 GMT+02:00 George Sexton geor...@mhsoftware.com:


 On 9/20/2014 1:43 AM, Guillaume Nodet wrote:

 Can you bypass the call to close() for now and see if the file has been
 read correctly ?


 I have discovered the issue. StreamUtils.streamToString() instantiates an
 InputStreamReader(), and then closes it on completion. Evidently this is
 closing the underlying input stream. When I make a subsequent call to
 InputStream.close(), it throws error 2, no such file.

 That's kind of misleading.


  Also, and just fwiw, the client api can be used this way:

 session.addPasswordIdentity(m_password);
 session.auth().verify();
 authenticated  =  true;


 2014-09-20 6:28 GMT+02:00 George Sexton geor...@mhsoftware.com:

  On 9/19/2014 5:30 PM, George Sexton wrote:

  I'm having a problem using SFTP Client. I'm getting no such file. I've
 tried the relative path, and the absolute path. Here's the code:

  And just to add a little more info, I've looked at the SftpClient test
 code and I'm not seeing it. I started sshd in debug mode and here's what
 I'm seeing below. The part I don't understand is it doesn't look like the
 SFTP client is actually sending anything to the back end. It opens the
 SFTP
 subsystem, and then there's nothing more.

 debug1: sshd version OpenSSH_6.1p1
 debug1: read PEM private key done: type RSA
 debug1: private host key: #0 type 1 RSA
 debug1: read PEM private key done: type DSA
 debug1: private host key: #1 type 2 DSA
 debug1: read PEM private key done: type ECDSA
 debug1: private host key: #2 type 3 ECDSA
 debug1: rexec_argv[0]='/usr/sbin/sshd'
 debug1: rexec_argv[1]='-d'
 debug1: rexec_argv[2]='-p'
 debug1: rexec_argv[3]='1234'
 Set /proc/self/oom_score_adj from -1000 to -1000
 debug1: Bind to port 1234 on 0.0.0.0.
 Server listening on 0.0.0.0 port 1234.
 debug1: Bind to port 1234 on ::.
 Server listening on :: port 1234.
 debug1: Server will not fork when running in debugging mode.
 debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
 debug1: inetd sockets after dupping: 3, 3
 Connection from xx.xx.xx.xx port 60808
 debug1: Client protocol version 2.0; client software version
 SSHD-CORE-0.12.1-SNAPSHOT
 debug1: no match: SSHD-CORE-0.12.1-SNAPSHOT
 debug1: Enabling compatibility mode for protocol 2.0
 debug1: Local version string SSH-2.0-OpenSSH_6.1
 debug1: permanently_set_uid: 71/65 [preauth]
 debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
 [preauth]
 debug1: SSH2_MSG_KEXINIT sent [preauth]
 debug1: SSH2_MSG_KEXINIT received [preauth]
 debug1: kex: client-server aes128-ctr hmac-sha2-256 none [preauth]
 debug1: kex: server-client aes128-ctr hmac-sha2-256 none [preauth]
 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth]
 debug1: SSH2_MSG_NEWKEYS sent [preauth]
 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
 debug1: SSH2_MSG_NEWKEYS received [preauth]
 debug1: KEX done [preauth]
 debug1: userauth-request for user ft service ssh-connection method
 keyboard-interactive [preauth]
 debug1: attempt 0 failures 0 [preauth]
 debug1: PAM: initializing for ft
 debug1: PAM: setting PAM_RHOST to c-67-166-23-167.hsd1.co.comcast.net
 debug1: PAM: setting PAM_TTY to ssh
 debug1: keyboard-interactive devs  [preauth]
 debug1: auth2_challenge: user=ft devs= [preauth]
 debug1: kbdint_alloc: devices 'pam' [preauth]
 debug1: auth2_challenge_start: trying authentication method 'pam'
 [preauth]
 Postponed keyboard-interactive for ft from xx.xx.xx.xx port 60808 ssh2
 [preauth]
 debug1: do_pam_account: called
 debug1: PAM: num PAM env strings 0
 Postponed keyboard-interactive/pam for ft from xx.xx.xx.xx port 60808
 ssh2
 [preauth]
 debug1: do_pam_account: called
 Accepted keyboard-interactive/pam for ft from xx.xx.xx.xx port 60808 ssh2
 debug1: monitor_read_log: child log fd closed
 debug1: monitor_child_preauth: ft has been authenticated by privileged
 process
 debug1: PAM: establishing credentials
 User child is on pid 2673
 debug1: SELinux support disabled
 debug1: PAM: establishing credentials
 debug1: permanently_set_uid: 1002/65534
 debug1: Entering interactive session for SSH2.
 debug1: server_init_dispatch_20
 debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max
 32768
 debug1: input_session_request
 debug1: channel 0: new [server-session]
 debug1: session_new: session 0
 debug1: session_open: channel 0
 debug1: session_open: session 0: link with channel 0
 debug1: server_input_channel_open: confirm session
 debug1: server_input_channel_req: channel 0 request subsystem reply 0
 debug1: session_by_channel: session 0 channel 0
 debug1: session_input_channel_req: session 0 req subsystem
 subsystem request

Re: SSHD SshClient - should I reuse the same instance for multiple independent sessions?

[Guillaume Nodet]

Would you mind creating a JIRA and attaching your patch to it ?
That's the usual way for patches and it's easier to keep track of those.

Guillaume


2014-08-25 14:29 GMT+02:00 matthew.w.pi...@wellsfargo.com:

 Thank you for the input. I know what you mean about using
 addPasswordIdentity even for keyboard-interactive. But unfortunately, some
 of the devices we connect to do not use the standard 'password:' prompt. So
 the logic inside AuthUserKeyboardInteractive that just uses the available
 password identities doesn't pass the prompt check.

 Maybe another avenue would be to provide an 'allowed password prompts'
 property/option that can somehow be passed into
 AuthUserKeyboardInteractive. Then I could customize the prompts that will
 pass the check.

 If you get a chance, please check out my patch on the dev list that adds
 per-session UserInteractive support. I would greatly appreciate any
 feedback on it.

 Regards,
 -matt

 -Original Message-
 From: Guillaume Nodet [mailto:gno...@apache.org]
 Sent: Sunday, August 24, 2014 8:11 AM
 To: users@mina.apache.org
 Subject: Re: SSHD SshClient - should I reuse the same instance for
 multiple independent sessions?

 I think it would be better to use a single SshClient.  All the threading /
 resource management has been designed with this use case, that's why you
 end up with lots of threads if you create a lot of those objects.

 For the authentication, I suppose you're not really prompting the user for
 the password if you create 10 to 50 sessions per seconds.
 So fwiw, you can use the ssh keyboard interactive authentication and feed
 the password without using the UserInteraction object, simply by calling
 addPasswordIdentity on the ClientSession.  Those password identities will
 actually be used by the UserAuthKeyboardInteractive object if the server
 asks for a password, and when known passwords have failed, it will actually
 use the UserInteraction to prompt for the password.


 2014-08-22 4:52 GMT+02:00 matthew.w.pi...@wellsfargo.com:

  Hey all, thanks for all the work that has gone into Mina/SSHD – great
  libraries!
 
  I have a codebase that is currently running quite well with SSHD
  v0.8.0, but I am looking to upgrade to 0.12.0 for some of the
  fixes/improvements that have come out since 0.8.0. For an overview of
  how I’m using SSHD - the system executes a 10-50 SSH commands – each
  in its own channel - to 2000 or so (and growing) devices every day.
  Some of the commands/channels will re-use an existing session by way
  of a keyed pooling system I have setup for the sessions. This all
  works quite well right now.
 
  The current model uses a single SshClient instance and spawns ALL
  sessions to each respective host from that same instance. This is true
  regardless of the details of each session (username, destination host,
  port, authentication, etc). This obviously avoids the need to call
  SshClient.setupDefaultClient() for each and every SSH session. I’m not
  sure if this is the recommended way, but again, it is working now.
 
  I am prototyping my code with 0.12.0 and refactoring some things to
  align with how I see the differences in the versions and I’ve run into
  a bit of conundrum. I want to take advantage of the
  keyboard-interactive support, which appears to be done by calling
  SshClient.setUserInteraction with an appropriate implementation. The
  problem is that with my shared-SshClient model it is not practical to
  give it a single UserInteraction implementation to support all
  subsequent sessions since the credentials aren’t known ‘ahead of time’
  when the global SshClient is created. So, as part of my prototyping I
  have refactored my model to use an SshClient instance per session,
  thereby allowing me to provide a UserInteraction impl that is
  appropriate for each particular session. In my testing this seems to
  be work, but again, I’m not sure if this is the recommended approach.
 
  So my question is: when using SSHD for relatively short-lived sessions
  (a few minutes at a time) that are spawned in lots of different
  threads to different host+credential combinations (password, private
  key, etc.); is it appropriate for performance/scalability reasons to
  use a single SshClient instance to spawn each session? If this is
  true, then is there a suggested/recommended approach for dealing with
  keyboard-interactive using different credentials for each session from
  a single UserInteraction instance?
 
  OR - Is the creation of SshClient instances pretty inexpensive so it
  would then be OK to create a new SshdClient instance for each session
  where one can then set the UserInteraction impl appropriately? If this
  is true, what would be a good setting for the number of NIO threads to
  use for each SshClient instance in a system like this? The default,
  which AFAIK is CPU cores + 1, is a bit excessive I think for a system
  like mine that could be creating a few thousand sessions at any given
  time

Re: Checking if ssh session is connected

[Guillaume Nodet]

2014-08-05 12:58 GMT+02:00 Jorge Jordão jrjor...@yahoo.com.invalid:

 Hi,

 I am upgrading some code from sshd-core version 0.9.0 to 0.12.0.

 There's this method using
 clientSession.getState().equals(Session.State.Running)
 for determining whether the session is still active.

 I believe one of the purposes was to determine whether there had been a
 disconnection due to timeout or any server-side event.

 My questions
 1) In 0.12.0 the ClientSession no longer provides a getState. What new
 approach should I follow?


You need to register a SessionListener and react on sessionClosed() or use
!session.isClosing()


 2) Is this a proper way to check for timeout/server-side disconnection?
 Any preferable alternative?


If you look at AbstractSession#doHandleMessage(), when
receiving SSH_MSG_DISCONNECT, the code and reason are printed to the debug
log, but you currently have no way to intercept those calls (only by
overriding the class).

If you need those, please raise a JIRA.



 Thanks

 --
 Jorge Jordão

Re: sshd client streams

[Guillaume Nodet]

If you want to read the output or error streams, you can use
getInvertedOut() and getInvertedErr() instead of using setOut() and
setErr().
This will give you a blocking InputStream on the command output.


2014-07-21 11:41 GMT+02:00 Davide Gesino davideges...@gmail.com:

 I am developing a Command Line Interface simulator with sshd.
 I have some problems trying to understand how to use client side streams to
 interact with the server.

 I would like to have a client that sends a command to the server, then,
 blocks waiting for the response from the server: I would like to have a
 client that reads from the communication channel and block until the
 channel is full with something (a blocking read from the input stream would
 be great).

 How can I obtain such behaviour?

 I started modifying org.apache.sshd.ClientTest


SshClient client = SshClient.setUpDefaultClient();
 client.start();
 ClientSession session = client.connect(localhost,
 port).await().getSession();
 session.authPassword(smx, smx).await().isSuccess();
 ClientChannel channel =
 session.createChannel(ClientChannel.CHANNEL_SHELL);

 ByteArrayOutputStream sent = new ByteArrayOutputStream();
 PipedOutputStream pipedIn = new PipedOutputStream();
 channel.setIn(new PipedInputStream(pipedIn));
 OutputStream teeOut = new TeeOutputStream(sent, pipedIn);
 ByteArrayOutputStream out = new ByteArrayOutputStream();
 ByteArrayOutputStream err = new ByteArrayOutputStream();
 channel.setOut(out);
 channel.setErr(err);
 channel.open();

 teeOut.write(this is my command\n.getBytes());
 teeOut.flush();

 but I Was not able to obtain the desired effect.

 thanks

 Davide

Re: Security Question

[Guillaume Nodet]

It should be safe as all execution of code are forbidden for users.



2014-07-21 17:21 GMT+02:00 Haripada Bhowmick haripada.bhowm...@gmail.com:

 Team,

 I want to setup Apache SSHD Server in my Linux box . Few of my clients will
 be using SSH Tunnel  using my Linux BOX.

 My aim is to  ENABLE port  forwarding ONLY  , for those users. At any cost
 I don't want them to execute any command to hack my server.

 In order to do that I set

 *sshd.setShellFactory(null);*
 * sshd.setCommandFactory(null); *

 Now using following code I can do SSH tunnel..But I can not use PUTTY to
 execute any command as expected. It looks good and full proof  to me .

 *Can you please tell : *
 *Is there any security whole which is going unattended and hacker can take
 control of my server. Because I will provide Apache SSHD user id password
 to various people.*



 Thank you
 Harry

 = CODE ==


 public class sshServer {
 public static SshServer sshd = null;

 public static SessionFactory sessFactory = null;

 // public static ProcessShellFactory shell = null;

 public static void main(String[] args) throws InterruptedException,
 IOException {

 SshServer sshd = SshServer.setUpDefaultServer();
 sshd.setPort(22);
 sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider(
 hostkey.ser));

 /*
  * sshd.setShellFactory(new ProcessShellFactory(new String[] {
  * /bin/sh, -i, -l }));
  */

 /*
  * sshd.setShellFactory(new ProcessShellFactory( new String[] {
  * cmd.exe  }, EnumSet.of( ProcessShellFactory.TtyOptions.Echo,
  * ProcessShellFactory.TtyOptions.ICrNl,
  * ProcessShellFactory.TtyOptions.ONlCr)));
  */

 // ## ### *IMPORTANT*: DISABLE IT -
 // ###
 sshd.setShellFactory(null);
 sshd.setCommandFactory(null);
 // ##  DISABLE IT --

 sshd.setTcpipForwardingFilter(new ForwardingFilter() {
 public boolean canForwardAgent(Session session) {
 return false;
 }

 public boolean canForwardX11(Session session) {
 return false;
 }

 public boolean canListen(SshdSocketAddress address, Session session) {
 return false;
 }

 public boolean canConnect(SshdSocketAddress address, Session session) {
 return true;
 }
 });

 sshd.setPasswordAuthenticator(new PasswordAuthenticator() {

 @Override
 public boolean *authenticate*(String usr, String pss,
 ServerSession arg2) {
 if (usr.equals(*specialuser*)  pss.equals(*specialpass*))
 return true;
 return false;
 }

 });
 sshd.start();

 }
 ===

Re: SSHD Problems with SFTP

[Guillaume Nodet]

The empty file must be caused by the truncate flag on the SSH_FXP_OPEN
command.
It looks like the flags passed are SSH_FXF_CREAT | SSH_FXF_TRUNC.
I think you're right that if the user does not have write permission on the
file, the truncate will still be done, so that's definitely a bug.  If you
could raise a JIRA, i'll try to fix that.

