001/*
002 * Copyright (C) 2012 eXo Platform SAS.
003 *
004 * This is free software; you can redistribute it and/or modify it
005 * under the terms of the GNU Lesser General Public License as
006 * published by the Free Software Foundation; either version 2.1 of
007 * the License, or (at your option) any later version.
008 *
009 * This software is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * You should have received a copy of the GNU Lesser General Public
015 * License along with this software; if not, write to the Free
016 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
017 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
018 */
019
020package org.crsh.ssh;
021
022import org.apache.sshd.common.KeyPairProvider;
023import org.apache.sshd.server.keyprovider.PEMGeneratorHostKeyProvider;
024import org.crsh.auth.AuthenticationPlugin;
025import org.crsh.plugin.CRaSHPlugin;
026import org.crsh.plugin.PropertyDescriptor;
027import org.crsh.plugin.ResourceKind;
028import org.crsh.ssh.term.SSHLifeCycle;
029import org.crsh.ssh.term.URLKeyPairProvider;
030import org.crsh.vfs.Resource;
031
032import java.io.File;
033import java.io.IOException;
034import java.net.MalformedURLException;
035import java.net.URL;
036import java.util.ArrayList;
037import java.util.Arrays;
038import java.util.List;
039import java.util.logging.Level;
040
041import org.apache.sshd.common.util.SecurityUtils;
042
043public class SSHPlugin extends CRaSHPlugin<SSHPlugin> {
044
045  /** The SSH port. */
046  public static final PropertyDescriptor<Integer> SSH_PORT = PropertyDescriptor.create("ssh.port", 2000, "The SSH port");
047
048  /** The SSH server key path. */
049  public static final PropertyDescriptor<String> SSH_SERVER_KEYPATH = PropertyDescriptor.create("ssh.keypath", (String)null, "The path to the key file");
050
051  /** SSH host key auto generate */
052  public static final PropertyDescriptor<String> SSH_SERVER_KEYGEN = PropertyDescriptor.create("ssh.keygen", "false", "Whether to automatically generate a host key");
053
054  /** The SSH server idle timeout. */
055  private static final int SSH_SERVER_IDLE_DEFAULT_TIMEOUT = 10 * 60 * 1000;
056  public static final PropertyDescriptor<Integer> SSH_SERVER_IDLE_TIMEOUT = PropertyDescriptor.create("ssh.idle-timeout", SSH_SERVER_IDLE_DEFAULT_TIMEOUT, "The idle-timeout for ssh sessions in milliseconds");
057
058  /** The SSH server authentication timeout. */
059  private static final int SSH_SERVER_AUTH_DEFAULT_TIMEOUT = 10 * 60 * 1000;
060  public static final PropertyDescriptor<Integer> SSH_SERVER_AUTH_TIMEOUT = PropertyDescriptor.create("ssh.auth-timeout", SSH_SERVER_AUTH_DEFAULT_TIMEOUT, "The authentication timeout for ssh sessions in milliseconds");
061
062
063  /** . */
064  private SSHLifeCycle lifeCycle;
065
066  @Override
067  public SSHPlugin getImplementation() {
068    return this;
069  }
070
071  @Override
072  protected Iterable<PropertyDescriptor<?>> createConfigurationCapabilities() {
073    return Arrays.<PropertyDescriptor<?>>asList(SSH_PORT, SSH_SERVER_KEYPATH, SSH_SERVER_KEYGEN, SSH_SERVER_AUTH_TIMEOUT, SSH_SERVER_IDLE_TIMEOUT, AuthenticationPlugin.AUTH);
074  }
075
076  @Override
077  public void init() {
078
079    SecurityUtils.setRegisterBouncyCastle(true);
080    //
081    Integer port = getContext().getProperty(SSH_PORT);
082    if (port == null) {
083      log.log(Level.INFO, "Could not boot SSHD due to missing due to missing port configuration");
084      return;
085    }
086
087    //
088    Integer idleTimeout = getContext().getProperty(SSH_SERVER_IDLE_TIMEOUT);
