Apache Mina SSHD

Clone this repo:
  1. f8ca409 Configure GPG signing plugin used during release phase by Lyor Goldstein · 5 days ago master
  2. 594ee80 Added release preparation files to .gitignore by Lyor Goldstein · 7 days ago
  3. 1b64c10 [maven-release-plugin] prepare for next development iteration by Guillaume Nodet · 6 days ago
  4. c28613d [maven-release-plugin] prepare release sshd-2.4.0 by Guillaume Nodet · 7 days ago sshd-2.4.0
  5. ac05466 Improve test success rate for sshd-mina by Guillaume Nodet · 7 days ago



Apache SSHD is a 100% pure java library to support the SSH protocols on both the client and server side. This library can leverage Apache MINA, a scalable and high performance asynchronous IO library. SSHD does not really aim at being a replacement for the SSH client or SSH server from Unix operating systems, but rather provides support for Java based applications requiring SSH support.

Supported standards

Reference implementation documentation

Implemented/available support

  • Ciphers: aes128cbc, aes128ctr, aes192cbc, aes192ctr, aes256cbc, aes256ctr, arcfour128, arcfour256, blowfishcbc, tripledescbc
  • Digests: md5, sha1, sha224, sha256, sha384, sha512
  • Macs: hmacmd5, hmacmd596, hmacsha1, hmacsha196, hmacsha256, hmacsha512, hmac-sha2-256-etm@openssh.com , hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com
  • Key exchange: diffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256 , diffie-hellman-group15-sha512, diffie-hellman-group16-sha512, diffie-hellman-group17-sha512, diffie-hellman-group18-sha512 , ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521
  • Compressions: none, zlib, zlib@openssh.com
  • Signatures/Keys: ssh-dss, ssh-rsa, rsa-sha2-256, rsa-sha2-512, nistp256, nistp384, nistp521, ed25519 (requires eddsa optional module)

Release notes

Core requirements

  • Java 8+ (as of version 1.3)

  • Slf4j

The code only requires the core abstract slf4j-api module. The actual implementation of the logging API can be selected from the many existing adaptors.

Basic artifacts structure

  • sshd-common - contains basic classes used throughout the project as well as code that does not require client or server network support.

  • sshd-core - contains the basic SSH client/server code implementing the connection, transport, channels, forwarding, etc..

    • sshd-mina, sshd-netty - replacements for the default NIO2 connector used to establish and manage network connections using MINA and/or Netty libraries respectively.
  • sshd-sftp - contains the server side SFTP subsystem and the SFTP client code.

  • sshd-scp - contains the server side SCP command handler and the SCP client code.

  • sshd-ldap - contains server-side password and public key authenticators that use and LDAP server.

  • sshd-git - contains replacements for JGit SSH session factory.

  • sshd-osgi - contains an artifact that combines sshd-common and sshd-core so it can be deployed in OSGi environments.

  • sshd-putty - contains code that can parse PUTTY key files.

  • sshd-openpgp - contains code that can parse OpenPGP key files (with some limitations - see relevant section)

  • sshd-cli - contains simple templates for command-line client/server - used to provide look-and-feel similar to the Linux ssh/sshd commands.

  • sshd-contrib - experimental code that is currently under review and may find its way into one of the other artifacts (or become an entirely new artifact - e.g., sshd-putty evolved this way).

Optional dependencies

Quick reference

Set up an SSH client in 5 minutes

Embedding an SSHD server instance in 5 minutes

SSH functionality breakdown

Security providers setup

Commands infrastructure



Port forwarding

Internal support classes

Event listeners and handlers

Command line clients

GIT support

Configuration/data files parsing support

Extension modules