For the exception, it may be that the client abruptely close the
connection, because i don't see the channel close related messages being
exchanged. But the only effect is that it will force closing the connection
on the server side, so that should not be an issue.

Guillaume Nodet



2014-07-07 12:33 GMT+02:00 Stefan Mueller stefan.muel...@menten.com:

 I have two problems with SFTP that I can not chase down. I hope you can
 help
 me by looking at the server log, because I could not get a simple working
 example yet.


 The first problem is a big one. The content of a file gets deleted if the
 user has no write permission and he tries to write. I used break points to
 find where the content gets deleted, but could not find it.

 *Step 1)* FileZilla: Open/Edit file

 *Step 2)* Edi the file. Save the file. Upload the file.

 *Step 3)* Server LOG:
 [pool-2-thread-3] DEBUG org.apache.sshd.common.io.nio2.Nio2Session - Read
 80
 bytes
 [pool-2-thread-3] DEBUG org.apache.sshd.server.channel.ChannelSession -
 Received SSH_MSG_CHANNEL_DATA on channel ChannelSession[id=0,
 recipient=256]
 [Thread-3] DEBUG org.apache.sshd.server.sftp.SftpSubsystem - Received
 SSH_FXP_REALPATH (path=/test/test.txt)
 [Thread-3] DEBUG org.apache.sshd.server.channel.ChannelSession - Send
 SSH_MSG_CHANNEL_DATA on channel 0
 [Thread-3] DEBUG org.apache.sshd.common.io.nio2.Nio2Session - Writing 176
 bytes
 [pool-2-thread-4] DEBUG org.apache.sshd.common.io.nio2.Nio2Session - Read
 96
 bytes
 [pool-2-thread-4] DEBUG org.apache.sshd.server.channel.ChannelSession -
 Received SSH_MSG_CHANNEL_DATA on channel ChannelSession[id=0,
 recipient=256]
 [pool-2-thread-5] DEBUG org.apache.sshd.common.io.nio2.Nio2Session -
 Finished writing
 [Thread-3] DEBUG org.apache.sshd.server.sftp.SftpSubsystem - Received
 SSH_FXP_OPEN (path=/test/test.txt, pflags=26, attrs={})
 [Thread-3] DEBUG org.apache.sshd.server.channel.ChannelSession - Send
 SSH_MSG_CHANNEL_DATA on channel 0
 [Thread-3] DEBUG org.apache.sshd.common.io.nio2.Nio2Session - Writing 112
 bytes
 [pool-2-thread-1] DEBUG org.apache.sshd.common.io.nio2.Nio2Session -
 Finished writing
 [pool-2-thread-2] DEBUG org.apache.sshd.common.io.nio2.Nio2Session - Read
 128 bytes
 [pool-2-thread-2] DEBUG org.apache.sshd.server.channel.ChannelSession -
 Received SSH_MSG_CHANNEL_DATA on channel ChannelSession[id=0,
 recipient=256]
 [Thread-3] DEBUG org.apache.sshd.server.sftp.SftpSubsystem - Received
 SSH_FXP_WRITE (handle=cc0e88bc-c028-45b1-aa55-f01787135b61, offset=0,
 data=byte[8])
 [Thread-3] INFO sftp.filesystem.SshFtpFile - Checking authorization for
 /test/test.txt
 [Thread-3] INFO sftp.filesystem.SshFtpFile - Not authorized
 [Thread-3] DEBUG org.apache.sshd.server.sftp.SftpSubsystem - Send
 SSH_FXP_STATUS (substatus=4, msg=No write permission : test.txt)
 [Thread-3] DEBUG org.apache.sshd.server.channel.ChannelSession - Send
 SSH_MSG_CHANNEL_DATA on channel 0
 [Thread-3] DEBUG org.apache.sshd.common.io.nio2.Nio2Session - Writing 128
 bytes

 *Step 4)* Break point at following method:
 SshFtpFile.createOutputStream(...)
 {
 // File is already empty!
 // Then it checks write permission
 if( isWritable() )
 {...}
 }



 The second problem is an IOException thrown when the connection is closed
 normally. No further problems occur. Only this message in the logs. What is
 the issue?

 *Step 1)* Normal disconnect from FileZilla or closing the server.

 *Step 2)* Server LOG:
 [pool-2-thread-3] DEBUG org.apache.sshd.server.channel.ChannelSession -
 Received SSH_MSG_CHANNEL_DATA on channel

 ChannelSession[id=0, recipient=256]
 [Thread-2] DEBUG org.apache.sshd.server.sftp.SftpSubsystem - Received
 SSH_FXP_READDIR (handle=cc0370bd-5173-40ce-b1a9-

 6c5d68bc05dd)
 [Thread-2] DEBUG org.apache.sshd.server.sftp.SftpSubsystem - Send
 SSH_FXP_STATUS (substatus=1, msg=)
 [Thread-2] DEBUG org.apache.sshd.server.channel.ChannelSession - Send
 SSH_MSG_CHANNEL_DATA on channel 0
 [Thread-2] DEBUG org.apache.sshd.common.io.nio2.Nio2Session - Writing 96
 bytes
 [pool-2-thread-4] DEBUG org.apache.sshd.common.io.nio2.Nio2Session - Read
 112 bytes
 [pool-2-thread-1] DEBUG org.apache.sshd.common.io.nio2.Nio2Session -
 Finished writing
 [pool-2-thread-4] DEBUG org.apache.sshd.server.channel.ChannelSession -
 Received SSH_MSG_CHANNEL_DATA on channel

 ChannelSession[id=0, recipient=256]
 [Thread-2] DEBUG org.apache.sshd.server.sftp.SftpSubsystem - Received
 SSH_FXP_CLOSE (handle=cc0370bd-5173-40ce-b1a9-

 6c5d68bc05dd)
 [Thread-2] DEBUG org.apache.sshd.server.sftp.SftpSubsystem - Send
 SSH_FXP_STATUS (substatus=0, msg=)
 [Thread-2] DEBUG

Re: SSHD Server Settings

[Guillaume Nodet]

There's no integration between FtpServer and Sshd, so you can't reuse the
user manager in SSHD.
SSHD supports max-concurrent-sessions (max number of sshd connections per
username) and idle-timeout settings though.
IP filtering may be implemented using a SessionListener.
The other ones would have to be implemented somehow...
However, those are global settings and not available per user at the moment.


2014-06-26 11:27 GMT+02:00 Stefan Mueller stefan.muel...@menten.com:

 I want to set up a server for SFTP with code. I found some examples and
 code
 snippets to start but I still have some problems.

 The user manager from FtpServer is reused in my project. How can I use the
 Maximum Connection, Maximum Connection Per IP, Maximum Idle Time, Speed
 Limit (Up and Down) and an IP Filter?
 I want to do this for each user and on the server.

 Or as a general question: What settings are possible to use and how do I
 use
 them in the code? I am only looking for SFTP. Everything else (like shell)
 is not needed.



 --
 View this message in context:
 http://apache-mina.10907.n7.nabble.com/SSHD-Server-Settings-tp42548.html
 Sent from the Apache MINA User Forum mailing list archive at Nabble.com.

Re: sshd - async interface

[Guillaume Nodet]

For my curiosity, what kind of interface are you using for async ?


2014-06-29 11:02 GMT+02:00 Alon Bar-Lev alon.bar...@gmail.com:

 Hi,

 Thank you for adding this, I can understand how it works, and it will
 provide a service for async that is written from scratch. I tried to
 evaluate the amount of changes that required in my simple case to use
 this interface and currently it is much too large, so I will not be
 able to actually use it in the near future.

 Thanks!
 Alon

 On Fri, Jun 6, 2014 at 9:48 AM, Guillaume Nodet gno...@apache.org wrote:
  I've enhanced SSHD to be able to provide fully non-blocking io on both
  client channels and server commands.
  A client side example is shown at
 
 
 https://github.com/apache/mina-sshd/blob/master/sshd-core/src/test/java/org/apache/sshd/ClientTest.java#L171
  A server side example:
 
 
 https://github.com/apache/mina-sshd/blob/master/sshd-core/src/test/java/org/apache/sshd/util/AsyncEchoShellFactory.java
 
  I would appreciate any input ...
 
 
  2014-04-20 0:33 GMT+02:00 Alon Bar-Lev alon.bar...@gmail.com:
 
  On Sun, Apr 20, 2014 at 1:19 AM, Guillaume Nodet gno...@apache.org
  wrote:
   2014-04-19 20:43 GMT+02:00 Alon Bar-Lev alon.bar...@gmail.com:
  
   On Sat, Apr 19, 2014 at 9:15 PM, Guillaume Nodet gno...@apache.org
   wrote:
Sshd internally uses nio2 by default, which is not based on
 selectors,
   but
non blocking operations.
   
On the client part of SSHD, things are mostly asynchronous already:
   #1 SshClient#connect returns a future on which you can set a
  callback
and that you can use to retrieve the ClientSession asynchronously
   #2 You need to use ClientSession#addXxxIdentity and then
ClientSession#auth which is also asynchronous
   #3 You then create a channel, and actually operning the channel
 is
   also
asynchronous
   #4 Closing channels is also asynchronous
   
I think the only missing part is really the streams on the
  ClientChannel
which are using InputStream and OutputStream.
If we replace them with an AsynchronousByteChannel, I think we
 would
  be
fully async.
  
   Thank you for your response, Our definition of async is very
  different...
   :)
  
   I do not think this module is sufficient to what I target. I see the
   number of threads created within the library core and the logic that
   is out of reach.
  
  
   This ssh library is great, splitting it into two logic only and
   communication layers will enable to go fully async. The logic layer
   should not have any thread. A default implementation of communication
   layer can be provided, but is optional. The difference from the world
   I coming for is that Future handling is much more complex than having
   control queue.
  
  
   Not sure exactly what you're talking about here.
  
   Afaik, the only place where the ssh layer actually create a thread in
  when
   creating
   a client ChannelSession giving an InputStream which has to be read.
  This
   thread creation can be easily avoided by using
  ClientChannel#getInvertedIn()
   and writing to it.
  
   All other threads are communication threads only and are fully
 controlled
   by
   the IoService layer which is pluggable.  Both mina and nio2
  implementations
   use a fixed number of threads.  But you can rewrite it if you need.
  
   I'm all for improving sshd, but I fear i'm not really seeing your
 points
   clearly.
 
  Thank you for the discussion, I truly appreciate that.
 
  Having a method for async input/output of data stream will be a good
  start within current implementation.
 
  Other than that it is a programming pattern discussion. I got the
  information I needed, thank you!
 
  
   Was just an idea, thank you for addressing.
  
   
2014-04-19 15:57 GMT+02:00 Alon Bar-Lev alon.bar...@gmail.com:
   
On Sat, Apr 19, 2014 at 3:52 PM, Jon V. sybersn...@gmail.com
  wrote:

 NIO controls and deals with the selectors. Async IO is a part of
  that
   but
 is not the same thing. Async io means that if a write cannot be
  fully
 flushed. It will not block until it can be. NIO provides us the
   events to
 tell us that data is available in the socket.
   
Async IO is the ability for a single thread to perform
 (multiplex) IO
(connect, read, write, close etc..) for multiple file descriptors.
   
As far as I know, without NIO you cannot achieve that in Java.
   
There is no sense in read or write without blocking if you cannot
  wait
(vs actively poll) for an event.
   
 On Apr 19, 2014 4:56 AM, Alon Bar-Lev alon.bar...@gmail.com
   wrote:

  On Sat, Apr 19, 2014 at 10:58 AM, Emmanuel Lécharny 
elecha...@gmail.com
  wrote:
   Le 4/19/14 9:45 AM, Alon Bar-Lev a écrit :
   On Sat, Apr 19, 2014 at 10:38 AM, Emmanuel Lécharny 
  elecha...@gmail.com wrote:
   Le 4/19/14 9:13 AM, Alon Bar-Lev a écrit :
   Hi,
  
   The mission of async is to avoid having threads

Re: Trouble with SFTP resume upload

[Guillaume Nodet]

Good catch !
Could you please raise a JIRA for this issue ? I think your proposal is
correct.


2014-06-14 2:49 GMT+02:00 Michael Benovich m...@hostedftp.com:

 Hi,

 I very recently began using SSHD to run my own SFTP server. I am running
 version 0.11.0 and I am having trouble resuming uploads with FileZilla as
 my client.

 The problem I am having is with the write method inside
 org.apache.sshd.server.sftp.SftpSubsystem (code shown below).

 When the resume upload begins, offset is some value greater than zero and
 output is null, so we call file.createOutputStream(offset) and append 16K
 bytes of data to the end of the file.

 The issue is that because outputPos = 0 on the first call, the condition
 offset != outputPos is true and causes the output stream to be closed and
 then re-created every time this method is called. In my testing, this
 method is called repeatedly with 16K bytes of data until the file upload
 has completed.

 My implementation of file.createOutputStream(offset) is such that I only
 want to call it once when the resume upload begins. I cannot have this
 method called repeatedly.

