commit | 42df03db207be7be5479acf97335ea8ae1603c21 | [log] [tgz] |
---|---|---|
author | Thomas Wolf <thomas.wolf@paranor.ch> | Sun May 03 12:37:01 2020 +0200 |
committer | Lyor Goldstein <lgoldstein@apache.org> | Mon May 04 18:31:21 2020 +0300 |
tree | 458ec8eca7d4dc9de02c462db2d104d1e9a22b79 | |
parent | 742963a5cdff42361c7b372e3fd7ad11d7046f67 [diff] |
[SSHD-984] Writing keys in modern OpenSSH format Add support for writing keys in the modern OpenSSH key format using the OpenBSD bcrypt KDF for writing passphrase-protected, encrypted private keys. Add a new OpenSSHKeyPairResourceWriter using a specialized OpenSSHKeyEncryptionContext to make the number of KDF rounds configurable and to have the passphrase as a char[] instead of as a String. Introduce a new SecureByteArrayOutputStream. Includes test cases that generate various keys, write them to files, and load them again. Since this only tests that Apache MINA sshd can work with these keys, I've also manually verified that command-line OpenSSH can use keys generated and written by Java to actually connect to an SSH server.
Apache SSHD is a 100% pure java library to support the SSH protocols on both the client and server side. This library can leverage Apache MINA, a scalable and high performance asynchronous IO library. SSHD does not really aim at being a replacement for the SSH client or SSH server from Unix operating systems, but rather provides support for Java based applications requiring SSH support.
supported
- DRAFT 05 - section 4.4supported2
- DRAFT 13 section 5.4versions
- DRAFT 09 Section 4.6vendor-id
- DRAFT 09 - section 4.4acl-supported
- DRAFT 11 - section 5.4newline
- DRAFT 09 Section 4.3md5-hash
, md5-hash-handle
- DRAFT 09 - section 9.1.1check-file-handle
, check-file-name
- DRAFT 09 - section 9.1.2copy-file
, copy-data
- DRAFT 00 - sections 6, 7space-available
- DRAFT 09 - section 9.3eddsa
optional module), sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com , ssh-rsa-cert-v01@openssh.com, ssh-dss-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com , ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.comJava 8+ (as of version 1.3)
The code only requires the core abstract slf4j-api module. The actual implementation of the logging API can be selected from the many existing adaptors.
sshd-common - contains basic classes used throughout the project as well as code that does not require client or server network support.
sshd-core - contains the basic SSH client/server code implementing the connection, transport, channels, forwarding, etc..
sshd-sftp - contains the server side SFTP subsystem and the SFTP client code.
sshd-scp - contains the server side SCP command handler and the SCP client code.
sshd-ldap - contains server-side password and public key authenticators that use and LDAP server.
sshd-git - contains replacements for JGit SSH session factory.
sshd-osgi - contains an artifact that combines sshd-common and sshd-core so it can be deployed in OSGi environments.
sshd-putty - contains code that can parse PUTTY key files.
sshd-openpgp - contains code that can parse OpenPGP key files (with some limitations - see relevant section)
sshd-cli - contains simple templates for command-line client/server - used to provide look-and-feel similar to the Linux ssh/sshd commands.
sshd-contrib - experimental code that is currently under review and may find its way into one of the other artifacts (or become an entirely new artifact - e.g., sshd-putty evolved this way).