001 /* 002 * Copyright (C) 2012 eXo Platform SAS. 003 * 004 * This is free software; you can redistribute it and/or modify it 005 * under the terms of the GNU Lesser General Public License as 006 * published by the Free Software Foundation; either version 2.1 of 007 * the License, or (at your option) any later version. 008 * 009 * This software is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * You should have received a copy of the GNU Lesser General Public 015 * License along with this software; if not, write to the Free 016 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 017 * 02110-1301 USA, or see the FSF site: http://www.fsf.org. 018 */ 019 020 package org.crsh.ssh; 021 022 import org.apache.sshd.common.KeyPairProvider; 023 import org.apache.sshd.server.keyprovider.PEMGeneratorHostKeyProvider; 024 import org.crsh.auth.AuthenticationPlugin; 025 import org.crsh.plugin.CRaSHPlugin; 026 import org.crsh.plugin.PropertyDescriptor; 027 import org.crsh.plugin.ResourceKind; 028 import org.crsh.ssh.term.SSHLifeCycle; 029 import org.crsh.ssh.term.URLKeyPairProvider; 030 import org.crsh.util.Utils; 031 import org.crsh.vfs.Resource; 032 033 import java.io.File; 034 import java.io.IOException; 035 import java.net.MalformedURLException; 036 import java.net.URL; 037 import java.nio.charset.Charset; 038 import java.util.ArrayList; 039 import java.util.Arrays; 040 import java.util.List; 041 import java.util.logging.Level; 042 043 import org.apache.sshd.common.util.SecurityUtils; 044 045 public class SSHPlugin extends CRaSHPlugin<SSHPlugin> { 046 047 /** The SSH server idle timeout value. */ 048 private static final int SSH_SERVER_IDLE_DEFAULT_TIMEOUT = 10 * 60 * 1000; 049 050 /** The SSH server authentication timeout value. */ 051 private static final int SSH_SERVER_AUTH_DEFAULT_TIMEOUT = 10 * 60 * 1000; 052 053 /** The SSH port. */ 054 public static final PropertyDescriptor<Integer> SSH_PORT = PropertyDescriptor.create("ssh.port", 2000, "The SSH port"); 055 056 /** The SSH server key path. */ 057 public static final PropertyDescriptor<String> SSH_SERVER_KEYPATH = PropertyDescriptor.create("ssh.keypath", (String)null, "The path to the key file"); 058 059 /** SSH host key auto generate */ 060 public static final PropertyDescriptor<String> SSH_SERVER_KEYGEN = PropertyDescriptor.create("ssh.keygen", "false", "Whether to automatically generate a host key"); 061 062 /** The SSH server idle timeout property. */ 063 public static final PropertyDescriptor<Integer> SSH_SERVER_IDLE_TIMEOUT = PropertyDescriptor.create("ssh.idle_timeout", SSH_SERVER_IDLE_DEFAULT_TIMEOUT, "The idle-timeout for ssh sessions in milliseconds"); 064 065 /** The SSH server authentication timeout property. */ 066 public static final PropertyDescriptor<Integer> SSH_SERVER_AUTH_TIMEOUT = PropertyDescriptor.create("ssh.auth_timeout", SSH_SERVER_AUTH_DEFAULT_TIMEOUT, "The authentication timeout for ssh sessions in milliseconds"); 067 068 /** The SSH charset. */ 069 public static final PropertyDescriptor<Charset> SSH_ENCODING = new PropertyDescriptor<Charset>(Charset.class, "ssh.default_encoding", Utils.UTF_8, "The ssh stream default encoding when no one could be determined") { 070 @Override 071 protected Charset doParse(String s) throws Exception { 072 return Charset.forName(s); 073 } 074 }; 075 076 /** . */ 077 private SSHLifeCycle lifeCycle; 078 079 @Override 080 public SSHPlugin getImplementation() { 081 return this; 082 } 083 084 @Override 085 protected Iterable<PropertyDescriptor<?>> createConfigurationCapabilities() { 086 return Arrays.<PropertyDescriptor<?