public class JSch extends Object
Session
objects configured with these
settings.
getSession
to start a new Session.addIdentity
methods for
public-key authentication.setKnownHosts
to enable
checking of host keys.setConfig
for a list of
configuration options.Modifier and Type | Field and Description |
---|---|
static String |
VERSION
The version number.
|
Constructor and Description |
---|
JSch()
Creates a new JSch object.
|
Modifier and Type | Method and Description |
---|---|
void |
addIdentity(Identity identity,
byte[] passphrase)
Adds an identity to be used for public-key authentication.
|
void |
addIdentity(String prvkey)
Adds an identity to be used for public-key authentication.
|
void |
addIdentity(String prvkey,
byte[] passphrase)
Adds an identity to be used for public-key authentication.
|
void |
addIdentity(String name,
byte[] prvkey,
byte[] pubkey,
byte[] passphrase)
Adds an identity to be used for public-key authentication.
|
void |
addIdentity(String prvkey,
String passphrase)
Adds an identity to be used for public-key authentication.
|
void |
addIdentity(String prvkey,
String pubkey,
byte[] passphrase)
Adds an identity to be used for public-key authentication.
|
protected void |
addSession(Session session)
Adds a session to our session pool.
|
static String |
getConfig(String key)
Retrieves a default configuration option.
|
ConfigRepository |
getConfigRepository() |
HostKeyRepository |
getHostKeyRepository()
Returns the current host key repository.
|
Vector |
getIdentityNames()
Lists names of identities included in the identityRepository.
|
IdentityRepository |
getIdentityRepository() |
Session |
getSession(String host)
Instantiates the
Session object with
host . |
Session |
getSession(String username,
String host)
Instantiates the
Session object with
username and host . |
Session |
getSession(String username,
String host,
int port)
Instantiates the
Session object with given
username , host and port . |
void |
removeAllIdentity()
Removes all identities.
|
void |
removeIdentity(Identity identity)
Removes the identity from identityRepository.
|
void |
removeIdentity(String name)
Deprecated.
use #removeIdentity(Identity identity)
|
protected boolean |
removeSession(Session session)
Removes a session from our session pool.
|
static void |
setConfig(Hashtable newconf)
Sets multiple default configuration options at once.
|
static void |
setConfig(String key,
String value)
Sets a default configuration option.
|
void |
setConfigRepository(ConfigRepository configRepository) |
void |
setHostKeyRepository(HostKeyRepository hkrepo)
Sets the Host key repository.
|
void |
setIdentityRepository(IdentityRepository identityRepository)
Sets the
identityRepository , which will be referred
in the public key authentication. |
void |
setKnownHosts(InputStream stream)
Creates a Host key repository from an InputStream.
|
void |
setKnownHosts(String filename)
Creates a host key repository from a file name.
|
static void |
setLogger(Logger logger)
sets the Logger to be used by this library.
|
public static final String VERSION
public void setIdentityRepository(IdentityRepository identityRepository)
identityRepository
, which will be referred
in the public key authentication.identityRepository
- if null
is given,
the default repository, which usually refers to ~/.ssh/, will be used.getIdentityRepository()
public IdentityRepository getIdentityRepository()
public ConfigRepository getConfigRepository()
public void setConfigRepository(ConfigRepository configRepository)
public Session getSession(String host) throws JSchException
Session
object with
host
. The user name and port number will be retrieved from
ConfigRepository. If user name is not given,
the system property "user.name" will be referred.host
- hostnameSession
class.JSchException
- if username
or host
are invalid.getSession(String username, String host, int port)
,
Session
,
ConfigRepository
public Session getSession(String username, String host) throws JSchException
Session
object with
username
and host
.
The TCP port 22 will be used in making the connection.
Note that the TCP connection must not be established
until Session#connect().username
- user namehost
- hostnameSession
class.JSchException
- if username
or host
are invalid.getSession(String username, String host, int port)
,
Session
public Session getSession(String username, String host, int port) throws JSchException
Session
object with given
username
, host
and port
.
