I don't think it is right location for this - it is too late in the protocol as the SSH connection has already been established.In any case, I am not sure I understand what you are trying to do - are you trying to listen on port 22 and reject the connection if it is SSH and accept it if it is something else ? If so, then MINA SSHD is NOT what you need (what you need is something similar to SSLH - which I wrote in Java but never published it). If you want to setup SSHD on non-standard port, then why do you need to reject SSHD connections coming to it ?
> From: jain.garim...@gmail.com > Date: Mon, 27 Jun 2016 16:02:37 +0530 > Subject: Re: Partial Disabling of port 22 using apache-mina SSHD > To: dev@mina.apache.org > > Hey, > > Is there a way I can override the method doAuth under > UserAuthPublicKey.java to return back if the connection service is SSH? > > -Garima Jain. > > On Wed, Jun 22, 2016 at 9:29 PM, elijah baley <e_ba...@outlook.com> wrote: > > > Sorry, mail communication is best I can do for now... > > > > > Date: Wed, 22 Jun 2016 00:04:31 +0530 > > > Subject: RE: Partial Disabling of port 22 using apache-mina SSHD > > > From: jain.garim...@gmail.com > > > To: dev@mina.apache.org > > > > > > Hey, thanks for the detailed info. Is there any way we can have a chat > > > other than mail communication in case needed. > > > > > > -Garima Jain > > > On Jun 21, 2016 11:48 PM, "elijah baley" <e_ba...@outlook.com> wrote: > > > > > > > The topic is too wide to cover in a short mail message - I suggest you > > > > look into the code of Apache MINA SSHD ( > > > > https://github.com/apache/mina-sshd) especially the tests where you > > will > > > > find many examples how to achieve anything you like. However, here are > > the > > > > basics (for client side): > > > > - Initialize an SshClient instance- Use that instance to open a > > session to > > > > your server- Provide username/password or private key and authenticate > > the > > > > session- Once you have the session authenticated there are many choices > > > > open to you: > > > > * Open a "shell" channel and run interactive commands * Open an > > > > "exec" channel and run a single command * Obtain an SftpClient > > instance > > > > and access remote files * Obtain an ScpClient instance and > > > > upload/download files * Create a local/remote tunnel * Clean > > up/close > > > > the resources you opened once no longer needed (note: the SshClient > > should > > > > be stopped/closed once your application no longer needs to access SSH > > > > servers - usually on application exit...). > > > > All this and more using the session you just obtained, or (if you > > > > like/need) create a new session for each usage - there are advatanges > > and > > > > disadvantages to each approach. There are many details to take into > > > > account, but if you don't have any special requirements then the > > defaults > > > > you get should be good enough. The vast majority of the APIs have > > Javadoc > > > > that should help make sense of the options - again, I recommend you > > look at > > > > how the tests are coded - there are very good chances you will find a > > > > suitable example similar to what you want to achieve. > > > > The same applies for the server side, although it is a bit > > tricker...Hope > > > > this gives you a good lead how to proceed. > > > > > > > > > Date: Tue, 21 Jun 2016 22:45:57 +0530 > > > > > Subject: RE: Partial Disabling of port 22 using apache-mina SSHD > > > > > From: jain.garim...@gmail.com > > > > > To: dev@mina.apache.org > > > > > > > > > > Hey, > > > > > > > > > > What shell commands can be executed and how? Or how to provide > > tunnel? > > > > > Can you provide sample code for the same? > > > > > > > > > > Any methods from sftp class? > > > > > > > > > > -Garima Jain > > > > > On Jun 21, 2016 10:02 PM, "elijah baley" <e_ba...@outlook.com> > > wrote: > > > > > > > > > > > No, SFTP is not a protocol that runs on a specific port it is a > > > > > > sub-protocol (actually a subsystem) of SSH. FYI, SSH enables > > opening > > > > > > multiple channels on the same session. You can run shell commands > > (what > > > > > > many mistakenly call SSH) SFTP and SCP as well as tunnels > > concurrently > > > > on > > > > > > the same SSH session. The port is always 22 (SSH) for SFTP and SCP > > > > (and any > > > > > > other channel - e.g. PROXY, SOCKS, etc...).. > > > > > > > > > > > > > From: jain.garim...