SftpSubSystemFactory,ScpCommandFactory
and their respective Builder
(s) as well as the AbstractGitCommandFactory
use a Supplier<CloseableExecutorService>
instead of an executor instance in order to allow users to provide a “fresh” instance every time a new command instance is initiated and protect their instance from shutdown when session is destroyed:CloseableExecutorService mySpecialExecutor = ...; SftpSubsystemFactory factory = new SftpSubsystemFactory.Builder() .withExecutorServiceProvider(() -> ThreadUtils.noClose(mySpecialExecutor)) .build(); server.setSubsystemFactories(Collections.singletonList(factory));
SubsystemFactory
is a proper interface and it has been refactored to contain a createSubsystem
method that accepts the ChannelSession
through which the request has been made
AbstractSftpSubsystemHelper#resolvePathResolutionFollowLinks
is consulted wherever the standard does not specifically specify the behavior regarding symbolic links handling.
UserAuthFactory
is a proper interface and it has been refactored to contain a createUserAuth
method that accepts the session instance through which the request is made.
ChannelFactory
is a proper interface and it has been refactored to contain a createChannel
method that accepts the session instance through which the request is made.
KeyExchangeFactory
is a proper interface and it has been refactored to contain a createKeyExchange
method that accepts the session instance through which the request is made.
Signature
methods accept a SessionContext
argument representing the session context of their invocation (if any).
Default MAC(s) list is set according to the ssh_config(5) order as first ones, where the supported MAC(s) that do no appear in it come last.
PasswordAuthenticator
has a handleClientPasswordChangeRequest
method that is invoked if a password change has been indicated by the user during authentication via the “password” method - by default throws UnsupportedOperationException
.
SessionListener
supports sessionPeerIdentificationReceived
method that is invoked once successful peer version data is received.
SessionListener
supports sessionEstablished
method that is invoked when initial constructor is executed.
ChannelIdTrackingUnknownChannelReferenceHandler
extends the functionality of the DefaultUnknownChannelReferenceHandler
by tracking the initialized channels identifiers and being lenient only if command is received for a channel that was initialized in the past.
The internal moduli used in Diffie-Hellman group exchange are cached - lazy-loaded the 1st time such an exchange occurs. The cache can be invalidated (and thus force a re-load) by invoking Moduli#clearInternalModuliCache
.
DHGEXClient
implementation allows overriding the min./max. key sizes for a specific session Diffi-Helman group exchange via properties - see DHGEXClient#PROP_DHGEX_CLIENT_MIN/MAX/PRF_KEY
. Similar applies for DHGEXServer
but only for the message type=30 (old request).
AbstractSignature#doInitSignature
is now provided also with the Key
instance for which it is invoked.
The MacInformation
interface has an extra isEncryptThenMac
method (default=false) to enable distinction of this mode.
Provide configurable control over the client-side ChannelSession
stdin pump chunk size.
Client side UserAuthKeyboardInteractive
allows configurable detection of plain-text password prompt.
Moved a few informative getters from Session
to SessionContext
.
SSHD-926 - Add support for OpenSSH ‘lsetstat@openssh.com’ SFTP protocol extension.
SSHD-930 - Added configuration allowing the user to specify whether client should wait for the server's identification before sending its own.
SSHD-931 - Using an executor supplier instead of a specific instance in SftpSubsystemFactory
and ScpCommandFactory
.
SSHD-934 - Fixed ECDSA public key encoding into OpenSSH format.
SSHD-937 - Provide session instance when creating a subsystem, user authentication, channel.
SSHD-941 - Allow user to override min./max. key sizes for a specific session Diffi-Helman group exchange via properties.
SSHD-943 - Provide session instance when KEX factory is invoked in order to create a KeyExchange instance.
SSHD-945 - Added sshd-contrib code that uses SHA1 with DSA regardless of its key length.
SSHD-946 - Supporting ‘encrypt-then-MAC’ mode.
SSHD-947 - Added configuration allowing the user to specify whether client should wait for the server's identification before sending KEX-INIT message.
SSHD-948 - Do not accept password authentication if the session is not encrypted.
SSHD-949 - Session should use cipher block size and not IV size to calculate padding.
SSHD-953 - Parse and strip quoted command arguments when executing a server-side command via local shell.
SSHD-955 - Provide configurable control over auto-detected password prompt in client-side UserAuthKeyboardInteractive
implementation.
SSHD-956 - Using System#nanoTime
to measure session idle/authentication timeouts