001 /*
002 * Copyright (C) 2012 eXo Platform SAS.
003 *
004 * This is free software; you can redistribute it and/or modify it
005 * under the terms of the GNU Lesser General Public License as
006 * published by the Free Software Foundation; either version 2.1 of
007 * the License, or (at your option) any later version.
008 *
009 * This software is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * You should have received a copy of the GNU Lesser General Public
015 * License along with this software; if not, write to the Free
016 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
017 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
018 */
019
020 package org.crsh.ssh;
021
022 import org.apache.sshd.common.KeyPairProvider;
023 import org.apache.sshd.server.keyprovider.PEMGeneratorHostKeyProvider;
024 import org.crsh.auth.AuthenticationPlugin;
025 import org.crsh.plugin.CRaSHPlugin;
026 import org.crsh.plugin.PropertyDescriptor;
027 import org.crsh.plugin.ResourceKind;
028 import org.crsh.ssh.term.SSHLifeCycle;
029 import org.crsh.ssh.term.URLKeyPairProvider;
030 import org.crsh.util.Utils;
031 import org.crsh.vfs.Resource;
032
033 import java.io.File;
034 import java.io.IOException;
035 import java.net.MalformedURLException;
036 import java.net.URL;
037 import java.nio.charset.Charset;
038 import java.util.ArrayList;
039 import java.util.Arrays;
040 import java.util.List;
041 import java.util.logging.Level;
042
043 import org.apache.sshd.common.util.SecurityUtils;
044
045 public class SSHPlugin extends CRaSHPlugin<SSHPlugin> {
046
047 /** The SSH server idle timeout value. */
048 private static final int SSH_SERVER_IDLE_DEFAULT_TIMEOUT = 10 * 60 * 1000;
049
050 /** The SSH server authentication timeout value. */
051 private static final int SSH_SERVER_AUTH_DEFAULT_TIMEOUT = 10 * 60 * 1000;
052
053 /** The SSH port. */
054 public static final PropertyDescriptor<Integer> SSH_PORT = PropertyDescriptor.create("ssh.port", 2000, "The SSH port");
055
056 /** The SSH server key path. */
057 public static final PropertyDescriptor<String> SSH_SERVER_KEYPATH = PropertyDescriptor.create("ssh.keypath", (String)null, "The path to the key file");
058
059 /** SSH host key auto generate */
060 public static final PropertyDescriptor<String> SSH_SERVER_KEYGEN = PropertyDescriptor.create("ssh.keygen", "false", "Whether to automatically generate a host key");
061
062 /** The SSH server idle timeout property. */
063 public static final PropertyDescriptor<Integer> SSH_SERVER_IDLE_TIMEOUT = PropertyDescriptor.create("ssh.idle_timeout", SSH_SERVER_IDLE_DEFAULT_TIMEOUT, "The idle-timeout for ssh sessions in milliseconds");
064
065 /** The SSH server authentication timeout property. */
066 public static final PropertyDescriptor<Integer> SSH_SERVER_AUTH_TIMEOUT = PropertyDescriptor.create("ssh.auth_timeout", SSH_SERVER_AUTH_DEFAULT_TIMEOUT, "The authentication timeout for ssh sessions in milliseconds");
067
068 /** The SSH charset. */
069 public static final PropertyDescriptor<Charset> SSH_ENCODING = new PropertyDescriptor<Charset>(Charset.class, "ssh.default_encoding", Utils.UTF_8, "The ssh stream default encoding when no one could be determined") {
070 @Override
071 protected Charset doParse(String s) throws Exception {
072 return Charset.forName(s);
073 }
074 };
075
076 /** . */
077 private SSHLifeCycle lifeCycle;
078
079 @Override
080 public SSHPlugin getImplementation() {
081 return this;
082 }
083
084 @Override
085 protected Iterable<PropertyDescriptor<?>> createConfigurationCapabilities() {
086 return Arrays.<PropertyDescriptor<?>>asList(SSH_PORT, SSH_SERVER_KEYPATH, SSH_SERVER_KEYGEN, SSH_SERVER_AUTH_TIMEOUT,