 I propose that if I were to insert one line between 268 and 269 this would
 be resolved:
 268.5 -- outputPos = offset;

 So after the output stream is created on line 268, initialize outputPos to
 be equal to offset. Then, the condition on line 263 will be false on the
 second call to write (and all subsequent calls) and the data can be
 uploaded 16K bytes at a time without needing to re-create the output
 stream.

 Does this seem valid? Would it be applicable to everyone or only to me due
 to my implementation of createOutputStream(offset) ?


 Thanks,
 Mike


 262  public void write(byte[] data, long offset) throws IOException {
 263 if (output != null  offset != outputPos) {
 264 IoUtils.closeQuietly(output);
 265 output = null;
 266 }
 267 if (output == null) {
 268 output = file.createOutputStream(offset);
 269 }
 270 output.write(data);
 271 outputPos += data.length;
 272 }


 --
 Mike

 Hosted~FTP~
 FTP in the Cloud
 www.hostedftp.com
 1-855-888-4FTP (4387)

Re: sshd - async interface

[Guillaume Nodet]

I've enhanced SSHD to be able to provide fully non-blocking io on both
client channels and server commands.
A client side example is shown at

https://github.com/apache/mina-sshd/blob/master/sshd-core/src/test/java/org/apache/sshd/ClientTest.java#L171
A server side example:

https://github.com/apache/mina-sshd/blob/master/sshd-core/src/test/java/org/apache/sshd/util/AsyncEchoShellFactory.java

I would appreciate any input ...


2014-04-20 0:33 GMT+02:00 Alon Bar-Lev alon.bar...@gmail.com:

 On Sun, Apr 20, 2014 at 1:19 AM, Guillaume Nodet gno...@apache.org
 wrote:
  2014-04-19 20:43 GMT+02:00 Alon Bar-Lev alon.bar...@gmail.com:
 
  On Sat, Apr 19, 2014 at 9:15 PM, Guillaume Nodet gno...@apache.org
  wrote:
   Sshd internally uses nio2 by default, which is not based on selectors,
  but
   non blocking operations.
  
   On the client part of SSHD, things are mostly asynchronous already:
  #1 SshClient#connect returns a future on which you can set a
 callback
   and that you can use to retrieve the ClientSession asynchronously
  #2 You need to use ClientSession#addXxxIdentity and then
   ClientSession#auth which is also asynchronous
  #3 You then create a channel, and actually operning the channel is
  also
   asynchronous
  #4 Closing channels is also asynchronous
  
   I think the only missing part is really the streams on the
 ClientChannel
   which are using InputStream and OutputStream.
   If we replace them with an AsynchronousByteChannel, I think we would
 be
   fully async.
 
  Thank you for your response, Our definition of async is very
 different...
  :)
 
  I do not think this module is sufficient to what I target. I see the
  number of threads created within the library core and the logic that
  is out of reach.
 
 
  This ssh library is great, splitting it into two logic only and
  communication layers will enable to go fully async. The logic layer
  should not have any thread. A default implementation of communication
  layer can be provided, but is optional. The difference from the world
  I coming for is that Future handling is much more complex than having
  control queue.
 
 
  Not sure exactly what you're talking about here.
 
  Afaik, the only place where the ssh layer actually create a thread in
 when
  creating
  a client ChannelSession giving an InputStream which has to be read.  This
  thread creation can be easily avoided by using
 ClientChannel#getInvertedIn()
  and writing to it.
 
  All other threads are communication threads only and are fully controlled
  by
  the IoService layer which is pluggable.  Both mina and nio2
 implementations
  use a fixed number of threads.  But you can rewrite it if you need.
 
  I'm all for improving sshd, but I fear i'm not really seeing your points
  clearly.

 Thank you for the discussion, I truly appreciate that.

 Having a method for async input/output of data stream will be a good
 start within current implementation.

 Other than that it is a programming pattern discussion. I got the
 information I needed, thank you!

 
  Was just an idea, thank you for addressing.
 
  
   2014-04-19 15:57 GMT+02:00 Alon Bar-Lev alon.bar...@gmail.com:
  
   On Sat, Apr 19, 2014 at 3:52 PM, Jon V. sybersn...@gmail.com
 wrote:
   
NIO controls and deals with the selectors. Async IO is a part of
 that
  but
is not the same thing. Async io means that if a write cannot be
 fully
flushed. It will not block until it can be. NIO provides us the
  events to
tell us that data is available in the socket.
  
   Async IO is the ability for a single thread to perform (multiplex) IO
   (connect, read, write, close etc..) for multiple file descriptors.
  
   As far as I know, without NIO you cannot achieve that in Java.
  
   There is no sense in read or write without blocking if you cannot
 wait
   (vs actively poll) for an event.
  
On Apr 19, 2014 4:56 AM, Alon Bar-Lev alon.bar...@gmail.com
  wrote:
   
 On Sat, Apr 19, 2014 at 10:58 AM, Emmanuel Lécharny 
   elecha...@gmail.com
 wrote:
  Le 4/19/14 9:45 AM, Alon Bar-Lev a écrit :
  On Sat, Apr 19, 2014 at 10:38 AM, Emmanuel Lécharny 
 elecha...@gmail.com wrote:
  Le 4/19/14 9:13 AM, Alon Bar-Lev a écrit :
  Hi,
 
  The mission of async is to avoid having threads at all, or
 at
   least
 O(1).
 
  As you have underline internal/private low level channels
 for
   socket
  processing, and public high level channels to communicate
 with
  application, there should be a mechanism for library to
 request
   wake
  up for these low level channels.
 
  Another option is to avoid using sockets at all within the
  implementation and require application to manage the sockets
  and
   pipe
  socket data into the library.
 
  I understand this is conceptional change than what we have
 now,
   but
  this what will enable scale without abusing system threads
 or
  have
  nondeterministic behaviour in high load

Re: Load issue in apache SSHD when using ChannelDirectTcpip

[Guillaume Nodet]

The second problem is entirely caused by the way you send and read the data
(and consequently by the fact that the server echoes the incoming data).
The SSH protocol uses windows for flow-control, so when the remote window
is full, the client or server will stop sending more data.
To work around the problem, you simply need to make sure the data is
consumed.  On the client side you simply need to start a thread to read the
input stream and it should unblock the server and thus the client sending
side.


2014-05-15 7:46 GMT+02:00 Maheedhar maheedha...@in.fiorano.com:

 HI

 Our requirement is that we send bytes of any size through a server and
 handling that will not serve the purpose

 Like u said in the second problem that you pointed out,

 If u feel the problem is because , we are trying to echo the data from the
 server side. Is there any other way to do this by avoiding this echo
 overhead

 If so,Please point me to the classes that will help me solve the issue.

 Thanks in advance

 Maheedhar



 --
 View this message in context:
 http://apache-mina.10907.n7.nabble.com/Load-issue-in-apache-SSHD-when-using-ChannelDirectTcpip-tp42155p42178.html
 Sent from the Apache MINA User Forum mailing list archive at Nabble.com.

Re: Load issue in apache SSHD when using ChannelDirectTcpip

[Guillaume Nodet]

I think there are 2 problems here.

The first one seems to be a bug in TcpipServerChannel (the SSH protocol has
a windowing mechanism to avoid flooding one side and this is not handled
properly in that class).
It's a one-line fix though, so if you want to test it, you simply need to
add
localWindow.consumeAndCheck(len);
into TcpipServerChannel#doWriteData

I've raised SSHD-321 for the above issue.

However, i think there is a second problem in your code.  Due to the above
windowing mechanism, and given your server simply echoes back, the server
itself may be stuck waiting for some space.  That's because your client
side does not consume the input stream until after having written all the
data.  So that needs to be changed in some way in your code.

Cheers,
Guillaume Nodet


2014-05-12 8:25 GMT+02:00 Maheedhar maheedha...@in.fiorano.com:

 server.java 
 http://apache-mina.10907.n7.nabble.com/file/n42155/server.java

 The above file is the server code

 client.java 
 http://apache-mina.10907.n7.nabble.com/file/n42155/client.java

 This is the client code

 I sent a large amount of bytes, by reading a jpeg image at the client side
 and I sent the bytes through to the server. At the server side, When I
 debugged, I could see that all the bytes are received in the
 messageReceived() method of the NioSocketAcceptor instance named acceptor
 in
 line 68 of ther server code. But once the bytes are sent from there , I did
 not receive them again at the client side

 Note that before sending such a large amount of bytes, I have sent small
 number of bytes in the line channel.getOut().write(Hello.getBytes());
 from
 the client, which is properly received at the server side and again
 forwarded to the client side

 Only when I send such a huge load , I am not receiving any bytes back at
 the
 client side






 --
 View this message in context:
 http://apache-mina.10907.n7.nabble.com/Load-issue-in-apache-SSHD-when-using-ChannelDirectTcpip-tp42155.html
 Sent from the Apache MINA User Forum mailing list archive at Nabble.com.

Re: apache-sshd-0.11.0

[Guillaume Nodet]

The vote has been closed and the release published.
I've updated the website (
http://svn.apache.org/viewvc?view=revisionrevision=r1589029), not sure why
it does not show the latest content though.


2014-05-04 1:35 GMT+02:00 Emmanuel Lécharny elecha...@gmail.com:

 Le 5/3/14 11:56 PM, Alon Bar-Lev a écrit :
  Hi,
 
  Was this released?
 
  I see the tag, I see this in maven central[2].
 
  I do not see this in downloads[3]
 
  I do see this on mirrors.

 AFAICT, the vote has been started on april, 14, but was never closed.
 May be Guillaume forgot to close it ?



 --
 Regards,
 Cordialement,
 Emmanuel Lécharny
 www.iktek.com

Re: sshd - running interactive scripts

[Guillaume Nodet]

I just tried your script using the following command:

ssh localhost sh /Users/gnodet/work/tmp/myscript.sh

and I don't see the prompt either, so it may be the read command bypassing
the prompt when the input stream is not the console.

You could try the following:

#!/bin/sh
echo Welcome
echo -n Please input your age: 
read age
echo You are $age years old

For the backspace, I think it's the same problem and read bypasses readline
if the input stream is not the console.

One limitation of sshd is about pty allocation : we can't use things such
as http://man7.org/linux/man-pages/man3/openpty.3.html so the only way to
have real interactive sessions is to have the input stream handled in java
using jline for example.  Unless you find a command that can be interactive
without using a real pseudo-terminal.




2014-04-29 19:02 GMT+02:00 Alexandre Gattiker agatti...@gmail.com:

 Hello,

 Is it possible to run interactive shell scripts using Apache SSHD? My
 attempt was not very successful.

 Java code:

 SshServer sshd = SshServer.setUpDefaultServer();
 sshd.setPort(45121);
 String hostKey = new
 File(App.class.getResource(hostkey.pem).toURI()).getAbsolutePath();
 sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider(hostKey));
 sshd.setShellFactory(new ProcessShellFactory(new String[] { sh,
 myscript.sh }, EnumSet.of(TtyOptions.ONlCr, TtyOptions.ICrNl,
 TtyOptions.Echo)));
 ListNamedFactoryUserAuth userAuthFactories = new
 ArrayListNamedFactoryUserAuth();
 userAuthFactories.add(new UserAuthPassword.Factory());
 sshd.setUserAuthFactories(userAuthFactories);
 sshd.setPasswordAuthenticator(new PasswordAuthenticator() {
 public boolean authenticate(String username, String password,
 ServerSession session) {
 return true;
 }
 });
 sshd.start();


 myscript.sh:

 #!/bin/sh
 echo Welcome
 read -p Please input your age:  age
 echo You are $age years old


 The output of an SSH connection is only Welcome (the prompt does not
 appear). Then, I can input a value and the characters are echoed, but
 backspace doesn't work.

 Thanks in advance,
 Alexandre

Re: Data on stdin does not get transferred - stdout+stderr work fine

[Guillaume Nodet]

Sure, that's a good suggestion.  Could you please raise a Jira issue ?

Le lundi 21 avril 2014, Matthew DeVore matv...@gmail.com a écrit :

 Aha, my problem was that I was trying to read from stdin before returning
 from my Command.start() implementation. If I call new-connection-fn on a
 separate thread, it works.

 Would it be reasonable to either 1) throw an exception if anyone tries to
 read/write a stream before returning from start() or 2) allow reading from
 stdin rather than blocking forever? The current behavior is confusing.

 This is the fix:

 https://github.com/matvore/hesokuri/commit/5cb13e0a81d7ece6aebdf5c635d150bac1719bf1


 2014-04-20 7:05 GMT-07:00 Matthew DeVore matv...@gmail.com javascript:;
 :

  That doesn't appear to be the problem. The spit function creates a Writer
  around the input stream and then closes it, which should get the
 underlying
  InputStream closed and flushed.
 
  Just to make sure, I tried this in place of spit:
  (.write client-in (int \newline))
  (.flush client-in)
  And added a logging call inside the loop in read-line-stream to see if
 any
  character made it through, but the deadlock still happens at the same
 spot,
  and not even one character makes it through.
 
 
  2014-04-20 0:43 GMT-07:00 Guillaume Nodet gno...@apache.org:
 
  The getInvertedIn() output stream is buffered.  If you want to
  actually send a small amount of data, you need to call flush() after
  writing to the stream.
 
  Happy Easter,
  Guillaume Nodet
 
 
  2014-04-20 5:15 GMT+02:00 Matthew DeVore matv...@gmail.com:
 
   Hi,
  
   I'm trying to integrate Apache SSHD with my app and am running into a
   strange issue. I can establish a connection and open a channel on a
   subsystem, and then get the InputStreams and OutputStreams that
  correspond
   to it. Data transferred over stderr and stdout seem to get
 transferred,
  but
   anything written to stdin by the client is not getting to the server.
  The
   client and server are both on localhost and using the SSHD library.
  
   I've written two unit tests to demonstrate this - one that passes
   (connect-stdout-stderr) and one that deadlocks (connect-stdin). The
  code is
   in Clojure. I'd be very grateful if someone could point me in the
 right
   direction to fix the failing test.
  