>>asList(SSH_PORT, SSH_SERVER_KEYPATH, SSH_SERVER_KEYGEN, SSH_SERVER_AUTH_TIMEOUT, 087 SSH_SERVER_IDLE_TIMEOUT, SSH_ENCODING, AuthenticationPlugin.AUTH); 088 } 089 090 @Override 091 public void init() { 092 093 SecurityUtils.setRegisterBouncyCastle(true); 094 // 095 Integer port = getContext().getProperty(SSH_PORT); 096 if (port == null) { 097 log.log(Level.INFO, "Could not boot SSHD due to missing due to missing port configuration"); 098 return; 099 } 100 101 // 102 Integer idleTimeout = getContext().getProperty(SSH_SERVER_IDLE_TIMEOUT); 103 if (idleTimeout == null) { 104 idleTimeout = SSH_SERVER_IDLE_DEFAULT_TIMEOUT; 105 } 106 Integer authTimeout = getContext().getProperty(SSH_SERVER_AUTH_TIMEOUT); 107 if (authTimeout == null) { 108 authTimeout = SSH_SERVER_AUTH_DEFAULT_TIMEOUT; 109 } 110 111 // 112 Resource serverKey = null; 113 KeyPairProvider keyPairProvider = null; 114 115 // Get embedded default key 116 URL serverKeyURL = SSHPlugin.class.getResource("/crash/hostkey.pem"); 117 if (serverKeyURL != null) { 118 try { 119 log.log(Level.FINE, "Found embedded key url " + serverKeyURL); 120 serverKey = new Resource("hostkey.pem", serverKeyURL); 121 } 122 catch (IOException e) { 123 log.log(Level.FINE, "Could not load ssh key from url " + serverKeyURL, e); 124 } 125 } 126 127 // Override from config if any 128 Resource serverKeyRes = getContext().loadResource("hostkey.pem", ResourceKind.CONFIG); 129 if (serverKeyRes != null) { 130 serverKey = serverKeyRes; 131 log.log(Level.FINE, "Found server ssh key url"); 132 } 133 134 // If we have a key path, we convert is as an URL 135 String serverKeyPath = getContext().getProperty(SSH_SERVER_KEYPATH); 136 if (serverKeyPath != null) { 137 log.log(Level.FINE, "Found server key path " + serverKeyPath); 138 File f = new File(serverKeyPath); 139 String keyGen = getContext().getProperty(SSH_SERVER_KEYGEN); 140 if (keyGen != null && keyGen.equals("true")) { 141 keyPairProvider = new PEMGeneratorHostKeyProvider(serverKeyPath, "RSA"); 142 } else if (f.exists() && f.isFile()) { 143 try { 144 serverKeyURL = f.toURI().toURL(); 145 serverKey = new Resource("hostkey.pem", serverKeyURL); 146 } catch (MalformedURLException e) { 147 log.log(Level.FINE, "Ignoring invalid server key " + serverKeyPath, e); 148 } catch (IOException e) { 149 log.log(Level.FINE, "Could not load SSH key from " + serverKeyPath, e); 150 } 151 } else { 152 log.log(Level.FINE, "Ignoring invalid server key path " + serverKeyPath); 153 } 154 } 155 156 // 157 if (serverKeyURL == null) { 158 log.log(Level.INFO, "Could not boot SSHD due to missing server key"); 159 return; 160 } 161 162 // 163 if (keyPairProvider == null) { 164 keyPairProvider = new URLKeyPairProvider(serverKey); 165 } 166 167 // Get the authentication 168 ArrayList<AuthenticationPlugin> authPlugins = new ArrayList<AuthenticationPlugin>(0); 169 List authentication = getContext().getProperty(AuthenticationPlugin.AUTH); 170 if (authentication != null) { 171 for (AuthenticationPlugin authenticationPlugin : getContext().getPlugins(AuthenticationPlugin.class)) { 172 if (authentication.contains(authenticationPlugin.getName())) { 173 authPlugins.add(authenticationPlugin); 174 } 175 } 176 } 177 178 // 179 Charset encoding = getContext().getProperty(SSH_ENCODING); 180 if (encoding == null) { 181 encoding = Utils.UTF_8; 182 } 183 184 // 185 log.log(Level.INFO, "Booting SSHD"); 186 SSHLifeCycle lifeCycle = new SSHLifeCycle( 187 getContext(), 188 encoding, 189 port, 190 idleTimeout, 191 authTimeout, 192 keyPairProvider, 193 authPlugins); 194 lifeCycle.init(); 195 196 // 197 this.lifeCycle = lifeCycle; 198 } 199 200 @Override 201 public void destroy() { 202 if (lifeCycle != null) { 203 log.log(Level.INFO, "Shutting down SSHD"); 204 lifeCycle.destroy(); 205 lifeCycle = null; 206 } 207 } 208 }