001/* 002 * Copyright (C) 2012 eXo Platform SAS. 003 * 004 * This is free software; you can redistribute it and/or modify it 005 * under the terms of the GNU Lesser General Public License as 006 * published by the Free Software Foundation; either version 2.1 of 007 * the License, or (at your option) any later version. 008 * 009 * This software is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * You should have received a copy of the GNU Lesser General Public 015 * License along with this software; if not, write to the Free 016 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 017 * 02110-1301 USA, or see the FSF site: http://www.fsf.org. 018 */ 019 020package org.crsh.ssh; 021 022import org.apache.sshd.common.KeyPairProvider; 023import org.apache.sshd.server.keyprovider.PEMGeneratorHostKeyProvider; 024import org.crsh.auth.AuthenticationPlugin; 025import org.crsh.plugin.CRaSHPlugin; 026import org.crsh.plugin.PropertyDescriptor; 027import org.crsh.plugin.ResourceKind; 028import org.crsh.ssh.term.SSHLifeCycle; 029import org.crsh.ssh.term.URLKeyPairProvider; 030import org.crsh.vfs.Resource; 031 032import java.io.File; 033import java.io.IOException; 034import java.net.MalformedURLException; 035import java.net.URL; 036import java.util.ArrayList; 037import java.util.Arrays; 038import java.util.List; 039import java.util.logging.Level; 040 041import org.apache.sshd.common.util.SecurityUtils; 042 043public class SSHPlugin extends CRaSHPlugin<SSHPlugin> { 044 045 /** The SSH port. */ 046 public static final PropertyDescriptor<Integer> SSH_PORT = PropertyDescriptor.create("ssh.port", 2000, "The SSH port"); 047 048 /** The SSH server key path. */ 049 public static final PropertyDescriptor<String> SSH_SERVER_KEYPATH = PropertyDescriptor.create("ssh.keypath", (String)null, "The path to the key file"); 050 051 /** SSH host key auto generate */ 052 public static final PropertyDescriptor<String> SSH_SERVER_KEYGEN = PropertyDescriptor.create("ssh.keygen", "false", "Whether to automatically generate a host key"); 053 054 /** The SSH server idle timeout. */ 055 private static final int SSH_SERVER_IDLE_DEFAULT_TIMEOUT = 10 * 60 * 1000; 056 public static final PropertyDescriptor<Integer> SSH_SERVER_IDLE_TIMEOUT = PropertyDescriptor.create("ssh.idle-timeout", SSH_SERVER_IDLE_DEFAULT_TIMEOUT, "The idle-timeout for ssh sessions in milliseconds"); 057 058 /** The SSH server authentication timeout. */ 059 private static final int SSH_SERVER_AUTH_DEFAULT_TIMEOUT = 10 * 60 * 1000; 060 public static final PropertyDescriptor<Integer> SSH_SERVER_AUTH_TIMEOUT = PropertyDescriptor.create("ssh.auth-timeout", SSH_SERVER_AUTH_DEFAULT_TIMEOUT, "The authentication timeout for ssh sessions in milliseconds"); 061 062 063 /** . */ 064 private SSHLifeCycle lifeCycle; 065 066 @Override 067 public SSHPlugin getImplementation() { 068 return this; 069 } 070 071 @Override 072 protected Iterable<PropertyDescriptor<?>> createConfigurationCapabilities() { 073 return Arrays.<PropertyDescriptor<?