   Thank you,
   Matt
  
   *Application code*:
  
  
 
 https://github.com/matvore/hesokuri/blob/4d591abe22a3c24e8756b1316ef763be86b55225/src/hesokuri/ssh.clj
   *Tests*:
  
  
 
 https://github.com/matvore/hesokuri/blob/4d591abe22a3c24e8756b1316ef763be86b55225/test/hesokuri/test_hesokuri/ssh.clj
  
   *Test log output:*
   19:41:38:matvore-macbookpro2:~/hesokuri$ lein test :only
   hesokuri.test-hesokuri.ssh/connect-stdin
  
   lein test hesokuri.test-hesokuri.ssh
   Apr 19, 2014 7:51:41 PM
   org.apache.sshd.common.util.SecurityUtils$BouncyCastleRegistration run
   資訊: Trying to register BouncyCastle as a JCE provider
   Apr 19, 2014 7:51:42 PM
   org.apache.sshd.common.util.SecurityUtils$BouncyCastleRegistration run
   資訊: Registration succeeded
   Apr 19, 2014 7:51:42 PM
 org.apache.sshd.client.session.ClientSessionImpl
   init
   資訊: Client session created
   Apr 19, 2014 7:51:42 PM org.apache.sshd.server.session.ServerSession
  init
   資訊: Server session created from /127.0.0.1:63408
   Apr 19, 2014 7:51:42 PM
 org.apache.sshd.client.session.ClientSessionImpl
   readIdentification
   資訊: Server version string: SSH-2.0-SSHD-CORE-0.10.1
   Apr 19, 2014 7:51:42 PM org.apache.sshd.common.session.AbstractSession
   negotiate
   資訊: Kex: server-client aes128-ctr hmac-sha2-256 none
   Apr 19, 2014 7:51:42 PM org.apache.sshd.common.session.AbstractSession
   negotiate
   資訊: Kex: client-server aes128-ctr hmac-sha2-256 none
   Apr 19, 2014 7:51:42 PM org.apache.sshd.common.session.AbstractSession
   negotiate
   資訊: Kex: server-client aes128-ctr hmac-sha2-256 none
   Apr 19, 2014 7:

Re: Data on stdin does not get transferred - stdout+stderr work fine

[Guillaume Nodet]

I did. Feel free to add any comment.

Le lundi 21 avril 2014, Matthew DeVore matv...@gmail.com a écrit :

 Did you already raise one? I saw this:
 https://issues.apache.org/jira/browse/SSHD-312



 2014-04-20 23:25 GMT-07:00 Guillaume Nodet gno...@apache.orgjavascript:;
 :

  Sure, that's a good suggestion.  Could you please raise a Jira issue ?
 
  Le lundi 21 avril 2014, Matthew DeVore matv...@gmail.com javascript:;
 a écrit :
 
   Aha, my problem was that I was trying to read from stdin before
 returning
   from my Command.start() implementation. If I call new-connection-fn on
 a
   separate thread, it works.
  
   Would it be reasonable to either 1) throw an exception if anyone tries
 to
   read/write a stream before returning from start() or 2) allow reading
  from
   stdin rather than blocking forever? The current behavior is confusing.
  
   This is the fix:
  
  
 
 https://github.com/matvore/hesokuri/commit/5cb13e0a81d7ece6aebdf5c635d150bac1719bf1
  
  
   2014-04-20 7:05 GMT-07:00 Matthew DeVore matv...@gmail.comjavascript:;
 javascript:;
   :
  
That doesn't appear to be the problem. The spit function creates a
  Writer
around the input stream and then closes it, which should get the
   underlying
InputStream closed and flushed.
   
Just to make sure, I tried this in place of spit:
(.write client-in (int \newline))
(.flush client-in)
And added a logging call inside the loop in read-line-stream to see
 if
   any
character made it through, but the deadlock still happens at the same
   spot,
and not even one character makes it through.
   
   
2014-04-20 0:43 GMT-07:00 Guillaume Nodet gno...@apache.org:
   
The getInvertedIn() output stream is buffered.  If you want to
actually send a small amount of data, you need to call flush() after
writing to the stream.
   
Happy Easter,
Guillaume Nodet
   
   
2014-04-20 5:15 GMT+02:00 Matthew DeVore matv...@gmail.com:
   
 Hi,

 I'm trying to integrate Apache SSHD with my app and am running
 into
  a
 strange issue. I can establish a connection and open a channel on
 a
 subsystem, and then get the InputStreams and OutputStreams that
correspond
 to it. Data transferred over stderr and stdout seem to get
   transferred,
but
 anything written to stdin by the client is not getting to the
  server.
The
 client and server are both on localhost and using the SSHD
 library.

 I've written two unit tests to demonstrate this - one that passes
 (connect-stdout-stderr) and one that deadlocks (connect-stdin).
 The
code is
 in Clojure. I'd be very grateful if someone could point me in the
   right
 direction to fix the failing test.

 Thank you,
 Matt

 *Application code*:


   
  
 
 https://github.com/matvore/hesokuri/blob/4d591abe22a3c24e8756b1316ef763be86b55225/src/hesokuri/ssh.clj
 *Tests*:


   
  
 
 https://github.com/matvore/hesokuri/blob/4d591abe22a3c24e8756b1316ef763be86b55225/test/hesokuri/test_hesokuri/ssh.clj

 *Test log output:*
 19:41:38:matvore-macbookpro2:~/hesokuri$ lein test :only
 hesokuri.test-hesokuri.ssh/connect-stdin

 lein test hesokuri.test-hesokuri.ssh
 Apr 19, 2014 7:51:41 PM
 org.apache.sshd.common.util.SecurityUtils$BouncyCastleRegistration
  run
 資訊: Trying to register BouncyCastle as a JCE provider
 Apr 19, 2014 7:51:42 PM
 org.apache.sshd.common.util.SecurityUtils$BouncyCastleRegistration
  run
 資訊: Registration succeeded
 Apr 19, 2014 7:51:42 PM
   org.apache.sshd.client.session.ClientSessionImpl
 init
 資訊: Client session created
 Apr 19, 2014 7:51:42 PM
 org.apache.sshd.server.session.ServerSession
init
 資訊: Server sessio

Re: sshd - async interface

[Guillaume Nodet]

The asynchronous interface is an interesting idea.
Though I'm not sure the using selectors is the best and I'd rather try to
change the input/output streams ChannelInput/OutputStream so that
ClientChannel returns AsynchronousByteChannel instead.
I think we need both sync and async interfaces for the client, depending on
the use case.




2014-04-18 1:26 GMT+02:00 Alon Bar-Lev alon.bar...@gmail.com:

 Hi,

 Are there any plans to support async interface for the sshd package?

 Enable single/multi threaded implementation based on nio, in which
 selector is left within the program main?

 The library can return a set of events to wait for including timeout,
 so that main program can wait for these among other events it
 requires.

 The interaction between channel and program can be based on selectable
 channel as well, so that program may send/receive data via ssh
 protocol being completely async.

 Regards,
 Alon Bar-Lev

Re: sshd - async interface

[Guillaume Nodet]

2014-04-19 20:43 GMT+02:00 Alon Bar-Lev alon.bar...@gmail.com:

 On Sat, Apr 19, 2014 at 9:15 PM, Guillaume Nodet gno...@apache.org
 wrote:
  Sshd internally uses nio2 by default, which is not based on selectors,
 but
  non blocking operations.
 
  On the client part of SSHD, things are mostly asynchronous already:
 #1 SshClient#connect returns a future on which you can set a callback
  and that you can use to retrieve the ClientSession asynchronously
 #2 You need to use ClientSession#addXxxIdentity and then
  ClientSession#auth which is also asynchronous
 #3 You then create a channel, and actually operning the channel is
 also
  asynchronous
 #4 Closing channels is also asynchronous
 
  I think the only missing part is really the streams on the ClientChannel
  which are using InputStream and OutputStream.
  If we replace them with an AsynchronousByteChannel, I think we would be
  fully async.

 Thank you for your response, Our definition of async is very different...
 :)

 I do not think this module is sufficient to what I target. I see the
 number of threads created within the library core and the logic that
 is out of reach.


 This ssh library is great, splitting it into two logic only and
 communication layers will enable to go fully async. The logic layer
 should not have any thread. A default implementation of communication
 layer can be provided, but is optional. The difference from the world
 I coming for is that Future handling is much more complex than having
 control queue.


Not sure exactly what you're talking about here.

Afaik, the only place where the ssh layer actually create a thread in when
creating
a client ChannelSession giving an InputStream which has to be read.  This
thread creation can be easily avoided by using ClientChannel#getInvertedIn()
and writing to it.

All other threads are communication threads only and are fully controlled
by
the IoService layer which is pluggable.  Both mina and nio2 implementations
use a fixed number of threads.  But you can rewrite it if you need.

I'm all for improving sshd, but I fear i'm not really seeing your points
clearly.



 Was just an idea, thank you for addressing.

 
  2014-04-19 15:57 GMT+02:00 Alon Bar-Lev alon.bar...@gmail.com:
 
  On Sat, Apr 19, 2014 at 3:52 PM, Jon V. sybersn...@gmail.com wrote:
  
   NIO controls and deals with the selectors. Async IO is a part of that
 but
   is not the same thing. Async io means that if a write cannot be fully
   flushed. It will not block until it can be. NIO provides us the
 events to
   tell us that data is available in the socket.
 
  Async IO is the ability for a single thread to perform (multiplex) IO
  (connect, read, write, close etc..) for multiple file descriptors.
 
  As far as I know, without NIO you cannot achieve that in Java.
 
  There is no sense in read or write without blocking if you cannot wait
  (vs actively poll) for an event.
 
   On Apr 19, 2014 4:56 AM, Alon Bar-Lev alon.bar...@gmail.com
 wrote:
  
On Sat, Apr 19, 2014 at 10:58 AM, Emmanuel Lécharny 
  elecha...@gmail.com
wrote:
 Le 4/19/14 9:45 AM, Alon Bar-Lev a écrit :
 On Sat, Apr 19, 2014 at 10:38 AM, Emmanuel Lécharny 
elecha...@gmail.com wrote:
 Le 4/19/14 9:13 AM, Alon Bar-Lev a écrit :
 Hi,

 The mission of async is to avoid having threads at all, or at
  least
O(1).

 As you have underline internal/private low level channels for
  socket
 processing, and public high level channels to communicate with
 application, there should be a mechanism for library to request
  wake
 up for these low level channels.

 Another option is to avoid using sockets at all within the
 implementation and require application to manage the sockets
 and
  pipe
 socket data into the library.

 I understand this is conceptional change than what we have now,
  but
 this what will enable scale without abusing system threads or
 have
 nondeterministic behaviour in high load.
 There are a few important things you have to know about async
 and
threads :
 - the extra cost for dealing with async connection is around
 30%.
  That
 all but free
 - a standard system can easily deal with a few thousands of
 threads

 Now, unless you define what is high load, I don't really see
 what
kind
 of advantage we can get with an async implementation.

 FTR, when MINA was initially created, it was because there was a
  need
 for a system supporting potentially ten of thousands of
  connections. Is
 that what you are targetting ?
 Yes, using work threads that are derived per # of CPUs, no more.
 I am far from the pure Java world... but if async IO is 30%
 insufficient, maybe it worth to use libssh (C) and communicate
 with
  it
 using single socket from java, delegating IO outside of java.
 IO are already delegated outside on Java. Eveything IO related is
 written in C

Re: SSHD exception when client tries to reconnect

[Guillaume Nodet]

Not sure which client you're using, but afaik, authentication can only done
once for a connection.
Also, try with the latest 0.10.1 sshd release.


2014-03-13 11:09 GMT+01:00 SiriSenthilRaam - sirisenthilr...@gmail.com:

 My ssh client tries to communicate with SSHD and it works fine for a while.
 After a while the connection seems to be closed from client side and when
 the client tries to reconnect to the SSHD, I seeing the below exception. I
 am not sure how to over come this.


 The client keeps trying to send the authentication, and sshd tries to keeps
 throwing this exception. Is there any way to clean up the session?

 If a new connection is established from some other client, its working
 fine.


 WARN [NioProcessor-4] (*AbstractSession.java:264*) - Exception caught

 *java.lang.IllegalStateException*: Unsupported command:
 SSH_MSG_USERAUTH_REQUEST

at org.apache.sshd.server.session.ServerSession.running(
 *ServerSession.java:266*)

at org.apache.sshd.server.session.ServerSession.handleMessage(
 *ServerSession.java:205*)

at org.apache.sshd.common.session.AbstractSession.decode(
 *AbstractSession.java:566*)

at org.apache.sshd.common.session.AbstractSession.messageReceived(
 *AbstractSession.java:236*)

at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(
 *AbstractSessionIoHandler.java:58*)

at

 org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(
 *DefaultIoFilterChain.java:690*)

at

 org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(
 *DefaultIoFilterChain.java:417*)

at
 org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(
 *DefaultIoFilterChain.java:47*)

at

 org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(
 *DefaultIoFilterChain.java:765*)

at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(
 *IoFilterAdapter.java:109*)

at

 org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(
 *DefaultIoFilterChain.java:417*)

at
 org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(
 *DefaultIoFilterChain.java:410*)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(
 *AbstractPollingIoProcessor.java:710*)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(
 *AbstractPollingIoProcessor.java:664*)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(
 *AbstractPollingIoProcessor.java:653*)

at
 org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(
 *AbstractPollingIoProcessor.java:67*)

at
 org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(
 *AbstractPollingIoProcessor.java:1124*)

at org.apache.mina.util.NamePreservingRunnable.run(
 *NamePreservingRunnable.java:64*)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
 Source)

at java.lang.Thread.run(Unknown Source)


 Thanks  Regards,

 Sendilraj P

Re: apache-sshd releases

[Guillaume Nodet]

2014-03-05 18:53 GMT+01:00 Emmanuel Lécharny elecha...@gmail.com:

 Le 3/5/14 6:44 PM, Alon Bar-Lev a écrit :
  Hi,
 
  I want to ask regarding the release sequence.
 
  At site I see latest is 0.9.0[1].

 This is the latest release.
 
  At maven central I see 0.10.0[2].
 this is a tag not a release.
 
  It mirrors I see 0.10.0[3].
 Same.
 
  At git I can see 0.10.1[4] tagged.
 Same.
 
  Quite confusing :)

 Nope. We do release sources, not binaries. Official binaries are those
 available on the MINA web site, and anything else are just working
 artefacts.

 We do not endorse any release which ha snot be voted and signed.
 
  Can the site[1] be modified with latest?
 It's already up to date.


Not really actually.  The 0.10.0 has been released 2 weeks ago.
I was going to update it when I just found that 0.10.0 was not working for
me so I started the  0.10.1 release.
I thought about skipping that one and only update for 0.10.1 ...



  and can 0.10.1 be available
  if was released?

 A vote is going on, and if the vote has not been closed, it's probably
 because some issues have been found in SSHD.


In the case of 0.10.1, we're missing a few votes.  I suppose it won't be
long before it is released now.
There are a few bugs with workarounds, so I'm planning a 0.10.2 release to
fix those in the coming weeks.




 Side note, for devs :
 Here, I think we should agree that when the vote is not closed, then we
 should cancel teh vote after the 72 delays. Also we should probably not
 use a new revision number for each attempt : this is typically teh kind
 of confusion we get if we do what sebb was proposing, and this is the
 reason we delete the tags if the vote is cancelled.

 Thoughts ?

 --
 Regards,
 Cordialement,
 Emmanuel Lécharny
 www.iktek.com

Re: apache-sshd releases

[Guillaume Nodet]

2014-03-05 23:19 GMT+01:00 Emmanuel Lécharny elecha...@gmail.com:

 Le 3/5/14 10:13 PM, Guillaume Nodet a écrit :
  2014-03-05 18:53 GMT+01:00 Emmanuel Lécharny elecha...@gmail.com:
 
 
  Can the site[1] be modified with latest?
  It's already up to date.
 
  Not really actually.  The 0.10.0 has been released 2 weeks ago.
 No, not according to The ASF and this project standards :

 [CANCEL] [VOTE] Release Apache Mina SSHD 0.10.0

 This has *not* been released. You have created a candidate for a vote,
 which you have cancelled.


Yes, and a few days later we have:

[RESULT] [VOTE] Release SSHD 0.10.0 (2nd cut)



  I was going to update it when I just found that 0.10.0 was not working
 for
  me so I started the  0.10.1 release.
  I thought about skipping that one and only update for 0.10.1 ...

 I'd rather keep going with 0.10.0.

 Again, as I said, I think it's really confusing to increment the number
 of candidates when the vote is not successful.
 But this is probably something we should discuss on the dev mailing list.


I fully agree with you, but those are actually 2 different releases.
The 0.10.0 has been released, 0.10.1 is still under vote.




 --
 Regards,
 Cordialement,
 Emmanuel Lécharny
 www.iktek.com

Re: How to configure AWS S3 as filesystem in Apache SSHD

[Guillaume Nodet]

From an SSHD point of view, file access entry point is done by implementing
the org.apache.sshd.common.file.FileSystemFactory.
From a S3 perspective, amazon provides a java client API.
There are a few points you'll have to choose:
  * authentication : how to provide the s3 keys
  * buckets : restrict to a single bucket or simulate a first hierarchy
level using buckets
  * folders : need to choose a delimiter
Next, depending on wether you want to use SCP or SFTP, the set of SshFile
methods to implement may change ... SCP is much simpler and use a more
limited set.
You'll find S3 code snippets easily:
http://ceph.com/docs/master/radosgw/s3/java/#listing-owned-buckets




2014-02-06 18:13 GMT+01:00 Abhishek Kundu kundu.abh...@gmail.com:

 Hi,

  Please help me in configuring AWS S3 as filesystem in Apache SSHD

 --
 Thanks and Regards,

 Abhishek Kundu
 (+91-9008207284)

Re: Remote Port Forwarding

[Guillaume Nodet]

You need to register a TcpipForwardingFilter on your client too, so that it
can accept to connect.  The same class can be used on both sides.

client.setTcpipForwardingFilter(new ForwardingFilter() { ... });


2014-02-07 1:34 GMT+01:00 Kevin Day ke...@trumpetinc.com:

 I'm trying to use mina sshd in a remote port forwarding scenario:

 Client connects to Server on port 22
 Traffic inbound to Server port 12345 gets forwarded to Client port 9876

 I'm running into a problem where the connection to port 12345 on the
 server gets refused.  I've traced the issue to this line in
 TcpipServerChannel:

 final ForwardingFilter filter =
 getSession().getFactoryManager().getTcpipForwardingFilter();
 if (address == null || filter == null || !filter.canConnect(address,
 getSession())) {


 the problem is that filer is winding up with a null value.  The problem is
 that I don't see any way to get that value set.



 My client code:

 SshClient client = SshClient.setUpDefaultClient();
 client.start();

 try{
 ConnectFuture sessionFuture = client.connect(localhost, 22);
 sessionFuture.await();
 ClientSession session = sessionFuture.getSession();
 AuthFuture authPassword = session.authPassword(user, pass);
 authPassword.await();
 if(!authPassword.isSuccess()) throw new Error(Authentication failed);

 SshdSocketAddress local = new SshdSocketAddress(localhost, 14722);
 SshdSocketAddress remote = new SshdSocketAddress(localhost, 14730);

 SshdSocketAddress remoteConnectInfo =
 session.getTcpipForwarder().startRemotePortForwarding(remote, local);

 System.out.println(Forwarding  + remoteConnectInfo +  to  + local);




 and the server code:



 SshServer sshd = SshServer.setUpDefaultServer();
 sshd.setPort(22);
 File keyFile = new File(devapphome/config/hostkey.ser).getAbsoluteFile();
 sshd.setKeyPairProvider(new
 SimpleGeneratorHostKeyProvider(keyFile.getAbsolutePath()));
 sshd.setPasswordAuthenticator(new PasswordAuthenticator(){

 @Override
 public boolean authenticate(String username, String password,
 ServerSession session) {
 return user.equals(username)  pass.equals(password);
 }

 });




 sshd.setTcpipForwardingFilter(new ForwardingFilter() {

 @Override
 public boolean canListen(SshdSocketAddress address, Session session) {
 System.out.println(Listen request from  + address);
 return true;
 }

 @Override
 public boolean canForwardX11(Session session) {
 return true;
 }

 @Override
 public boolean canForwardAgent(Session session) {
 return true;
 }

 @Override
 public boolean canConnect(SshdSocketAddress address, Session session) {
 System.out.println(Connection request from  + address);
 return true;
 }
 });

 try {
 sshd.start();
 System.out.println(sshd started - listening on port  + sshd.getPort());

 synchronized (this) {
 wait();
 }
 } catch (IOException | InterruptedException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 }



 The problem is that sshd.setTcpipForwardingFilter sets the filter on the
 SshServer side of things.  In remote port forwarding mode, a totally
 different (SshClient-side sub-class of AbstractChannel -
 AbstractClientChannel) Session object is being created, and it doesn't look
 like it is inheriting the TcpipForwardingFilter.



 Am I missing something here?  Do I need to be adding some sort of
 registration to detect remote port forwarding requests and configure the
 AbstractClientChannel somehow?


 Thanks much,

 - Kevin

Re: Integration of SSHD

[Guillaume Nodet]

You can use any SSH client from a unix distribution, or cygwin / putty on
Windows.


2013/12/4 Maheedhar maheedha...@in.fiorano.com

 I finished implementation and integration of SSHd into our environment.As
 of
 now we have both the client and server implementations and they communicate
 just fine.We wanted to test with a client from our implementation and some
 other server(a different implementation) running SSH in order to test if
 our
 implementation is generic.Are there any tools/softwares that can
 communicate
 with the sshserver/sshclient that has been deployed. For example, from a
 linux terminal it is possible to send messages to a socket running MINA
 right? similarly what tool can I use to communicate to the IP
 address:port
 where SSH is deployed




 --
 View this message in context:
 http://apache-mina.10907.n7.nabble.com/Integration-of-SSHD-tp39824p40630.html
 Sent from the Apache MINA User Forum mailing list archive at Nabble.com.

Re: SSHD: Restrict SFTP directory

[Guillaume Nodet]

The FileSystemView has been introduced for that very purpose.
Here is an example that restricts the file system to a certain directory
(in that case indicated by System.getProperty(karaf.base))

https://github.com/apache/karaf/blob/karaf-2.x/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/KarafFileSystemView.java


2013/9/17 Joseph Hickman jhick...@dtccom.net

 I need to restrict the directory(ies) a logged-in SFTP user is able to
 access. Two solutions are proposed on this board:

*  A custom implemenation of FileSystemView, as per
 http://www.mail-archive.com/users@mina.apache.org/msg0.html

 OR

 * Override the start method of SftpSubSystem, as per
 http://www.mail-archive.com/users@mina.apache.org/msg03137.html


 Both of these suggestions refer to SFTP and I'm wondering if one approach
 is recommended over the other?  Does anyone have an implementation they are
 willing to share?

 Thanks.

 ~Joseph




-- 
---
Guillaume Nodet

Red Hat, Open Source Integration

Email: gno...@redhat.com
Web: http://fusesource.com
Blog: http://gnodet.blogspot.com/

Re: Integration of SSHD

[Guillaume Nodet]

The main pieces are SshServer and SshClient classes.  Both contains a main
method that you can run and debug to see what happens.  This should also
show you how you can integrate sshd in your environement.


2013/9/12 Maheedhar maheedha...@in.fiorano.com

 I am working in an application that uses apache MINA to send and receive
 messages over socket.. I was asked to include SSH support as in (using
 credentials- a username and password) with which they can authenticate
 themselves.. i was looking into SSHD library source code and felt an
 abstract idea of where to start would be nice..The message that i read from
 the Socket undergoes processing of its own.. i want that to carry on.. i
 just need this SSH security to be added as an additional layer inside the
 logic..how can i acheive that..an outline idea would go a long way.. Thanks
 in advance




 --
 View this message in context:
 http://apache-mina.10907.n7.nabble.com/Integration-of-SSHD-tp39824.html
 Sent from the Apache MINA User Forum mailing list archive at Nabble.com.




-- 
---
Guillaume Nodet

Red Hat, Open Source Integration

Email: gno...@redhat.com
Web: http://fusesource.com
Blog: http://gnodet.blogspot.com/

Re: Publickey of PublickeyAuthenticator class (MINA SSHD)

[Guillaume Nodet]

Could you please explain a bit more what's your exact problem is ?
If you implement your own PublickeyAuthenticator, you need to check wether
the received key is accepted or not.


2013/9/4 LSJ hl1...@naver.com

 Hi.
 I have been using MINA SSHD server.
 I want to be certified through Public key generated by the Linux
 Shell(using
 keygen).
 So I use sshd.setPublickeyAuthenticator method and
 PublickeyAuthenticator class.
 However, Public key used as parameter in PublickeyAuthenticator class
 recevied from user?
 
 public class DBPublicKeyAuth implements PublickeyAuthenticator {
 @Override
 public boolean authenticate(String arg0, *PublicKey arg1*,
 ServerSession
 arg2) {
 ---
 The following two values are wrong.
 
 The value generated by keygen
 Ssh-rsa

 B3NzaC1yc2EDAQABAAABAQClXHjwJv86qURq9L0wyfWyVlRSP8E+Bcr8yfeOKh928C4d67xPR0NoIhOSrhsZmRML4opan2ctCl7l11w1DwgsabBJgtQ7Y6ZWhLrS/W0M3a5efEjktlG71afQP6mtuFdeH140qpPxz6oB26mzCk2f+lajvXrlTNnx1Ap1vCxsueHy8ZRshMHX9k3VIgiabinAtyV7OOcFZjH45uvTmWmShrYzr0P95mevbWAb2RMeRZ2gpjS4Wh1a0u/TVgtJw7X3wbMa2CFjBQxqPGauH04kNo28vM8G3TXyYwJ6UDbPyIvkmYOrxkyckQ+SB0SHwGgZvF3XdcsT2uyPsmbCs5I1
 hl1tex@hl1tex-VirtualBox

 The value printed in PublickeyAuthenticator class(in authenticate
 method)
 RSA Public Key
 modulus:

 a55c78f026ff3aa9446af4bd30c9f5b25654523fc13e05cafcc9f78e2a1f76f02e1debbc4f474368221392ae1b1999130be28a5a9f672d0a5ee5d75c350f082c69b04982d43b63a65684bad2fd6d0cddae5e7c48e4b651bbd5a7d03fa9adb8575e1f5e34aa93f1cfaa01dba9b30a4d9ffa56a3bd7ae54cd9f1d40a75bc2c6cb9e1f2f1946c84c1d7f64dd522089a6e29c0b7257b38e7056631f8e6ebd399699286b633af43fde667af6d601bd9131e459da0a634b85a1d5ad2efd3560b49c3b5f7c1b31ad82163050c6a3c66ae1f4e24368dbcbccf06dd35f263027a5036cfc88be49983abc64c9c910f92074487c06819bc5dd775cb13daec8fb266c2b39235
 public exponent: 10001

 

 I do not know what is wrong.
 help me please~



 --
 View this message in context:
 http://apache-mina.10907.n7.nabble.com/Publickey-of-PublickeyAuthenticator-class-MINA-SSHD-tp39746.html
 Sent from the Apache MINA User Forum mailing list archive at Nabble.com.




-- 
---
Guillaume Nodet

Red Hat, Open Source Integration

Email: gno...@redhat.com
Web: http://fusesource.com
Blog: http://gnodet.blogspot.com/

Re: Socket input to SSHD?

[Guillaume Nodet]

Not easily, but I think with the new api that has been added to sshd 0.9.0
org.apache.sshd.common.io, you can pretty much do whatever you want on the
IO side.


