diff options
| author | Florian Zschocke <fzs@users.noreply.github.com> | 2017-01-21 16:31:52 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-01-21 16:31:52 +0100 |
| commit | 52869d49e6901dd74f740ccc24fb5d81a7deae20 (patch) | |
| tree | 2510706e5703142bee44a712d4d62e3ceae091d2 /src/main/java/com/gitblit | |
| parent | d0d62788e3865db025b2636883988c6067fb59f8 (diff) | |
| parent | 51e70f4233400ccf90c4e05638df53f2d5784d3c (diff) | |
| download | gitblit-52869d49e6901dd74f740ccc24fb5d81a7deae20.tar.gz gitblit-52869d49e6901dd74f740ccc24fb5d81a7deae20.zip | |
Merge pull request #6 from fzs/sshAuthMethods
Set list of offered SSH authentication methods.
Diffstat (limited to 'src/main/java/com/gitblit')
| -rw-r--r-- | src/main/java/com/gitblit/transport/ssh/SshDaemon.java | 40 |
1 files changed, 34 insertions, 6 deletions
diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java index 4fb05f79..5a053781 100644 --- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java +++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java @@ -23,6 +23,7 @@ import java.net.InetSocketAddress; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.text.MessageFormat; +import java.util.List; import java.util.concurrent.atomic.AtomicBoolean; import org.apache.sshd.common.io.IoServiceFactoryFactory; @@ -55,6 +56,13 @@ public class SshDaemon { private final Logger log = LoggerFactory.getLogger(SshDaemon.class); + private static final String AUTH_PUBLICKEY = "publickey"; + private static final String AUTH_PASSWORD = "password"; + private static final String AUTH_KBD_INTERACTIVE = "keyboard-interactive"; + private static final String AUTH_GSSAPI = "gssapi-with-mic"; + + + public static enum SshSessionBackend { MINA, NIO2 } @@ -97,9 +105,6 @@ public class SshDaemon { FileKeyPairProvider hostKeyPairProvider = new FileKeyPairProvider(); hostKeyPairProvider.setFiles(new String [] { rsaKeyStore.getPath(), dsaKeyStore.getPath(), dsaKeyStore.getPath() }); - // Client public key authenticator - SshKeyAuthenticator keyAuthenticator = - new SshKeyAuthenticator(gitblit.getPublicKeyManager(), gitblit); // Configure the preferred SSHD backend String sshBackendStr = settings.getString(Keys.git.sshBackend, @@ -125,11 +130,34 @@ public class SshDaemon { sshd.setPort(addr.getPort()); sshd.setHost(addr.getHostName()); sshd.setKeyPairProvider(hostKeyPairProvider); - sshd.setPublickeyAuthenticator(new CachingPublicKeyAuthenticator(keyAuthenticator)); - sshd.setPasswordAuthenticator(new UsernamePasswordAuthenticator(gitblit)); - if (settings.getBoolean(Keys.git.sshWithKrb5, false)) { + + List<String> authMethods = settings.getStrings(Keys.git.sshAuthenticationMethods); + if (authMethods.isEmpty()) { + authMethods.add(AUTH_PUBLICKEY); + authMethods.add(AUTH_PASSWORD); + } + // Keep backward compatibility with old setting files that use the git.sshWithKrb5 setting. + if (settings.getBoolean("git.sshWithKrb5", false) && !authMethods.contains(AUTH_GSSAPI)) { + authMethods.add(AUTH_GSSAPI); + log.warn("git.sshWithKrb5 is obsolete!"); + log.warn("Please add {} to {} in gitblit.properties!", AUTH_GSSAPI, Keys.git.sshAuthenticationMethods); + settings.overrideSetting(Keys.git.sshAuthenticationMethods, + settings.getString(Keys.git.sshAuthenticationMethods, AUTH_PUBLICKEY + " " + AUTH_PASSWORD) + " " + AUTH_GSSAPI); + } + if (authMethods.contains(AUTH_PUBLICKEY)) { + SshKeyAuthenticator keyAuthenticator = new SshKeyAuthenticator(gitblit.getPublicKeyManager(), gitblit); + sshd.setPublickeyAuthenticator(new CachingPublicKeyAuthenticator(keyAuthenticator)); + log.info("SSH: adding public key authentication method."); + } + if (authMethods.contains(AUTH_PASSWORD) || authMethods.contains(AUTH_KBD_INTERACTIVE)) { + sshd.setPasswordAuthenticator(new UsernamePasswordAuthenticator(gitblit)); + log.info("SSH: adding password authentication method."); + } + if (authMethods.contains(AUTH_GSSAPI)) { sshd.setGSSAuthenticator(new SshKrbAuthenticator(settings, gitblit)); + log.info("SSH: adding GSSAPI authentication method."); } + sshd.setSessionFactory(new SshServerSessionFactory()); sshd.setFileSystemFactory(new DisabledFilesystemFactory()); sshd.setTcpipForwardingFilter(new NonForwardingFilter()); |