Configuration is as follows...
----------------
server = new SshServer();
// DHG14 uses 2048 bits key which are not supported by the default JCE
provider
if (SecurityUtils.isBouncyCastleRegistered()) {
server.setKeyExchangeFactories(Arrays.<NamedFactory<KeyExchange>>asList(
new DHG14.Factory(),
new DHG1.Factory()));
server.setRandomFactory(new SingletonRandomFactory(new
BouncyCastleRandom.Factory()));
} else {
server.setKeyExchangeFactories(Arrays.<NamedFactory<KeyExchange>>asList(
new DHG1.Factory()));
server.setRandomFactory(new SingletonRandomFactory(new
JceRandom.Factory()));
}
List<NamedFactory<Cipher>> avail = new
LinkedList<NamedFactory<Cipher>>();
avail.add(new AES128CTR.Factory());
avail.add(new AES256CTR.Factory());
avail.add(new ARCFOUR128.Factory());
avail.add(new ARCFOUR256.Factory());
avail.add(new AES128CBC.Factory());
avail.add(new TripleDESCBC.Factory());
avail.add(new BlowfishCBC.Factory());
avail.add(new AES192CBC.Factory());
avail.add(new AES256CBC.Factory());
for (Iterator<NamedFactory<Cipher>> i = avail.iterator(); i.hasNext();)
{
final NamedFactory<Cipher> f = i.next();
try {
final Cipher c = f.create();
final byte[] key = new byte[c.getBlockSize()];
final byte[] iv = new byte[c.getIVSize()];
c.init(Cipher.Mode.Encrypt, key, iv);
} catch (InvalidKeyException e) {
i.remove();
} catch (Exception e) {
i.remove();
}
}
server.setCipherFactories(avail);
// Compression is not enabled by default
//
sshd.setCompressionFactories(Arrays.<NamedFactory<Compression>>asList(
// new CompressionNone.Factory(),
// new CompressionZlib.Factory(),
// new CompressionDelayedZlib.Factory()));
server.setCompressionFactories(Arrays.<NamedFactory<Compression>>asList(
new CompressionNone.Factory()));
server.setMacFactories(Arrays.<NamedFactory<Mac>>asList(
new HMACMD5.Factory(),
new HMACSHA1.Factory(),
new HMACMD596.Factory(),
new HMACSHA196.Factory()));
server.setChannelFactories(Arrays.<NamedFactory<Channel>>asList(
new PdaChannelSession.Factory(),
new ChannelDirectTcpip.Factory()));
server.setSignatureFactories(Arrays.<NamedFactory<Signature>>asList(
new SignatureDSA.Factory(),
new SignatureRSA.Factory()));
server.setFileSystemFactory(new PdaFileSystemFactory());
ForwardingAcceptorFactory faf = new DefaultForwardingAcceptorFactory();
server.setTcpipForwardNioSocketAcceptorFactory(faf);
server.setX11ForwardNioSocketAcceptorFactory(faf);
server.setPort(2222);
if (SecurityUtils.isBouncyCastleRegistered()) {
server.setKeyPairProvider(new
PEMGeneratorHostKeyProvider("key.pem"));
} else {
server.setKeyPairProvider(new
SimpleGeneratorHostKeyProvider("key.ser"));
}
if (OsUtils.isUNIX()) {
server.setShellFactory(new ProcessShellFactory(new String[] {
"/bin/sh", "-i", "-l" },
EnumSet.of(ProcessShellFactory.TtyOptions.ONlCr)));
} else {
server.setShellFactory(new ProcessShellFactory(new String[] {
"cmd.exe "},
EnumSet.of(ProcessShellFactory.TtyOptions.Echo,
ProcessShellFactory.TtyOptions.ICrNl, ProcessShellFactory.TtyOptions.ONlCr)));
}
server.setSubsystemFactories(Arrays.<NamedFactory<Command>>asList(new
PdaSftpSubsystem.Factory()));
server.setCommandFactory(new PdaScpCommandFactory());
server.setPasswordAuthenticator(new PasswordAuthenticator() {
public boolean authenticate(String username, String password,
ServerSession session) {
PdaUserManager userManager = new PdaUserManager();
Authentication auth = new
UsernamePasswordAuthentication(username,password);
try {
User user =
userManager.authenticate(auth);
if (user.getTokenId() != null) {
TokenId tokenId = new
TokenId(user.getTokenId());
session.setAttribute(TOKEN_ID,
tokenId);
return true;
}
} catch (AuthenticationFailedException e) {
logException(e, "authenticate");
}
return false;
}
});
-------------------------
UserManager is a modified version of Apache FtpServer's properties user manager.
-----Original Message-----
From: Guillaume Nodet [mailto:[email protected]]
Sent: Thursday, December 13, 2012 11:33 AM
To: users
Subject: Re: [Apache SSHD] Authentication change between 0.6.0 and 0.8.0?
COuld you give a bit more details on your set up and authentication process ?
On Thu, Dec 13, 2012 at 4:55 PM, Wright, Omari <[email protected]>wrote:
> When I ported my project over to Apache SSHD 0.8.0, my implementation
> for authentication stopped working. Now a user is automatically logged
> in as root when they attempt to connect to the server.
>
--
------------------------
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
FuseSource, Integration everywhere
http://fusesource.com
