AttributeStore
“read” methods moved to (new class) AttributeRepository
.
AttributeKey
moved to AttributeRepository
.
getAttribute
and resolveAttribute
moved to AttributeRepository
.
Added attributeKeys
enumeration method to AttributeRepository
.
In this context, please note that all associated session/channel/client/server attributes are cleared when entity is closed. The clearing usually occurs as after all relevant registered event listeners have been invoked.
DEFAULT_PORT
moved from SshConfigFileReader
to SshConstants
.
Moved some session “summary” related definitions from Session
to SessionContext
(which Session
extends).
Added new sessionDisconnect
method to SessionListener
.
ReservedSessionMessagesHandler#handleUnimplementedMessage
has an extra cmd
argument and is called both for SSH_MSG_UNIMPLEMENTED
as well as for any other unexpected/unrecognized command encountered during the session message processing loop.
AttributeRepository
optional context propagated during initial connection establishment
ClientSessionCreator
has extra connect
methods with an AttributeRepository
connection context argument
The context is also propagated to HostConfigEntryResolver#resolveEffectiveHost
method
connectionEstablished
and abortEstablishedConnection
methods of IoServiceEventListener
accept also an AttributeRepository
connection context argument (propagated from the ClientSessionCreator#connect
invocation).
FilePasswordProvider
Added an extra method (handleDecodeAttemptResult
) that enables users to try and repeat an encrypted private key decoding using a different password.
The interface methods are also provided with a retry index that indicates the number of times they have been re-invoked for the same resource (including on success).
The available session context (if any) is also provided as an argument to the interface methods.
The interface methods use a NamedResource
as the resource key instead of a plain string.
SshAgent#getIdentities
returns an Iterable
rather than a List
SftpFileSystemProvider
and its associated helper classes have been moved to org.apache.sshd.client.subsystem.sftp.fs
package.
KeyPairProvider
accepts a SessionContext
argument in its getKeyTypes/loadKey
methods.
KeyIdentityProvider
accepts a SessionContext
argument in its loadKeys
method.
ClientIdentityProvider
accepts a SessionContext
argument in its getClientIdentity
method.
ClientIdentityLoader
Accepts a SessionContext
argument in its loadClientIdentity
method.
Uses a NamedResource
as the identity location indicator instead of a plain old string.
ApacheSshdSftpSessionFactory#get/setPrivateKey
has been renamed to get/setPrivateKeyLocation
.
SshClient
and ClientSession
use a KeyIdentityProvider
instead of a full blown KeyPairProvider
. KeyPairProvider
is used only in the context of an SshServer
and/or ServerSession
.
SshClient#loadClientIdentities
has been renamed to preloadClientIdentities
+ it returns a KeyIdentityProvider
instead of a collection of strings representing paths.
The various ClientIdentitiesWatcher
(s) use a type-safe ClientIdentityLoaderHolder
and FilePasswordProviderHolder
instead of the generic Supplier
definition.
Removed API(s) that used string file paths to create FileInputStream
-s - using only java.nio.file.Path
-s
Converted most of the key-pair identity loaders (e.g., ClientIdentityLoader
, ClientIdentityProvider
, etc.) to return an Iterable<KeyPair>
instead of single KeyPair
instance.
Code that converts authorized keys entries into PublicKey
-s has been renamed to resolvePublicKeyEntries
and moved to PublicKeyEntry
class.
PublicKeyEntryResolver
(and its derived classes) accept an extra SessionContext
parameter.
All methods ScpTransferEventListener
accept an extra Session
parameter indicating the SSH client/server session context for the listener's invocation.
ScpFileOpener
and ScpReceiveLineHandler
Re-provide expected SCP byte count transfer and permissions when invoking ScpFileOpener#openRead/openWrite
CipherInformation#getBlockSize
has been renamed to getKdfSize
in order to emphasize that its value represents the number of bytes used to derive the cipher‘s secret key value and not the cipher’s underlying block size.
IdentityResourceLoader
exposes getSupportedKeyTypes()
instead of getSupportedTypeNames()
Identity
interface as wellHostConfigEntryResolver#resolveEffectiveHost
accepts also an (optional) initial connection context and/or local peer binding address - propagated from the ClientSessionCreator#connect
invocation.
connectionAccepted/abortAcceptedConnection
methods of IoServiceEventListener
accept an extra argument - the service listen endpoint through which the connection was accepted.
SSHD-708 - Add support for password encrypted OpenSSH private key files.
SSHD-757 - Added hooks and some initial code to allow (limited) usage of OpenPGP key files - e.g. in authorized_keys
files or as client identities.
SSHD-849 - Data forwarding code makes sure all pending packets have been sent to the peer channel when closing the tunnel gracefully.
SSHD-850 - Add capability to retry a failed private key decryption.
SSHD-857 - Add session disconnect event signalling to SessionListener.
ReservedSessionMessagesHandler#handleUnimplementedMessage
not only for SSH_MSG_UNIMPLEMENTED
but also for any unexpected/unrecognized command encountered during the session message processing loop.SSHD-859 - Provide client session connection context that is propagated to the SSH session.
ClientSessionCreator#connect
invocation) toconnectionEstablished
and abortEstablishedConnection
methods of IoServiceEventListener
.SSHD-860 - Use lazy loading of public key identities.
SSHD-861 - Fixed username/password encoding for SftpFileSystem
URI(s).
SftpFileSystemClientSessionInitializer
support in SftpFileSystemProvider
SSHD-862 - Provide session context argument (if available) when key loading methods are invoked.
SSHD-864 - Using a NamedResource
instead of plain old string in order to provide key file(s) location information
SSHD-865 - Key identities overrides specified in the ssh_config configuration file are also lazy loaded
SSHD-866 - Counting empty challenges separately when enforcing max. attempts during keyboard-interactive
authentication
SSHD-870 - Added hooks and some initial code to allow (limited) usage of OpenPGP key rings in authorized_keys
files
SSHD-873 - CipherInformation#getCipherBlockSize
method has been added for exposing the cipher's block size. Note: for the time being we declare a virtual block size for stream ciphers as well (e.g., RC4) in order to facilitate the automatic re-keying mechanism described in RFC 4253 - section 9 and RFC 4344 - section 3.2.
SSHD-876 - Looking through the resolvable class-loaders “hierarchy” (thread-context => anchor => system) for sshd-version.properties
file instead of just in the thread context class loader.
APACHE-SSHD-...version...
. Reminder: the user can override this default via configuration properties set on the client/server instance (see AbstractSession#resolveIdentificationString
, ClientFactoryManager#CLIENT_IDENTIFICATION
, and ServerFactoryManager#SERVER_IDENTIFICATION
).SSHD-878 - The File/DirectoryHandle
(s) used by the SFTP subsystem implement AttributeStore
interface - which means that SftpEventListener
(s) can now attach user-defined attributes to the generated handle(s).
SSHD-886 - Do not send SSH_MSG_UNIMPLEMENTED
reply if registered ReservedSessionMessagesHandler
signals that it has handled the unknown packet type.
SftpCommandMain
shows by default get/put
command progress using the hash sign (#
) marker. The marker can be enabled/disabled via the progress
command:
> progress ... reponse is whether it is 'on' or 'off' > progress on/off ... set the progress marker indicator ...