@gmail.com > > > > > > > Date: Tue, 21 Jun 2016 11:42:58 +0530 > > > > > > > Subject: Re: Partial Disabling of port 22 using apache-mina SSHD > > > > > > > To: dev@mina.apache.org > > > > > > > > > > > > > > Can I keep the port open for sftp and close for ssh? > > > > > > > > > > > > > > -Garima Jain. > > > > > > > > > > > > > > On Mon, Jun 20, 2016 at 10:33 PM, garima jain < > > > > jain.garim...@gmail.com> > > > > > > > wrote: > > > > > > > > > > > > > > > Thanks. Will use that. > > > > > > > > > > > > > > > > -Garima Jain > > > > > > > > On Jun 20, 2016 10:31 PM, "Ashish" <paliwalash...@gmail.com> > > > > wrote: > > > > > > > > > > > > > > > >> On Mon, Jun 20, 2016 at 9:43 AM, garima jain < > > > > jain.garim...@gmail.com > > > > > > > > > > > > > > >> wrote: > > > > > > > >> > Can we use black list/whitelist feature? > > > > > > > >> > > > > > > > >> This is what you should use. > > > > > > > >> > > > > > > > >> > > > > > > > > >> > -Garima Jain > > > > > > > >> > On Jun 20, 2016 10:12 PM, "elijah baley" < > > e_ba...@outlook.com> > > > > > > wrote: > > > > > > > >> > > > > > > > > >> >> There are many options - depending on the actual setup: > > > > > > > >> >> - You can move SSHD to a non-standard port on all > > interfaces - > > > > > > easy to > > > > > > > >> do > > > > > > > >> >> when setting up the server - just call "setPort" on the > > > > SshServer > > > > > > > >> instance- > > > > > > > >> >> You can bind SSHD to a specific interface (e.g., > > 127.0.0.1)om > > > > port > > > > > > 22 > > > > > > > >> and > > > > > > > >> >> bind SFTP to the public interface on port 22 - easy to do > > just > > > > call > > > > > > > >> >> "setAddress" (or something to that effect) on the > > SshServer > > > > > > instance > > > > > > > >> >> I could think of more exotic options - e.g. similar to > > sslh, > > > > using > > > > > > > >> >> HAPROXY, etc., etc. > > > > > > > >> >> > From: jain.garim...@gmail.com > > > > > > > >> >> > Date: Mon, 20 Jun 2016 12:10:26 +0530 > > > > > > > >> >> > Subject: Re: Partial Disabling of port 22 using > > apache-mina > > > > SSHD > > > > > > > >> >> > To: dev@mina.apache.org > > > > > > > >> >> > > > > > > > > >> >> > Hi elijah, > > > > > > > >> >> > > > > > > > > >> >> > The requirement is to block port 22 for SSH and accept > > SFTP > > > > > > > >> connections > > > > > > > >> >> on > > > > > > > >> >> > Port 22. Is there a class/method that can help us > > achieve the > > > > > > aim? > > > > > > > >> >> > > > > > > > > >> >> > -Garima Jain. > > > > > > > >> >> > > > > > > > > >> >> > On Fri, Jun 17, 2016 at 3:27 PM, elijah baley < > > > > > > e_ba...@outlook.com> > > > > > > > >> >> wrote: > > > > > > > >> >> > > > > > > > > >> >> > > Is there some reason your code cannot examine the > > incoming > > > > > > client > > > > > > > >> >> address > > > > > > > >> >> > > and reject it if it does not match some specified > > criteria > > > > > > (e.g., > > > > > > > >> mask, > > > > > > > >> >> > > network, closed group of IPs - whatever...) ? > > > > > > > >> >> > > > > > > > > > >> >> > > > From: jain.garim...@gmail.com > > > > > > > >> >> > > > Date: Fri, 17 Jun 2016 14:50:51 +0530 > > > > > > > >> >> > > > Subject: Partial Disabling of port 22 using > > apache-mina > > > > SSHD > > > > > > > >> >> > > > To: dev@mina.apache.org > > > > > > > >> >> > > > > > > > > > > >> >> > > > Hi, > > > > > > > >> >> > > > > > > > > > > >> >> > > > > > > > > > > >> >> > > > > > > > > > > >> >> > > > We are using > > com.springsource.org.apache.mina-1.0.2.jar > > > > in > > > > > > our > > > > > > > >> >> product. > > > > > > > >> >> > > > The requirement is to disable port 22 for all > > incoming > > > > > > traffic > > > > > > > >> over > > > > > > > >> >> SSH > > > > > > > >> >> > > but > > > > > > > >> >> > > > the same port is required to communicate with few > > IP’s > > > > over > > > > > > 22. > > > > > > > >> Is > > > > > > > >> >> there > > > > > > > >> >> > > a > > > > > > > >> >> > > > way to handle selective port blocking? > > > > > > > >> >> > > > > > > > > > > >> >> > > > > > > > > > > >> >> > > > -Garima Jain. > > > > > > > >> >> > > > > > > > > > >> >> > > > > > > > > > >> >> > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > >> -- > > > > > > > >> thanks > > > > > > > >> ashish > > > > > > > >> > > > > > > > >> Blog: http://www.ashishpaliwal.com/blog > > > > > > > >> My Photo Galleries: http://www.pbase.com/ashishpaliwal > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > >
