Google Git
Sign in
apache / mina-sshd / 31e73f768b5c4bf9ed00942184e1570d3365be21
commit31e73f768b5c4bf9ed00942184e1570d3365be21[log] [tgz]
authorThomas Wolf <twolf@apache.org>Sun May 21 14:27:15 2023 +0200
committerThomas Wolf <twolf@apache.org>Mon May 29 14:02:28 2023 +0200
tree4758e4c5b5bbef404d27fd7a2eb76e52ec3d0c15
parentf1994bd3bee631ae828def8fe9e9ab35310da8cd [diff]
GH-371: Re-implement the channel pool of an SftpFileSystem

The previous implementation always put unused SftpClients back into
the pool, but SftpClients in the pool were never closed (unless the
whole SSH session was closed).

Let this pool work more like a Java thread pool: besides a maximum
size, give it a minimum "core" size, and a maximum life time for idle
channels in the pool, and remove them from the pool and close them
when they expire. By default, the maximum pool size is 8, the core size
1, and the idle life time 10 seconds.

Also drain the pool when the file system closes, and close all channels.

Remove the ThreadLocal. This mechanism was questionable anyway; it was
the source of multiple earlier bug reports and there are some scenarios
that it just cannot handle correctly. This change will mean that an
application using more threads on an SftpFileSystem instance than the
pool size may see poor SFTP performance on the extra threads. In this
case, the pool size should be increased, or the application redesigned.

Add some technical documentation on all this.

Ensure in SftpFileSystem.readDir(String) that the SftpClient on the
SftpIterableDirEntry is the wrapper. We don't want to close the
underlying pooled channel. Ditto for InputStream and OutputStream
returned from read or write: those also must use the wrapper to react
properly when the wrapper is closed.

Ensure the behavior of an SftpDirectoryStream is correct when the stream
is closed. According to the javadoc on DirectoryStream, the iterator may
continue to produce already cached entries, but then may exhaust early.

Bug: https://github.com/apache/mina-sshd/issues/371
10 files changed
tree: 4758e4c5b5bbef404d27fd7a2eb76e52ec3d0c15
  1. .github/
  2. assembly/
  3. docs/
  4. sshd-cli/
  5. sshd-common/
  6. sshd-contrib/
  7. sshd-core/
  8. sshd-git/
  9. sshd-ldap/
  10. sshd-mina/
  11. sshd-netty/
  12. sshd-openpgp/
  13. sshd-osgi/
  14. sshd-putty/
  15. sshd-scp/
  16. sshd-sftp/
  17. sshd-sources/
  18. sshd-spring-sftp/
  19. .asf.yaml
  20. .gitattributes
  21. .gitignore
  22. CHANGES.md
  23. java-checkstyle-license-header.txt
  24. LICENSE.txt
  25. NOTICE-bin.txt
  26. NOTICE.txt
  27. pom.xml
  28. README.md
  29. SECURITY.md
  30. security.txt
  31. sshd-checkstyle-suppressions.xml
  32. sshd-checkstyle.xml
  33. sshd-eclipse-formatter-config.xml
  34. sshd-findbugs.xml
  35. sshd-owasp-suppressions.xml
  36. sshd-pmd-ruleset.xml
README.md

Apache MINA SSHD

Apache MINA SSHD

Apache MINA SSHD is a 100% pure java library to support the SSH protocols on both the client and server side. It does not aim at being a replacement for the SSH client or SSH server from Unix operating systems, but rather provides support for Java based applications requiring SSH support.

The library can leverage several I/O back-ends:

  • The default transport is built-in and uses Java's AsynchronousSocketChannels.
  • Apache MINA, a scalable and high performance asynchronous I/O library, can be used instead, or
  • the Netty asynchronous event-driven network framework is also supported.

Releases

Releases of Apache MINA sshd are available at Maven Central. tar.gz and ZIP source and binary distributions are available at the Apache MINA sshd web site.

Snapshot releases from the main branch are published on each push or merge on the main branch, if the tests pass successfully. These snapshot releases are available at the Apache Snapshot maven repository.

Release notes

Issue reporting

Bug reports and improvement or feature requests can be filed at the GitHub issue tracker or at the Apache issue tracker.

Sensitive issues such as security vulnerabilities must be reported through private channels, not via either issue tracker.

Supported standards

Core requirements

  • Java 8+ (as of version 1.3)

  • Slf4j

The code only requires the core abstract slf4j-api module. The actual implementation of the logging API can be selected from the many existing adaptors.

Basic artifacts structure

  • sshd-common - contains basic classes used throughout the project as well as code that does not require client or server network support.

  • sshd-core - contains the basic SSH client/server code implementing the connection, transport, channels, forwarding, etc..

    • sshd-mina, sshd-netty - replacements for the default NIO2 connector used to establish and manage network connections using MINA and/or Netty libraries respectively.

  • sshd-sftp - contains the server side SFTP subsystem and the SFTP client code.

  • sshd-scp - contains the server side SCP command handler and the SCP client code.

  • sshd-ldap - contains server-side password and public key authenticators that use an LDAP server.

  • sshd-git - contains replacements for JGit SSH session factory.

  • sshd-osgi - contains an artifact that combines sshd-common and sshd-core so it can be deployed in OSGi environments.

  • sshd-putty - contains code that can parse PUTTY key files.

  • sshd-openpgp - contains code that can parse OpenPGP key files (with some limitations - see relevant section)

  • sshd-cli - contains simple templates for command-line client/server - used to provide look-and-feel similar to the Linux ssh/sshd commands.

  • sshd-contrib - experimental code that is currently under review and may find its way into one of the other artifacts (or become an entirely new artifact - e.g., sshd-putty evolved this way).

Optional dependencies

Quick reference

Building the code

Including tests

mvn clean install

Without tests

mvn -Pquick clean install

Set up an SSH client in 5 minutes

Embedding an SSHD server instance in 5 minutes

SSH functionality breakdown

Security providers setup

Commands infrastructure

SCP

SFTP

Port forwarding

Internal support classes

Event listeners and handlers

Command line clients

GIT support

Configuration/data files parsing support

Extension modules

HOWTO(s)

Technical Documentation

SSH Key Exchange

TCP/IP Port Forwarding

Global Requests

Android support