Repository: karaf Updated Branches: refs/heads/master 71f8732a1 -> 218732544
KARAF-3882: add support for PEM keys. Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/434a1755 Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/434a1755 Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/434a1755 Branch: refs/heads/master Commit: 434a17554d4d40854ddd97ea47e693a084cb241a Parents: 5047794 Author: Benson Margulies <[email protected]> Authored: Sun Jul 26 08:02:02 2015 -0400 Committer: Benson Margulies <[email protected]> Committed: Sun Jul 26 08:02:02 2015 -0400 ---------------------------------------------------------------------- .../apache/karaf/itests/SshKeyFormatTest.java | 38 ++++++++++++++++++++ .../org/apache/karaf/shell/ssh/Activator.java | 19 ++++++++-- .../org/apache/karaf/shell/ssh/test.pem | 27 ++++++++++++++ .../org/apache/karaf/shell/ssh/test.pem.pub | 1 + 4 files changed, 83 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/434a1755/itests/src/test/java/org/apache/karaf/itests/SshKeyFormatTest.java ---------------------------------------------------------------------- diff --git a/itests/src/test/java/org/apache/karaf/itests/SshKeyFormatTest.java b/itests/src/test/java/org/apache/karaf/itests/SshKeyFormatTest.java new file mode 100644 index 0000000..8b8cfc3 --- /dev/null +++ b/itests/src/test/java/org/apache/karaf/itests/SshKeyFormatTest.java @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +package org.apache.karaf.itests; + +import org.ops4j.pax.exam.Configuration; +import org.ops4j.pax.exam.Option; + + +/** + * Test use of PEM keys. + */ +public class SshKeyFormatTest extends SshCommandTestBase { + + @Configuration + public Option[] config() { + + + } + +} http://git-wip-us.apache.org/repos/asf/karaf/blob/434a1755/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java ---------------------------------------------------------------------- diff --git a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java index 1b856a8..63d51eb 100644 --- a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java +++ b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java @@ -33,6 +33,8 @@ import org.apache.karaf.util.tracker.annotation.Services; import org.apache.sshd.SshServer; import org.apache.sshd.common.NamedFactory; import org.apache.sshd.server.command.ScpCommandFactory; +import org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider; +import org.apache.sshd.server.keyprovider.PEMGeneratorHostKeyProvider; import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider; import org.apache.sshd.server.sftp.SftpSubsystem; import org.osgi.framework.ServiceReference; @@ -106,6 +108,9 @@ public class Activator extends BaseActivator implements ManagedService { sessionFactory.getRegistry().getService(Manager.class).register(SshAction.class); if (Boolean.parseBoolean(bundleContext.getProperty("karaf.startRemoteShell"))) { server = createSshServer(sessionFactory); + if (server == null) { + return; // can result from bad specification. + } try { server.start(); } catch (IOException e) { @@ -137,14 +142,24 @@ public class Activator extends BaseActivator implements ManagedService { long sshIdleTimeout = getLong("sshIdleTimeout", 1800000); String sshRealm = getString("sshRealm", "karaf"); String hostKey = getString("hostKey", System.getProperty("karaf.etc") + "/host.key"); + String hostKeyFormat = getString("hostKeyFormat", "simple"); String authMethods = getString("authMethods", "keyboard-interactive,password,publickey"); int keySize = getInt("keySize", 4096); String algorithm = getString("algorithm", "RSA"); String macs = getString("macs", "hmac-sha1"); String ciphers = getString("ciphers", "aes256-ctr,aes192-ctr,aes128-ctr,arcfour256"); String