>>asList(SSH_PORT, SSH_SERVER_KEYPATH, SSH_SERVER_KEYGEN, SSH_SERVER_AUTH_TIMEOUT, SSH_SERVER_IDLE_TIMEOUT, AuthenticationPlugin.AUTH); 074 } 075 076 @Override 077 public void init() { 078 079 SecurityUtils.setRegisterBouncyCastle(true); 080 // 081 Integer port = getContext().getProperty(SSH_PORT); 082 if (port == null) { 083 log.log(Level.INFO, "Could not boot SSHD due to missing due to missing port configuration"); 084 return; 085 } 086 087 // 088 Integer idleTimeout = getContext().getProperty(SSH_SERVER_IDLE_TIMEOUT); 089 if (idleTimeout == null) { 090 idleTimeout = SSH_SERVER_IDLE_DEFAULT_TIMEOUT; 091 } 092 Integer authTimeout = getContext().getProperty(SSH_SERVER_AUTH_TIMEOUT); 093 if (authTimeout == null) { 094 authTimeout = SSH_SERVER_AUTH_DEFAULT_TIMEOUT; 095 } 096 097 // 098 Resource serverKey = null; 099 KeyPairProvider keyPairProvider = null; 100 101 // Get embedded default key 102 URL serverKeyURL = SSHPlugin.class.getResource("/crash/hostkey.pem"); 103 if (serverKeyURL != null) { 104 try { 105 log.log(Level.FINE, "Found embedded key url " + serverKeyURL); 106 serverKey = new Resource("hostkey.pem", serverKeyURL); 107 } 108 catch (IOException e) { 109 log.log(Level.FINE, "Could not load ssh key from url " + serverKeyURL, e); 110 } 111 } 112 113 // Override from config if any 114 Resource serverKeyRes = getContext().loadResource("hostkey.pem", ResourceKind.CONFIG); 115 if (serverKeyRes != null) { 116 serverKey = serverKeyRes; 117 log.log(Level.FINE, "Found server ssh key url"); 118 } 119 120 // If we have a key path, we convert is as an URL 121 String serverKeyPath = getContext().getProperty(SSH_SERVER_KEYPATH); 122 if (serverKeyPath != null) { 123 log.log(Level.FINE, "Found server key path " + serverKeyPath); 124 File f = new File(serverKeyPath); 125 String keyGen = getContext().getProperty(SSH_SERVER_KEYGEN); 126 if (keyGen != null && keyGen.equals("true")) { 127 keyPairProvider = new PEMGeneratorHostKeyProvider(serverKeyPath, "RSA"); 128 } else if (f.exists() && f.isFile()) { 129 try { 130 serverKeyURL = f.toURI().toURL(); 131 serverKey = new Resource("hostkey.pem", serverKeyURL); 132 } catch (MalformedURLException e) { 133 log.log(Level.FINE, "Ignoring invalid server key " + serverKeyPath, e); 134 } catch (IOException e) { 135 log.log(Level.FINE, "Could not load SSH key from " + serverKeyPath, e); 136 } 137 } else { 138 log.log(Level.FINE, "Ignoring invalid server key path " + serverKeyPath); 139 } 140 } 141 142 // 143 if (serverKeyURL == null) { 144 log.log(Level.INFO, "Could not boot SSHD due to missing server key"); 145 return; 146 } 147 148 // 149 if (keyPairProvider == null) { 150 keyPairProvider = new URLKeyPairProvider(serverKey); 151 } 152 153 // Get the authentication 154 ArrayList<AuthenticationPlugin> authPlugins = new ArrayList<AuthenticationPlugin>(0); 155 List authentication = getContext().getProperty(AuthenticationPlugin.AUTH); 156 if (authentication != null) { 157 for (AuthenticationPlugin authenticationPlugin : getContext().getPlugins(AuthenticationPlugin.class)) { 158 if (authentication.contains(authenticationPlugin.getName())) { 159 authPlugins.add(authenticationPlugin); 160 } 161 } 162 } 163 164 // 165 log.log(Level.INFO, "Booting SSHD"); 166 SSHLifeCycle lifeCycle = new SSHLifeCycle(getContext(), authPlugins); 167 lifeCycle.setPort(port); 168 lifeCycle.setAuthTimeout(authTimeout); 169 lifeCycle.setIdleTimeout(idleTimeout); 170 lifeCycle.setKeyPairProvider(keyPairProvider); 171 lifeCycle.init(); 172 173 // 174 this.lifeCycle = lifeCycle; 175 } 176 177 @Override 178 public void destroy() { 179 if (lifeCycle != null) { 180 log.log(Level.INFO, "Shutting down SSHD"); 181 lifeCycle.destroy(); 182 lifeCycle = null; 183 } 184 } 185}