Note that the TCP connection must not be established
until Session#connect().username
- user namehost
- hostnameport
- port numberSession
class.JSchException
- if username
or host
are invalid.getSession(String username, String host, int port)
,
Session
protected void addSession(Session session)
Session.connect()
, and
should supposedly have package-access.protected boolean removeSession(Session session)
Session.disconnect()
, and
should supposedly have package-access.public void setHostKeyRepository(HostKeyRepository hkrepo)
hkrepo
- HostKeyRepository
,
KnownHosts
public void setKnownHosts(String filename) throws JSchException
known_hosts
file (I hope).
This has no effect if setHostKeyRepository(com.jcraft.jsch.HostKeyRepository)
was already
called with an object which is not of class KnownHosts
.
filename
- the name of the file to be loaded.JSchException
public void setKnownHosts(InputStream stream) throws JSchException
known_hosts
file (I hope).
This has no effect if setHostKeyRepository(com.jcraft.jsch.HostKeyRepository)
was already
called with an object which is not of class KnownHosts
.
stream
- an InputStream with the list of known hosts.JSchException
- if an I/O error occurs.public HostKeyRepository getHostKeyRepository()
setKnownHosts(InputStream)
,
setKnownHosts(String)
or setHostKeyRepository(com.jcraft.jsch.HostKeyRepository)
,
this creates a new (empty) repository of class KnownHosts
,
sets this as the current repository and returns it.HostKeyRepository
,
KnownHosts
public void addIdentity(String prvkey) throws JSchException
prvkey
- the file name of the private key file.
This is also used as the identifying name of the key.
The corresponding public key is assumed to be in a file
with the same name with suffix .pub
.JSchException
- if prvkey
is invalid.addIdentity(String prvkey, String passphrase)
public void addIdentity(String prvkey, String passphrase) throws JSchException
passphrase
.prvkey
- the file name of the private key file.
This is also used as the identifying name of the key.
The corresponding public key is assumed to be in a file
with the same name with suffix .pub
.passphrase
- the passphrase necessary to access the key.
The String will be encoded in UTF-8 to get the actual passphrase.JSchException
- if passphrase
is not right.addIdentity(String prvkey, byte[] passphrase)
public void addIdentity(String prvkey, byte[] passphrase) throws JSchException
passphrase
.prvkey
- the file name of the private key file.
This is also used as the identifying name of the key.
The corresponding public key is assumed to be in a file
with the same name with suffix .pub
.passphrase
- the passphrase necessary to access the key.JSchException
- if passphrase
is not right.addIdentity(String prvkey, String pubkey, byte[] passphrase)
public void addIdentity(String prvkey, String pubkey, byte[] passphrase) throws JSchException
passphrase
.prvkey
- the file name of the private key file.
This is also used as the identifying name of the key.pubkey
- the file name of the public key file.passphrase
- the passphrase necessary to access the private key.JSchException
- if passphrase
is not right.public void addIdentity(String name, byte[] prvkey, byte[] pubkey, byte[] passphrase) throws JSchException
passphrase
.name
- a name identifying the key pair.prvkey
- the private key data. This will be zeroed
out after creating the Identity object.pubkey
- the public key data.passphrase
- the passphrase necessary to access the private key.JSchException
public void addIdentity(Identity identity, byte[] passphrase) throws JSchException
passphrase
.identity
- the Identity object encapsulating the key pair
and algorithm (or a hardware device containing them).passphrase
- the passphrase necessary to access the private key.JSchException
- if passphrase
is not right.public void removeIdentity(String name) throws JSchException
getName
method of the Identity object.)
This identity will not be used for future connections anymore.
(We also clear
the identity, causing it
to forget its passphrase.)name
- the name of the identity to remove.JSchException
public void removeIdentity(Identity identity) throws JSchException
identity
- the indentity to be removed.JSchException
- if identity
is invalid.public Vector getIdentityNames() throws JSchException
JSchException
- if identityReposory has problems.public void removeAllIdentity() throws JSchException
JSchException
- if identityReposory has problems.public static String getConfig(String key)
key
- key for the configuration.Session.getConfig(java.lang.String)
,
setConfig(String, String)
public static void setConfig(Hashtable newconf)
ClassCastException
- if the Hashtable contains
keys or values which are not Strings. In this case some
string key-value pairs may already have been set.setConfig(String, String)
public static void setConfig(String key, String value)
session.setConfig
.