089    if (idleTimeout == null) {
090      idleTimeout = SSH_SERVER_IDLE_DEFAULT_TIMEOUT;
091    }
092    Integer authTimeout = getContext().getProperty(SSH_SERVER_AUTH_TIMEOUT);
093    if (authTimeout == null) {
094      authTimeout = SSH_SERVER_AUTH_DEFAULT_TIMEOUT;
095    }
096
097    //
098    Resource serverKey = null;
099    KeyPairProvider keyPairProvider = null;
100
101    // Get embedded default key
102    URL serverKeyURL = SSHPlugin.class.getResource("/crash/hostkey.pem");
103    if (serverKeyURL != null) {
104      try {
105        log.log(Level.FINE, "Found embedded key url " + serverKeyURL);
106        serverKey = new Resource("hostkey.pem", serverKeyURL);
107      }
108      catch (IOException e) {
109        log.log(Level.FINE, "Could not load ssh key from url " + serverKeyURL, e);
110      }
111    }
112
113    // Override from config if any
114    Resource serverKeyRes = getContext().loadResource("hostkey.pem", ResourceKind.CONFIG);
115    if (serverKeyRes != null) {
116      serverKey = serverKeyRes;
117      log.log(Level.FINE, "Found server ssh key url");
118    }
119
120    // If we have a key path, we convert is as an URL
121    String serverKeyPath = getContext().getProperty(SSH_SERVER_KEYPATH);
122    if (serverKeyPath != null) {
123      log.log(Level.FINE, "Found server key path " + serverKeyPath);
124      File f = new File(serverKeyPath);
125      String keyGen = getContext().getProperty(SSH_SERVER_KEYGEN);
126      if (keyGen != null && keyGen.equals("true")) {
127        keyPairProvider = new PEMGeneratorHostKeyProvider(serverKeyPath, "RSA");
128      } else if (f.exists() && f.isFile()) {
129        try {
130          serverKeyURL = f.toURI().toURL();
131          serverKey = new Resource("hostkey.pem", serverKeyURL);
132        } catch (MalformedURLException e) {
133          log.log(Level.FINE, "Ignoring invalid server key " + serverKeyPath, e);
134        } catch (IOException e) {
135          log.log(Level.FINE, "Could not load SSH key from " + serverKeyPath, e);
136        }
137      } else {
138        log.log(Level.FINE, "Ignoring invalid server key path " + serverKeyPath);
139      }
140    }
141
142    //
143    if (serverKeyURL == null) {
144      log.log(Level.INFO, "Could not boot SSHD due to missing server key");
145      return;
146    }
147
148    //
149    if (keyPairProvider == null) {
150      keyPairProvider = new URLKeyPairProvider(serverKey);
151    }
152
153    // Get the authentication
154    ArrayList<AuthenticationPlugin> authPlugins = new ArrayList<AuthenticationPlugin>(0);
155    List authentication = getContext().getProperty(AuthenticationPlugin.AUTH);
156    if (authentication != null) {
157      for (AuthenticationPlugin authenticationPlugin : getContext().getPlugins(AuthenticationPlugin.class)) {
158        if (authentication.contains(authenticationPlugin.getName())) {
159          authPlugins.add(authenticationPlugin);
160        }
161      }
162    }
163
164    //
165    log.log(Level.INFO, "Booting SSHD");
166    SSHLifeCycle lifeCycle = new SSHLifeCycle(getContext(), authPlugins);
167    lifeCycle.setPort(port);
168    lifeCycle.setAuthTimeout(authTimeout);
169    lifeCycle.setIdleTimeout(idleTimeout);
170    lifeCycle.setKeyPairProvider(keyPairProvider);
171    lifeCycle.init();
172
173    //
174    this.lifeCycle = lifeCycle;
175  }
176
177  @Override
178  public void destroy() {
179    if (lifeCycle != null) {
180      log.log(Level.INFO, "Shutting down SSHD");
181      lifeCycle.destroy();
182      lifeCycle = null;
183    }
184  }
185}