087 SSH_SERVER_IDLE_TIMEOUT, SSH_ENCODING, AuthenticationPlugin.AUTH);
088 }
089
090 @Override
091 public void init() {
092
093 SecurityUtils.setRegisterBouncyCastle(true);
094 //
095 Integer port = getContext().getProperty(SSH_PORT);
096 if (port == null) {
097 log.log(Level.INFO, "Could not boot SSHD due to missing due to missing port configuration");
098 return;
099 }
100
101 //
102 Integer idleTimeout = getContext().getProperty(SSH_SERVER_IDLE_TIMEOUT);
103 if (idleTimeout == null) {
104 idleTimeout = SSH_SERVER_IDLE_DEFAULT_TIMEOUT;
105 }
106 Integer authTimeout = getContext().getProperty(SSH_SERVER_AUTH_TIMEOUT);
107 if (authTimeout == null) {
108 authTimeout = SSH_SERVER_AUTH_DEFAULT_TIMEOUT;
109 }
110
111 //
112 Resource serverKey = null;
113 KeyPairProvider keyPairProvider = null;
114
115 // Get embedded default key
116 URL serverKeyURL = SSHPlugin.class.getResource("/crash/hostkey.pem");
117 if (serverKeyURL != null) {
118 try {
119 log.log(Level.FINE, "Found embedded key url " + serverKeyURL);
120 serverKey = new Resource("hostkey.pem", serverKeyURL);
121 }
122 catch (IOException e) {
123 log.log(Level.FINE, "Could not load ssh key from url " + serverKeyURL, e);
124 }
125 }
126
127 // Override from config if any
128 Resource serverKeyRes = getContext().loadResource("hostkey.pem", ResourceKind.CONFIG);
129 if (serverKeyRes != null) {
130 serverKey = serverKeyRes;
131 log.log(Level.FINE, "Found server ssh key url");
132 }
133
134 // If we have a key path, we convert is as an URL
135 String serverKeyPath = getContext().getProperty(SSH_SERVER_KEYPATH);
136 if (serverKeyPath != null) {
137 log.log(Level.FINE, "Found server key path " + serverKeyPath);
138 File f = new File(serverKeyPath);
139 String keyGen = getContext().getProperty(SSH_SERVER_KEYGEN);
140 if (keyGen != null && keyGen.equals("true")) {
141 keyPairProvider = new PEMGeneratorHostKeyProvider(serverKeyPath, "RSA");
142 } else if (f.exists() && f.isFile()) {
143 try {
144 serverKeyURL = f.toURI().toURL();
145 serverKey = new Resource("hostkey.pem", serverKeyURL);
146 } catch (MalformedURLException e) {
147 log.log(Level.FINE, "Ignoring invalid server key " + serverKeyPath, e);
148 } catch (IOException e) {
149 log.log(Level.FINE, "Could not load SSH key from " + serverKeyPath, e);
150 }
151 } else {
152 log.log(Level.FINE, "Ignoring invalid server key path " + serverKeyPath);
153 }
154 }
155
156 //
157 if (serverKeyURL == null) {
158 log.log(Level.INFO, "Could not boot SSHD due to missing server key");
159 return;
160 }
161
162 //
163 if (keyPairProvider == null) {
164 keyPairProvider = new URLKeyPairProvider(serverKey);
165 }
166
167 // Get the authentication
168 ArrayList<AuthenticationPlugin> authPlugins = new ArrayList<AuthenticationPlugin>(0);
169 List authentication = getContext().getProperty(AuthenticationPlugin.AUTH);
170 if (authentication != null) {
171 for (AuthenticationPlugin authenticationPlugin : getContext().getPlugins(AuthenticationPlugin.class)) {
172 if (authentication.contains(authenticationPlugin.getName())) {
173 authPlugins.add(authenticationPlugin);
174 }
175 }
176 }
177
178 //
179 Charset encoding = getContext().getProperty(SSH_ENCODING);
180 if (encoding == null) {
181 encoding = Utils.UTF_8;
182 }
183
184 //
185 log.log(Level.INFO, "Booting SSHD");
186 SSHLifeCycle lifeCycle = new SSHLifeCycle(
187 getContext(),
188 encoding,
189 port,
190 idleTimeout,
191 authTimeout,
192 keyPairProvider,
193 authPlugins);
194 lifeCycle.init();
195
196 //
197 this.lifeCycle = lifeCycle;
198 }
199
200 @Override
201 public void destroy() {
202 if (lifeCycle != null) {
203 log.log(Level.INFO, "Shutting down SSHD");
204 lifeCycle.destroy();
205 lifeCycle = null;
206 }
207 }
208 }