Here is the list of configuration options used by the program. They all have sensible default values (use the source if you want to know the defaults).
These options contain a (comma-separated, without spaces) list of algorithms, which will be offered to the server, and from which one will be selected by negotiation during key exchange. These should confirm to the format defined by RFC 4250, and be accompanied by an "implementation" option.
kex
server_host_key
cipher.s2c
cipher.c2s
mac.c2s
mac.s2c
compression.c2s
compression.s2c
lang.s2c
lang.c2s
During key exchange, the first option in the client's list (i.e. the option value) which also appears on the server's list will be choosen for each algorithm. Thus the order matters here.
The following options contain the class name of classes implementing a specific algorithm. They should implement the interface or abstract class mentioned here.
The classes must be findable using the class loader which loaded
the JSch library (e.g. by a simple Class.forName(java.lang.String)
inside
the library classes), and must have a no-argument constructor, which
will be called to instantiate the objects needed. Then the actual
interface methods will be used.
KeyExchange
)diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
ECDH
)ecdh-sha2-nistp
Cipher
)(The mentioned ones have implementations included in the library,
of course you can add more, adding them to cipher.s2c
and/or cipher.c2s
. The RFC mentioned is the RFC which defined
the keywords, here with links:
RFC 4253,
SSH Transport Layer Protocol, Section 6.3 Encryption,
RFC 4344,
SSH Transport Layer Encryption Modes (which defines the CTR
mode for most of the ciphers of RFC 4253), and
RFC 4345, Improved
Arcfour Modes for SSH.)
3des-cbc
3des-ctr
blowfish-cbc
aes256-cbc
aes192-cbc
aes128-cbc
aes128-ctr
aes192-ctr
aes256-ctr
arcfour
arcfour128
arcfour256
none
MAC
)These keywords are defined in RFC 4253, section 6.4 Data Integrity. The basic HMAC algorithm is defined in RFC 2104.
hmac-sha1
hmac-sha1-96
hmac-md5
hmac-md5-96
Compression
)(It is now hardcoded that only these two (and none
) are
actually accepted, even if providing more ones with
compression.s2c
or compression.c2s
. I think
the reason is the special handling necessary for
zlib@openssh.com
.)
zlib
zlib@openssh.com
UserAuth
)Here the user sends a list of methods, and we have a list of
methods in the option PreferredAuthentications
(in preference
order).
We take the first of our methods which is supported by the server,
get the userauth.
method variable to load the
implementing class, and try to authenticate. This will repeat until
we are authenticated or no more methods left.
The following ones are built in:
userauth.none
userauth.password
userauth.keyboard-interactive
userauth.publickey
Identity
.userauth.gssapi-with-mic
For the GSS-API mechanism we need an implementation
of GSSContext
to refer to, which will be chosen
by the configuration option gssapi-with-mic.
method,
the method being chosen from a list given by the server. For now,
we (hardcoded) only support the krb5
method, resulting in:
gssapi-with-mic.krb5
The following options do not correspond to algorithm names as defined in the SSH protocols, but are used to implement the underlying cryptographic functions.
dh
DH
- Diffie-Hellman mathematics.random
Random
- random number
generation.signature.dss
SignatureDSA
signature.rsa
SignatureRSA
signature.ecdsa
SignatureECDSA
keypairgen.dsa
KeyPairGenDSA
keypairgen.rsa
KeyPairGenRSA
pbkdf
PBKDF
- password based key generation, using PKDF 2 with HMAC-SHA1And the cryptographic hash algorithms (HASH
):
sha-1
md5
Here are options not fitting in any of the other categories.
compression_level
zlib
and
zlib@openssh.com
(other methods are not supported
anyway).PreferredAuthentications
StrictHostKeyChecking
yes
(refuse connection),
ask
(ask the user whether to add/change the key)
and no
(always insert the new key).HashKnownHosts
CheckCiphers
ciphers.c2s
and
ciphers.s2c
before sending these lists to the server
in a KEX_INIT message.key
- the option name.value
- the option value.Session.setConfig(java.util.Properties)
,
getConfig(java.lang.String)
This is an inofficial Javadoc created by PaĆlo Ebermann. Have a look at the official homepage.