welcomeBanner = getString("welcomeBanner", null); - - SimpleGeneratorHostKeyProvider keyPairProvider = new SimpleGeneratorHostKeyProvider(); + + AbstractGeneratorHostKeyProvider keyPairProvider; + if ("simple".equalsIgnoreCase(hostKeyFormat)) { + keyPairProvider = new SimpleGeneratorHostKeyProvider(); + } else if ("PEM".equalsIgnoreCase(hostKeyFormat)) { + keyPairProvider = new PEMGeneratorHostKeyProvider(); + } else { + LOGGER.error("Invalid host key format " + hostKeyFormat); + return null; + } + keyPairProvider.setPath(hostKey); keyPairProvider.setKeySize(keySize); keyPairProvider.setAlgorithm(algorithm); http://git-wip-us.apache.org/repos/asf/karaf/blob/434a1755/shell/ssh/src/test/resources/org/apache/karaf/shell/ssh/test.pem ---------------------------------------------------------------------- diff --git a/shell/ssh/src/test/resources/org/apache/karaf/shell/ssh/test.pem b/shell/ssh/src/test/resources/org/apache/karaf/shell/ssh/test.pem new file mode 100644 index 0000000..64c6eb4 --- /dev/null +++ b/shell/ssh/src/test/resources/org/apache/karaf/shell/ssh/test.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAvHFgGEKjSgg5382ZMw4DUafHmWeQYp7nnvao9ME9O16czyAD +BsdmyTH9rfKdZ14CkzC40LEAQ5kv/ZeDD4/8LsVfUpExhuh9g86hyG4zK9q3GfGg +IeV26GlUeDlBV9W5xJRdJbbj4Cp0OzkxX0+BmgS+f0qUDxUGnTljOlZlnVLgJcbD +YZ5nxHnQ4gtxHtkmmkkIwz4sMiWOdcIoDIV1OQ6dqZoRqwOkpfc+jdsEEnQJZzPx +4BLkD9fcNW5g3uaJupD4idHDTtLhYeTx9c8KvPVurNoF8T2hvWZz9etAez0fmT6f +tvp/9TProfrJQTC3JJeTHBuIfljfkSJ8ecJwTQIDAQABAoIBAQCAdEBvCS3KD2V0 +G/BsjwbQKLC075XKxEtbXwS5IuicidgWkNm/SznTuFIWuyV1Cu5ya2nwSFfHvKqs +ERX0C9B6CWz7GaJLNjwpFzfNKuGS6VqbQsxHjuXJc9NyyIS0XSpuyDves5cOfaIR +pOD0+Xt9A/LfTnUy+sAxeKcdYzuNS35Whi+VmYJZ+UgXc91O9YK0W9bNOQaHtxbW +TO3kZxMwd5MmoiU817Fr3Xo1LFMytQrG2E0l3774NdHs7WALV3gA3uehGND/4UcO +3PTJQpdJXc11sS+bB9qIp0sd/e7LJgUdXDBQhqewO43vlO/1r+u27IF7YYCxN9Wn +h5/jbac5AoGBAPGWa8PG6JoRHioBYBOJyOzSBtTBHuO/kHbUqMlO4U75NbkbdmlU +D3xpH6hS1poP5YvXjwKLiHryrbVCtmh4HSfolFLJXOOeINn8BnFi3RkD+oGzhk0V +DIoI6XoEVHKSmH7oL6sxpkH1ozPmdjmDbcUrTEArJL6dpY4yr8i7/CGzAoGBAMev +UQ+yUCtcfLo1MW4AOop6gWFCy+g0+5VHEHmzTzoo0W8ajLVDBJ/1syQckBW1uNRj +iXOwqFGHIHGuA96iLeiY7gg2KA0slcup1OZsyMA/HHd7DFY3OmDbP+cszREV90Ui +g06fHy1rv4i8lxLE4R0M1Wmz/KUG8TCSXqBJSiX/AoGBAMDlQhaH86FQma0ge/4d +vfiZmiq2KFvg0RCQrFRQT0YnZeXvL5TaMaM8rLJRslhA6R/HdcCqeMbyjhB0vACe +J2l+IzAW57w2vjRPLzXJopAexR5aoZlafTCZ/RIX8vWoZ2qtKaKfegiggTcnhK5X +aoZMFA4IZMZuSYpInmLA9ohRAoGADSHUfOnHJ/LfKQfShl9xeiXwWEsiSdUiLoEL +7lUCgtqoW1wtoMYViceIznkqaKMY0q7xHTCjASmX0qIVExErX76e+N9G5wblmw1C +OR0yXqJH5vuqpgjfx/rjSvrBSbxeFKfeZs9EJ6KMaBuu+8cC3vw3FMqHdPrt5bna +i0QGolUCgYAi7fZAo3BhS8GgAMAcg/Uu9rxNuupW+GHiQNaP53Quq+I9T2RyCvEn +gUiOSRyqW+y7P7nqrL4NQe+PHSJQqWZypQZIoDdNvvIZvpHERjcOKKxPuPhdi0/j +fPJkMBCIbjoRJoQDbiqZoQ7v2YCpYhT85MXX8PMtCeW1OWRKwpepMA== +-----END RSA PRIVATE KEY----- http://git-wip-us.apache.org/repos/asf/karaf/blob/434a1755/shell/ssh/src/test/resources/org/apache/karaf/shell/ssh/test.pem.pub ---------------------------------------------------------------------- diff --git a/shell/ssh/src/test/resources/org/apache/karaf/shell/ssh/test.pem.pub b/shell/ssh/src/test/resources/org/apache/karaf/shell/ssh/test.pem.pub new file mode 100644 index 0000000..dd950c4 --- /dev/null +++ b/shell/ssh/src/test/resources/org/apache/karaf/shell/ssh/test.pem.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8cWAYQqNKCDnfzZkzDgNRp8eZZ5Binuee9qj0wT07XpzPIAMGx2bJMf2t8p1nXgKTMLjQsQBDmS/9l4MPj/wuxV9SkTGG6H2DzqHIbjMr2rcZ8aAh5XboaVR4OUFX1bnElF0ltuPgKnQ7OTFfT4GaBL5/SpQPFQadOWM6VmWdUuAlxsNhnmfEedDiC3Ee2SaaSQjDPiwyJY51wigMhXU5Dp2pmhGrA6Sl9z6N2wQSdAlnM/HgEuQP19w1bmDe5om6kPiJ0cNO0uFh5PH1zwq89W6s2gXxPaG9ZnP160B7PR+ZPp+2+n/1M+uh+slBMLckl5McG4h+WN+RInx5wnBN [email protected]