2013/8/14 David Greene da...@securelink.com

 Is there away to have SshdServer accept a Socket or an InputStream as input
 instead of binding to a host:port ?

 -David




-- 
---
Guillaume Nodet

Red Hat, Open Source Integration

Email: gno...@redhat.com
Web: http://fusesource.com
Blog: http://gnodet.blogspot.com/

Re: [Apache SSHD] Default value for max-concurrent-sessions

[Guillaume Nodet]

There's no default value, meaning by default, a user is not limited in the
number of sessions it creates.
There's no global maximum number of sessions right now.

2013/8/1 Wright, Omari omari.wri...@solers.com

 Also, I am also wondering what the max default value of sessions is.
 max-concurrent-sessions seems to pertain to individual users.

 -Original Message-
 From: Wright, Omari [mailto:omari.wri...@solers.com]
 Sent: Thursday, August 01, 2013 12:21 PM
 To: 'users@mina.apache.org'
 Subject: [Apache SSHD] Default value for max-concurrent-sessions

 What is the default value for max-concurrent-sessions?




-- 
---
Guillaume Nodet

Red Hat, Open Source Integration

Email: gno...@redhat.com
Web: http://fusesource.com
Blog: http://gnodet.blogspot.com/

Re: ssh honey pot - tamper with commands

[Guillaume Nodet]

SSHD does not provide an interactive shell you can use and does not really
aim to do so anyway.
I would have a look at jline2, it's the one we use in Karaf.  Jline
provides completion, history, key bindings, etc...
ROughly, you need to create a jline ConsoleReader by using the streams
provided by SSHD and then configure it by registering commands, completers,
etc...
I'd suggest you have a look at Karaf, and then eventually grab some of its
code if you don't want OSGi at all, but the easiest would surely to just
reuse Karaf.



On Thu, Jan 24, 2013 at 11:22 AM, Ioan Eugen Stan stan.ieu...@gmail.comwrote:

 Hello,

 I'm working on a SSH Honeypot and using SSHD as a server. I need help
 figuring out how can I have for example command completion and the
 ability to tamper with some commands (choose between executing,
 delaying or faking their execution - not running them and returning
 some other data)

 Right now I managed to create a server that can execute commands and
 can open a Shell connection where I can type in commands. The server
 echoes them back but does not display them.

 I know it's possible, but the lack of documentation is killing me so
 any help is appreciated.

 Cheers,
 --
 Ioan Eugen Stan




-- 

Guillaume Nodet

Blog: http://gnodet.blogspot.com/

FuseSource, Integration everywhere
http://fusesource.com

Re: ssh honey pot - tamper with commands

[Guillaume Nodet]

If I understand you correcly, you're trying to launch a native shell, but
have some kind of pre-processing of commands in java.
The problem is that there's no way afaik to get back from the native shell
to the sshd environement.
I guess you could customize your native shell to some point to do some of
the processing in scripts, like creating bash functions that will act as
proxy to the native commands and do your ignore/execute logic there.
Else, I'd really suggest using jline as the shell and implement jline
commands that would then delegate to native commands.



On Thu, Jan 24, 2013 at 11:37 AM, Ioan Eugen Stan stan.ieu...@gmail.comwrote:

 Hello Guillaume,

 Thank you for your quick response and the pointers. I know SSHD does
 not aim at providing an interactive shell, but I'm not planning to
 re-implement it myself also. Is it possible for example to delegate
 all characters to the native shell and on new-line to decide one of
 the two:

 - if the command entered so far is not to be executed then drop it
 silently and return fake output to the user
 - if the command should be executed - forward the newline to the
 native, interactive shell

 This should avoid the need for re-implementing the commands and
 command completers and leverage the native shells command completing
 capabilities. Is this ok?

 By the way, you did incredible work on SSHD and jline.

 Cheers,

 --
 Ioan Eugen Stan / CTO / http://axemblr.com




-- 

Guillaume Nodet

Blog: http://gnodet.blogspot.com/

FuseSource, Integration everywhere
http://fusesource.com

Re: [Apache SSHD] Authentication change between 0.6.0 and 0.8.0?

[Guillaume Nodet]

COuld you give a bit more details on your set up and authentication process
?


On Thu, Dec 13, 2012 at 4:55 PM, Wright, Omari omari.wri...@solers.comwrote:

 When I ported my project over to Apache SSHD 0.8.0, my implementation for
 authentication stopped working. Now a user is automatically logged in as
 root when they attempt to connect to the server.




-- 

Guillaume Nodet

Blog: http://gnodet.blogspot.com/

FuseSource, Integration everywhere
http://fusesource.com

Re: [Apache SSHD] Authentication change between 0.6.0 and 0.8.0?

[Guillaume Nodet]

) {
 logException(e,  authenticate);
 }

 return false;
 }
 });

 -

 UserManager is a modified version of Apache FtpServer's properties user
 manager.

 -Original Message-
 From: Guillaume Nodet [mailto:gno...@gmail.com]
 Sent: Thursday, December 13, 2012 11:33 AM
 To: users
 Subject: Re: [Apache SSHD] Authentication change between 0.6.0 and 0.8.0?

 COuld you give a bit more details on your set up and authentication
 process ?


 On Thu, Dec 13, 2012 at 4:55 PM, Wright, Omari omari.wri...@solers.com
 wrote:

  When I ported my project over to Apache SSHD 0.8.0, my implementation
  for authentication stopped working. Now a user is automatically logged
  in as root when they attempt to connect to the server.
 



 --
 
 Guillaume Nodet
 
 Blog: http://gnodet.blogspot.com/
 
 FuseSource, Integration everywhere
 http://fusesource.com




-- 

Guillaume Nodet

Blog: http://gnodet.blogspot.com/

FuseSource, Integration everywhere
http://fusesource.com

Re: [Apache SSHD] Authentication change between 0.6.0 and 0.8.0?

[Guillaume Nodet]

I'm not sure to understand.  The default implementation is not secured and
any login = password will work by default.


On Thu, Dec 13, 2012 at 6:36 PM, Wright, Omari omari.wri...@solers.comwrote:

 Whatever changed also effected running the standalone version from the
 command line with stock configuration. It also shows the same behavior.

 -Original Message-
 From: Guillaume Nodet [mailto:gno...@gmail.com]
 Sent: Thursday, December 13, 2012 12:32 PM
 To: users
 Subject: Re: [Apache SSHD] Authentication change between 0.6.0 and 0.8.0?

 Maybe this change ?


 https://github.com/apache/mina-sshd/commit/3932a1275f3a48d5a304dcfb151a3ca3ce6050ed


 On Thu, Dec 13, 2012 at 5:53 PM, Wright, Omari omari.wri...@solers.com
 wrote:

  Configuration is as follows...
 
  
 
  server = new SshServer();
  // DHG14 uses 2048 bits key which are not supported by the
  default JCE provider
  if (SecurityUtils.isBouncyCastleRegistered()) {
 
  server.setKeyExchangeFactories(Arrays.NamedFactoryKeyExchangeasList(
  new DHG14.Factory(),
  new DHG1.Factory()));
  server.setRandomFactory(new SingletonRandomFactory(new
  BouncyCastleRandom.Factory()));
  } else {
 
  server.setKeyExchangeFactories(Arrays.NamedFactoryKeyExchangeasList(
  new DHG1.Factory()));
  server.setRandomFactory(new SingletonRandomFactory(new
  JceRandom.Factory()));
  }
 
  ListNamedFactoryCipher avail = new
  LinkedListNamedFactoryCipher();
  avail.add(new AES128CTR.Factory());
  avail.add(new AES256CTR.Factory());
  avail.add(new ARCFOUR128.Factory());
  avail.add(new ARCFOUR256.Factory());
  avail.add(new AES128CBC.Factory());
  avail.add(new TripleDESCBC.Factory());
  avail.add(new BlowfishCBC.Factory());
  avail.add(new AES192CBC.Factory());
  avail.add(new AES256CBC.Factory());
 
  for (IteratorNamedFactoryCipher i = avail.iterator();
  i.hasNext();) {
  final NamedFactoryCipher f = i.next();
  try {
  final Cipher c = f.create();
  final byte[] key = new byte[c.getBlockSize()];
  final byte[] iv = new byte[c.getIVSize()];
  c.init(Cipher.Mode.Encrypt, key, iv);
  } catch (InvalidKeyException e) {
  i.remove();
  } catch (Exception e) {
  i.remove();
  }
  }
  server.setCipherFactories(avail);
 
  // Compression is not enabled by default
  //
  sshd.setCompressionFactories(Arrays.NamedFactoryCompressionasList(
  // new CompressionNone.Factory(),
  // new CompressionZlib.Factory(),
  // new CompressionDelayedZlib.Factory()));
 
  server.setCompressionFactories(Arrays.NamedFactoryCompressionasList(
  new CompressionNone.Factory()));
  server.setMacFactories(Arrays.NamedFactoryMacasList(
  new HMACMD5.Factory(),
  new HMACSHA1.Factory(),
  new HMACMD596.Factory(),
  new HMACSHA196.Factory()));
  server.setChannelFactories(Arrays.NamedFactoryChannelasList(
  new PdaChannelSession.Factory(),
  new ChannelDirectTcpip.Factory()));
 
  server.setSignatureFactories(Arrays.NamedFactorySignatureasList(
  new SignatureDSA.Factory(),
  new SignatureRSA.Factory()));
  server.setFileSystemFactory(new PdaFileSystemFactory());
 
  ForwardingAcceptorFactory faf = new
  DefaultForwardingAcceptorFactory();
  server.setTcpipForwardNioSocketAcceptorFactory(faf);
  server.setX11ForwardNioSocketAcceptorFactory(faf);
 
  server.setPort();
 
  if (SecurityUtils.isBouncyCastleRegistered()) {
  server.setKeyPairProvider(new
  PEMGeneratorHostKeyProvider(key.pem));
  } else {
  server.setKeyPairProvider(new
  SimpleGeneratorHostKeyProvider(key.ser));
  }
  if (OsUtils.isUNIX()) {
  server.setShellFactory(new ProcessShellFactory(new
  String[] { /bin/sh, -i, -l },
 
   EnumSet.of(ProcessShellFactory.TtyOptions.ONlCr)));
  } else {
  server.setShellFactory(new ProcessShellFactory(new
  String[] { cmd.exe },
 
   EnumSet.of(ProcessShellFactory.TtyOptions.Echo,
  ProcessShellFactory.TtyOptions.ICrNl,
  ProcessShellFactory.TtyOptions.ONlCr)));
  }
 
 
  server.setSubsystemFactories(Arrays.NamedFactoryCommandasList(new
  PdaSftpSubsystem.Factory()));
 
  server.setCommandFactory(new PdaScpCommandFactory());
 
  server.setPasswordAuthenticator(new PasswordAuthenticator() {
  public boolean authenticate(String username, String
  password, ServerSession session

Re: SSHD server treats CTrl+C ?

[Guillaume Nodet]

Yes, that's doable.   Ctrl+C is sent as \x03 character on the input stream.
 Depending on what's the client, you need to make sure that the client
itself won't be interrupted itself.  We've implemented that in Karaf, so
that's doable for sure.

On Mon, Oct 29, 2012 at 8:35 AM, Pauna Adrian ady@gmail.com wrote:

 I am at the beginning with apache mina SSHD, so I apologize if the question
 might not be very well put. So my question : is there a way to interrupt a
 a running command on a sshd server (apache mina). For example stopping the
 ping command with Ctrl+c.
 Thanks in advance.

 Adrian




-- 

Guillaume Nodet

Blog: http://gnodet.blogspot.com/

FuseSource, Integration everywhere
http://fusesource.com

Re: SSHD support readline as MINA

[Guillaume Nodet]

On Wed, Oct 17, 2012 at 2:13 PM, Tai Phuoc Tran tp...@tma.com.vn wrote:

 Hi,

 I'm currently working on project that use mina as io fwk. Currently, we
 need to move to use apache sshd, however with new architecture of sshd
 which based on stream. And messages are send character by character without
 any handle of deleting characters (when hit backspace)


Which sshd library were you using before that mina sshd ?


 In Mina, we just simple implement 
 IoHandlerAdapter.**messageReceived(IoSession,
 Object) - then we have Object that contains a string (not character).


Mmh, that's really not how sshd works.



 I know we can use jline, and do similar thing as in karaf project do in
 order to handle a incoming command. However, we need to maintain these
 code, and I don't like it, I expect it should be covered by Apache Mina
 SSHD.


You don't like jline code or you don't line maintaining it ?  Jline 2 is a
bit more complicated than the old version.  You could use the old one if
you want a simpler code.



 Any ideal that we've already had a package to adapt with apache sshd to
 provide such basic feature ?


No.  I think jline is the de facto readline library in java and used by
lots of projects beyond karaf.


 Regards,
 Tai




-- 

Guillaume Nodet

Blog: http://gnodet.blogspot.com/

FuseSource, Integration everywhere
http://fusesource.com

Re: Fwd: How to execute sftp client using apache ssh client

[Guillaume Nodet]

I don't think anyone is working on that yet.  Would you be interested in
working on such a feature ?

On Wed, Oct 3, 2012 at 4:44 PM, marcovaca mv...@collegeboard.org wrote:


 Hello, is there currently any plan to add sFTP client side support? Is
 someone working on this already?

 manojkumar16 wrote:
 
  Hi Guillaume,
 
  Thanks for the quick reply.
 
  As you mentioned, client side is still lacking lots of features. And the
  sftp support is one of them unfortunately.
  Does it means that creation of sftp subsystem channel is not supported?
  Can you please provide a list of features which is missing at sftp client
  side?
 
  I followed the link
 
 https://github.com/apache/karaf/blob/trunk/client/src/main/java/org/apache/karaf/client/Main.java
  and
  I am able to connect the client to sftp server either in shell or
 exec
  channel. However, it fails when I try to create sftp subsystem channel.
  Does apache sshd-client supports sftp subsystem?
 
  Is there any documentation available for apache sshd client? I am
  struggling hard to understand the behavior and working style of apache
  sshd
  client.
 
 
  -- Forwarded message --
  From: manoj kumar manojkuma...@gmail.com
  Date: Mon, Jan 23, 2012 at 2:22 PM
  Subject: How to execute sftp client using apache ssh client
  To: d...@mina.apache.org
 
 
  Hi,
 
  I want to write sftp Client using apache-sshd mina client api. I am able
  to
  connect to sftp server using apache ssh client but I do not have any idea
  how to send sftp command to apache sshd server and how do I get result of
  sftp client. I am totally lost. Please guide me. I have confusion on
  below *highlighted
  code *taken from SshClient.java:
 
  SshClient client = SshClient.setUpDefaultClient();
  client.start();
  ClientSession session = client.connect(localhost,
  port).await().getSession();
  session.authPassword(smx, smx);
  ClientChannel channel =
  session.createChannel(ClientChannel.CHANNEL_EXEC, ls);
 
 * ByteArrayOutputStream sent = new ByteArrayOutputStream();*
  *PipedOutputStream pipedIn = new TeePipedOutputStream(sent);*
  *channel.setIn(new PipedInputStream(pipedIn));*
  *ByteArrayOutputStream out = new ByteArrayOutputStream();*
  *ByteArrayOutputStream err = new ByteArrayOutputStream();*
  *channel.setOut(out);*
  *channel.setErr(err);*
  *channel.open().await();*
 
 
  What I understood from the code is, we are using outstream to send sftp
  command in the form of  byte array to sftp server over a channel.
  How do I receive response from sftpserver?
  If It is not correct way to send sftp command then what is the correct
 way
  to execute sftp command?
 
  Can anybody provide a simple example which sends sftp command and
 receives
  response from sftp server?
 
 
  --
  Thanks and Regards,
  Manoj Kumar
  9535214528
 
 
 
  --
  Thanks and Regards,
  Manoj Kumar
  9535214528
 
 

 --
 View this message in context:
 http://old.nabble.com/Fwd%3A-How-to-execute-sftp-client-using-apache-ssh-client-tp33188326p34509344.html
 Sent from the Apache MINA User Forum mailing list archive at Nabble.com.




-- 

Guillaume Nodet

Blog: http://gnodet.blogspot.com/

FuseSource, Integration everywhere
http://fusesource.com

Re: SSHD: Client TCP/IP Forwarding Questions

[Guillaume Nodet]

 choosing SSHD for my
 project.

 Kevin




-- 

Guillaume Nodet

Blog: http://gnodet.blogspot.com/

FuseSource, Integration everywhere
http://fusesource.com

Re: SSHD: Client TCP/IP Forwarding Questions

[Guillaume Nodet]

On Thu, Sep 27, 2012 at 8:44 PM, Kevin Winchester 
kevin.winches...@anywaregroup.com wrote:

 Hi,

 I see that TCP/IP forwarding has been added to the SSHD client in the
 upcoming 0.8.0 release.  I have grabbed the latest code from SVN to try it
 out, but I have a few questions:

 1. Is there any sample code for how to use it?  I basically am doing the
 following:

 SshClient sshClient = SshClient.setUpDefaultClient()**;
 sshClient.start();
 ClientSession clientSession = sshClient.connect( host, port
 ).await().getSession();
 clientSession.authPassword( username, password ).await();
 clientSession.**startLocalPortForwarding( new SshdSocketAddress(
 localAddress, localPort ), new SshdSocketAddress( remoteAddress, remotePort
 ) );

 I don't want any shell or execution channel, just the port forwarding. Is
 that the best way to make use of the feature?


Yes



 2. When I run the above code, the channel seems to work correctly, until I
 disconnect for the first time, at which point the channel seems to close
 itself.  Is that something I am doing wrong, or is it the intended
 behavior?  Any other SSH client I have used maintains the forwarded channel
 across multiple disconnects/reconnects.


I've just added a loop to the unit test we have and the current code seems
to support multiple socket opening/close correctly.
See testLocalForwardingNative  in
https://github.com/apache/mina-sshd/blob/trunk/sshd-core/src/test/java/org/apache/sshd/PortForwardingTest.java#L189
Channels are created for each incoming socket connection on the remote side.
Are you saying that the channel is kept opened for a certain amount of time
before being closed if not reused ?
I suppose I can see the use case for example when using HTTP 1.0, but I
must admit that did not crossed my mind.
Feel free to raise a JIRA issue and eventually propose a patch if you're
fancy working on it.


 3. I see that there is a createDirectTcpipChannel method in the
 ClientSession class as well, that seems to create a completely different
 implementation of a forwarded TCP/IP channel.  What is that used for?


The main difference is that the startLocalPortForwarding opens a server
socket and will channel incoming connection through the ssh layer.
 The createDirectTcpipChannel serves a slightly different purpose which is
to stream data from java to the remote host, so no socket is opened and you
have to give the input / output / error streams instead.
The reason the implementation is different is mainly because in
the startLocalPortForwarding case, no java streams are used, and we use bio
buffers, so even if ssh layer is used in the same way, the client side is
slightly different.



 Thanks,
 Kevin Winchester




-- 

Guillaume Nodet

Blog: http://gnodet.blogspot.com/

FuseSource, Integration everywhere
http://fusesource.com

Re: Problem in Apache SSHD when making remote calls

[Guillaume Nodet]

Could you provide the server log so that we can investigate why the
connection is dropped ?

On Thu, Sep 27, 2012 at 10:08 PM, Wright, Omari omari.wri...@solers.comwrote:

 If during processing I make a remote call to another machine (in this case
 JMS message or SOAP message) the SSH/SFTP connection is dropped to my SFTP
 client. Is there something I can change to remedy this?

 Example 1:

 1)  Connect to Apache SSHD using SFTP client

 2)  Authenticate method is reached

 3)  Remote SOAP call is made to OpenAM to do the authentication

 4)  SSHTools SFTP client connection is dropped

 Example 2 (after I make authenticate always return true):

 1)  Connect to Apache SSHD using SFTP client

 2)  Authentication returns true and a SSH session is started

 3)  Sftpsubsystem tries to query database to get user's home directory

 4)  SSHTools SFTP client connection is dropped




-- 

Guillaume Nodet

Blog: http://gnodet.blogspot.com/

FuseSource, Integration everywhere
http://fusesource.com

Re: Is Apache SSHD considered beta software?

[Guillaume Nodet]

Mainly, the missing things are on the client side:
  * keyboard interactive authentication
  * scp support
  * sftp support
  * x11 forwarding
Those are priority sorted in my opinion.
On top of that, there are a bunch of enhancements in JIRA, but I would not
hold on a 1.0.0 release because of those (they are just enhancements).
Some of the above already have jira issues.  If you're fancy helping on any
of those, your help would be more than welcomed.

On Tue, Sep 25, 2012 at 6:23 PM, John Plocher john.ploc...@gmail.comwrote:

 On Tue, Sep 25, 2012 at 12:27 AM, Emmanuel Lécharny elecha...@gmail.com
 wrote:
  Forget about what you read about alpha/beta/GA/whatever on the internet.
  But, please, asking for an ETA or wondering when we will tag the version
 as
  Final is just totally useless.

 My apologies, I could have said things better - the question wasn't a
 defensive one based on a lack of an ETA or whatever (which, I agree,
 is useless and inappropriate), but one of wonder and curiosity - since
 it seems that Guillaume  acknowledges a gap between where things are
 now and a mythical point called feature complete, what does that gap
 look like?
 What features still need to be invented/designed/coded?  Is there a
 list?  Is it large or small?

 All these questions lead directly into is there anything on that list
 that *I* can do? and Hey, I am really interested in this particular
 one, let me try  But without a list somewhere, my imagination
 isn't sufficiently fertile to invent my own list :-)

 Think shared team vision and goals...

   -John




-- 

Guillaume Nodet

Blog: http://gnodet.blogspot.com/

FuseSource, Integration everywhere
http://fusesource.com

Re: Is Apache SSHD considered beta software?

[Guillaume Nodet]

Is there any particular feature missing for you ?

On Mon, Sep 24, 2012 at 9:29 PM, Wright, Omari omari.wri...@solers.comwrote:

 Any ETA on when it will be feature complete?

 -Original Message-
 From: Guillaume Nodet [mailto:gno...@gmail.com]
 Sent: Friday, September 21, 2012 9:06 AM
 To: users@mina.apache.org
 Subject: Re: Is Apache SSHD considered beta software?

 It's used in production, there's no problem about that.
 The main reason the version is  1 is that it's still not feature complete
 ...

 On Fri, Sep 21, 2012 at 2:34 PM, Wright, Omari omari.wri...@solers.com
 wrote:

  Would Apache SSHD be considered beta software or is it suitable for
  use in a production environment?
 



 --
 
 Guillaume Nodet
 
 Blog: http://gnodet.blogspot.com/
 
 FuseSource, Integration everywhere
 http://fusesource.com




-- 

Guillaume Nodet

Blog: http://gnodet.blogspot.com/

FuseSource, Integration everywhere
http://fusesource.com

Re: Is Apache SSHD considered beta software?

[Guillaume Nodet]

Alpha and beta usually refer to maturity, not features.
We don't call it alpha or beta because it's not, though the fact that sshd
is not feature complete means that the api may need to change a bit to
accommodate new features, hence the 0.x version.  Fwiw, missing features
are mostly on the client side, and the server does not change much but for
bug fixes or minor improvements.

On Tue, Sep 25, 2012 at 12:22 AM, Wright, Omari omari.wri...@solers.comwrote:

 Not really, just wondering because we plan to use it in a government
 environment and technically we cannot use it if it is in beta.

 -Original Message-
 From: Guillaume Nodet [mailto:gno...@gmail.com]
 Sent: Monday, September 24, 2012 5:17 PM
 To: users@mina.apache.org
 Subject: Re: Is Apache SSHD considered beta software?

 Is there any particular feature missing for you ?

 On Mon, Sep 24, 2012 at 9:29 PM, Wright, Omari omari.wri...@solers.com
 wrote:

  Any ETA on when it will be feature complete?
 
  -Original Message-
  From: Guillaume Nodet [mailto:gno...@gmail.com]
  Sent: Friday, September 21, 2012 9:06 AM
  To: users@mina.apache.org
  Subject: Re: Is Apache SSHD considered beta software?
 
  It's used in production, there's no problem about that.
  The main reason the version is  1 is that it's still not feature
  complete ...
 
  On Fri, Sep 21, 2012 at 2:34 PM, Wright, Omari
  omari.wri...@solers.com
  wrote:
 
   Would Apache SSHD be considered beta software or is it suitable for
   use in a production environment?
  
 
 
 
  --
  
  Guillaume Nodet
  
  Blog: http://gnodet.blogspot.com/
  
  FuseSource, Integration everywhere
  http://fusesource.com
 



 --
 
 Guillaume Nodet
 
 Blog: http://gnodet.blogspot.com/
 
 FuseSource, Integration everywhere
 http://fusesource.com




-- 

Guillaume Nodet

Blog: http://gnodet.blogspot.com/

FuseSource, Integration everywhere
http://fusesource.com

Re: SSHD: stopping active shell sessions

[Guillaume Nodet]

I'm not sure to understand what is the isexited method you're talking
about.
Are you using the InvertedShellWrapper ? That one consumes cpu a bit
because it needs to read the streams.

On Sun, Sep 9, 2012 at 3:06 AM, Maarten Smit maartensm...@gmail.com wrote:

 It turned out that after the sessions was closed the isexited function
 still returned true which caused the session to hang. My apologies, took me
 quite long to figure out :)

 But now I have a second problem, the sshd needs to run on devices with
 batteries (like laptops) but battery drain increases a lot when someone is
 connected. It turns out after settings to log point that the isexited call
 from the shell class is called multiple times per second (a continuous
 loop) till the isexited returns true. My gues is that's eating a lot of
 power.. Would there maybe be some fix? Would it be safe to add a thread
 sleep to the isexited function?

 Keep up the good work though, it's a great server! So easy to use.

 Thanks again.

 Maarten


 2012/9/3 Guillaume Nodet gno...@gmail.com

  It should not be necessary.  Closing the server should close all sessions
  and shells.
  I suppose you're using the latest 0.7.0 version.
  Isn't the Command#destroy() method called ?
 
  On Sun, Sep 2, 2012 at 3:01 PM, Maarten Smit maartensm...@gmail.com
  wrote:
 
   Hello,
  
   I have implemented SSHD with my own Shell Factory. Everything works
  great,
   however, this doesn't work:
  
   1. A user connects
   2. The user is done and closes the session without typing 'exit' first
  (if
   the user quits correctly by typing exit through ssh everything works
 ok)
   3. The server is stopped
   4. The server is started again: that doesn't work since the port is
 still
   in use, probably because there is still a shell session (since if the
  shell
   is closed everything works).
  
   I have tried:
   - setReuseAddress to true
   - using sshd.getActiveSessions() to get all sessions and disconnecting
  each
   one
  
   But it still doesn't work. So my question is, when the server is
 stopped,
   how can I get access to each active shell outputstream so I can send
 the
   'exit' command?
  
   Thanks!
  
   Maarten
  
 
 
 
  --
  
  Guillaume Nodet
  
  Blog: http://gnodet.blogspot.com/
  
  FuseSource, Integration everywhere
  http://fusesource.com
 




-- 

Guillaume Nodet

Blog: http://gnodet.blogspot.com/

FuseSource, Integration everywhere
http://fusesource.com

Re: how to display messages at client terminal

[Guillaume Nodet]

session.writePacket is what you need to use in order to send messages to
the client.
If you use that method, you can't hit the UnsupportedOperationException as
the remoteAddress will be null.

On Tue, Sep 11, 2012 at 8:05 AM, Kanupriya Dadariya 
kanupriya.dadar...@gmail.com wrote:

 I see writePacket again uses ioSession.write() method internally.
 Currently in our code with ServerSession.writePacket , we didn't see
 UnsupportedOperationException as our code doesn't reach up to that step and
 something goes wrong before that step itself.

 However, as the ServerSession.writePacket() path is still the same (using
 ioSession.write() ) , ioSession.write would again throw
 UnsupportedOperationException
 for our TransportMetaDataType being not connectionless .

 Is there any other API apart from ServerSesison.writePacket or
 IoSesison.write() ? Or any other way ?

 Thanks,
 Kanupriya

 On Fri, Sep 7, 2012 at 6:36 PM, Guillaume Nodet gno...@gmail.com wrote:

  You should look for informations on keyboard-interactive authentication
 in
  SSH.
  I think that's exactly what you want.  I suppose you'll need to implement
  your own UserAuth implementation.
  I think messages can be sent by the server using SSH_MSG_USERAUTH_BANNER
  (for simply displaying a message) and SSH_MSG_USERAUTH_INFO_REQUEST
  / SSH_MSG_USERAUTH_INFO_RESPONSE for having the server requesting
  information on the client side.
  Note that the client side of sshd does not support that yet, but that
 part
  could be included as it should be reusable (the server side might be less
  reusable).
 
  On Fri, Sep 7, 2012 at 2:48 PM, Khan, Farooq farooq.k...@emc.com
 wrote:
 
   Let me explain the problem a bit more.
  
   Within our MinaServer class we have the following code
  
   setPasswordAuthenticator(new PasswordAuthenticator() {
 public boolean authenticate(String username, String password,
   ServerSession session) {
  
 }
   }
  
   Our PasswordAuthenticator::authenticate() method further delegates the
   actually authentication task to a custom JAASLoginModule. We could have
   used the Mina provided JaasPasswordAuthenticator however we had our own
   class already written years ago so we decided to reuse that.
  
   There is one problem with all this approach the JAAS Framework depends
 on
   Callbacks which are used to prompt the user appropriately. However Mina
  SSH
   framework does all prompting in the background and simply provides you
  with
   a username and password. We then have to forward this to our JAAS Login
   Module.
  
   This works for most cases however sometimes our custom authentication
   system throws up a TextCallBack there is no way with Mina to achieve
  this.
   If you want to prompt the user to choose a Domain Name using a
   ChoiceCallback this is also not possible with Mina.
  
   Kanupriya was basically trying to use the ServerSession object within
 the
   authenticate method to send back a custom message to the user. A
 message
   that was being prompted by the TextCallBack
  
   In order to send this message she wrote a method similar to below
  
   private void sendMessage(ServerSession serverSession,
  SshConstants.Message
   cmd, String msg){
   Buffer buffer = serverSession.createBuffer(cmd, msg.length());
   buffer.putString(msg);
   log.info(Buffer created now);
   try {
 log.info(writing message now);
 WriteFuture writeFuture = serverSession.writePacket(buffer);
 log.info(message is written now waiting);
 writeFuture.awaitUninterruptibly(); // Wait until the message is
   completely written out to the O/S buffer.
 Thread.sleep(1);
 log.info(waiting and sleeping done);
   } catch (Exception ioe) {
 ioe.printStackTrace();
   }
 }
  
   For the SshConstants.Message she tried the following:
   SshConstants.Message.SSH_MSG_DEBUG
   SshConstants.Message.SSH_MSG_USERAUTH_FAILURE
  
   But none of these reach the user.
  
   I think there is a workaround to this entire stuff but I was hoping we
   avoided that it would be quite a bit of coding to do that.
   1. Somehow disable authentication the way it is expected.
   2. Once the users session is established use the JAAS Login Module we
   have. We have full control on what to prompt the user with and how many
   prompts to do . We have a use case to inform user that the password
 will
   expire shortly would the user like to change it. Or if it's a first
 time
   login force the user to reset his password
   3. On failure somehow send back a
   SshConstants.Message.SSH_MSG_USERAUTH_FAILURE
  
   Any better ideas?
  
   Thanks
   Farooq
  
-Original Message-
From: Kanupriya Dadariya [mailto:kanupriya.dadar...@gmail.com]
Sent: Thursday, September 06, 2012 7:56 PM
To: users@mina.apache.org
Subject: Re: how to display messages at client terminal
   
Would like to know if there a proper way to communicate with the
  terminal
before

Re: how to display messages at client terminal

[Guillaume Nodet]

You should look for informations on keyboard-interactive authentication in
SSH.
I think that's exactly what you want.  I suppose you'll need to implement
your own UserAuth implementation.
I think messages can be sent by the server using SSH_MSG_USERAUTH_BANNER
(for simply displaying a message) and SSH_MSG_USERAUTH_INFO_REQUEST
/ SSH_MSG_USERAUTH_INFO_RESPONSE for having the server requesting
information on the client side.
Note that the client side of sshd does not support that yet, but that part
could be included as it should be reusable (the server side might be less
reusable).

On Fri, Sep 7, 2012 at 2:48 PM, Khan, Farooq farooq.k...@emc.com wrote:

 Let me explain the problem a bit more.

 Within our MinaServer class we have the following code

 setPasswordAuthenticator(new PasswordAuthenticator() {
   public boolean authenticate(String username, String password,
 ServerSession session) {

   }
 }

 Our PasswordAuthenticator::authenticate() method further delegates the
 actually authentication task to a custom JAASLoginModule. We could have
 used the Mina provided JaasPasswordAuthenticator however we had our own
 class already written years ago so we decided to reuse that.

 There is one problem with all this approach the JAAS Framework depends on
 Callbacks which are used to prompt the user appropriately. However Mina SSH
 framework does all prompting in the background and simply provides you with
 a username and password. We then have to forward this to our JAAS Login
 Module.

 This works for most cases however sometimes our custom authentication
 system throws up a TextCallBack there is no way with Mina to achieve this.
 If you want to prompt the user to choose a Domain Name using a
 ChoiceCallback this is also not possible with Mina.

 Kanupriya was basically trying to use the ServerSession object within the
 authenticate method to send back a custom message to the user. A message
 that was being prompted by the TextCallBack

 In order to send this message she wrote a method similar to below

 private void sendMessage(ServerSession serverSession, SshConstants.Message
 cmd, String msg){
 Buffer buffer = serverSession.createBuffer(cmd, msg.length());
 buffer.putString(msg);
 log.info(Buffer created now);
 try {
   log.info(writing message now);
   WriteFuture writeFuture = serverSession.writePacket(buffer);
   log.info(message is written now waiting);
   writeFuture.awaitUninterruptibly(); // Wait until the message is
 completely written out to the O/S buffer.
   Thread.sleep(1);
   log.info(waiting and sleeping done);
 } catch (Exception ioe) {
   ioe.printStackTrace();
 }
   }

 For the SshConstants.Message she tried the following:
 SshConstants.Message.SSH_MSG_DEBUG
 SshConstants.Message.SSH_MSG_USERAUTH_FAILURE

 But none of these reach the user.

 I think there is a workaround to this entire stuff but I was hoping we
 avoided that it would be quite a bit of coding to do that.
 1. Somehow disable authentication the way it is expected.
 2. Once the users session is established use the JAAS Login Module we
 have. We have full control on what to prompt the user with and how many
 prompts to do . We have a use case to inform user that the password will
 expire shortly would the user like to change it. Or if it's a first time
 login force the user to reset his password
 3. On failure somehow send back a
 SshConstants.Message.SSH_MSG_USERAUTH_FAILURE

 Any better ideas?

 Thanks
 Farooq

  -Original Message-
  From: Kanupriya Dadariya [mailto:kanupriya.dadar...@gmail.com]
  Sent: Thursday, September 06, 2012 7:56 PM
  To: users@mina.apache.org
  Subject: Re: how to display messages at client terminal
 
  Would like to know if there a proper way to communicate with the terminal
  before the session actually starts.
 
 
 
  On Wed, Sep 5, 2012 at 7:47 PM, Kanupriya Dadariya 
  kanupriya.dadar...@gmail.com wrote:
 
   Hi,
  
   The requirement is not just display the message but also prompt for
   user input.
   For ex: If when the prompt to change the password comes from the
   Authentication service.
  
   I think , we should be using SSH_MSG_USERAUTH_FAILURE in this case.
  
   However, that doesn't help and I see the writeStatus as false without
   any exception.
  
  
   On Wed, Sep 5, 2012 at 12:50 PM, Kanupriya Dadariya 
   kanupriya.dadar...@gmail.com wrote:
  
   Thanks for the response . Will check with this.
  
  
   On Tue, Sep 4, 2012 at 7:09 PM, Guillaume Nodet gno...@gmail.com
  wrote:
  
   There is the SSH_MSG_DEBUG message though which is logged by the
   client/server upon reception.
  
   On Fri, Aug 31, 2012 at 3:42 PM, Kanupriya Dadariya 
   kanupriya.dadar...@gmail.com wrote:
  
Hi,
   
I am using Apache Mina sshd . Do not have my own encoder/decoder.
Need
   to
display the message to client terminal during authentication .
   
Probably making some obvious mistake , Can somebody please help
  me

Re: how to display messages at client terminal

[Guillaume Nodet]

Not in a standard way I think, but if you control both the server and
client, you can hack the protocol.
Have you seen such a thing with a real ssh client ? If so, the debug output
would help understand how that's done.

On Thu, Sep 6, 2012 at 4:26 PM, Kanupriya Dadariya 
kanupriya.dadar...@gmail.com wrote:

 Would like to know if there a proper way to communicate with the terminal
 before the session actually starts.



 On Wed, Sep 5, 2012 at 7:47 PM, Kanupriya Dadariya 
 kanupriya.dadar...@gmail.com wrote:

  Hi,
 
  The requirement is not just display the message but also prompt for user
  input.
  For ex: If when the prompt to change the password comes from the
  Authentication service.
 
  I think , we should be using SSH_MSG_USERAUTH_FAILURE in this case.
 
  However, that doesn't help and I see the writeStatus as false without any
  exception.
 
 
  On Wed, Sep 5, 2012 at 12:50 PM, Kanupriya Dadariya 
  kanupriya.dadar...@gmail.com wrote:
 
  Thanks for the response . Will check with this.
 
 
  On Tue, Sep 4, 2012 at 7:09 PM, Guillaume Nodet gno...@gmail.com
 wrote:
 
  There is the SSH_MSG_DEBUG message though which is logged by the
  client/server upon reception.
 
  On Fri, Aug 31, 2012 at 3:42 PM, Kanupriya Dadariya 
  kanupriya.dadar...@gmail.com wrote:
 
   Hi,
  
   I am using Apache Mina sshd . Do not have my own encoder/decoder.
 Need
  to
   display the message to client terminal during authentication .
  
   Probably making some obvious mistake , Can somebody please help me
 out
  ?
  
   Here is the code snippet : I get the writeStatus as false always and
  don't
   get the message displayed .
  
   =
   IoBuffer buffer = IoBuffer.allocate(1024, true);
   buffer.setAutoExpand(true);
   try {
 buffer.putString(small,
 Charset.forName(UTF-8).newEncoder());
  
   } catch (CharacterCodingException e) {
  
   }
  
   WriteFuture future = ioSession.write(buffer,
   ioSession.getRemoteAddress());
   IoFutureListener iof = new MinaIOFutureListener();
   future.addListener(iof);
  
   if(future.isWritten()){
 writeStatus = true;
   } else {
 writeStatus = false;
   }
   future.removeListener(iof);
   =
   Appreciate any help .
  
 
 
 
  --
  
  Guillaume Nodet
  
  Blog: http://gnodet.blogspot.com/
  
  FuseSource, Integration everywhere
  http://fusesource.com
 
 
 
 




-- 

Guillaume Nodet

Blog: http://gnodet.blogspot.com/

FuseSource, Integration everywhere
http://fusesource.com

Re: how to display messages at client terminal

[Guillaume Nodet]

There is the SSH_MSG_DEBUG message though which is logged by the
client/server upon reception.

On Fri, Aug 31, 2012 at 3:42 PM, Kanupriya Dadariya 
kanupriya.dadar...@gmail.com wrote:

 Hi,

 I am using Apache Mina sshd . Do not have my own encoder/decoder. Need to
 display the message to client terminal during authentication .

 Probably making some obvious mistake , Can somebody please help me out ?

 Here is the code snippet : I get the writeStatus as false always and don't
 get the message displayed .

 =
 IoBuffer buffer = IoBuffer.allocate(1024, true);
 buffer.setAutoExpand(true);
 try {
   buffer.putString(small, Charset.forName(UTF-8).newEncoder());

 } catch (CharacterCodingException e) {

 }

 WriteFuture future = ioSession.write(buffer,
 ioSession.getRemoteAddress());
 IoFutureListener iof = new MinaIOFutureListener();
 future.addListener(iof);

 if(future.isWritten()){
   writeStatus = true;
 } else {
   writeStatus = false;
 }
 future.removeListener(iof);
 =
 Appreciate any help .




-- 

Guillaume Nodet

Blog: http://gnodet.blogspot.com/

FuseSource, Integration everywhere
http://fusesource.com

Re: SSHD: stopping active shell sessions

[Guillaume Nodet]

It should not be necessary.  Closing the server should close all sessions
and shells.
I suppose you're using the latest 0.7.0 version.
Isn't the Command#destroy() method called ?

On Sun, Sep 2, 2012 at 3:01 PM, Maarten Smit maartensm...@gmail.com wrote:

 Hello,

 I have implemented SSHD with my own Shell Factory. Everything works great,
 however, this doesn't work:

 1. A user connects
 2. The user is done and closes the session without typing 'exit' first (if
 the user quits correctly by typing exit through ssh everything works ok)
 3. The server is stopped
 4. The server is started again: that doesn't work since the port is still
 in use, probably because there is still a shell session (since if the shell
 is closed everything works).

 I have tried:
 - setReuseAddress to true
 - using sshd.getActiveSessions() to get all sessions and disconnecting each
 one

 But it still doesn't work. So my question is, when the server is stopped,
 how can I get access to each active shell outputstream so I can send the
 'exit' command?

 Thanks!

 Maarten




-- 

Guillaume Nodet

Blog: http://gnodet.blogspot.com/

FuseSource, Integration everywhere
http://fusesource.com