Welcome aboard.
>> Hi !
>>
>> I'm pleased to announce that Jonathan Valliere has been voted in this weekend
as a new committer of the MINA project !
Looks interesting is there a guide as to how to register a project (I was
thinking about SSHD...)
>> Hi guys,
>> I have registred MINA on the SonarQube server we have at Apache. The
result can be seen here :
>> https://builds.apache.org/analysis/component_measures/?id=MINA
>> It gets generated ev
simuilar) - is there a way to see which files these are ? Then I
can fix them (e.g., exclude them from the plugin's configuration)
again - thanks a lot...
Lyor
>> Hi Lyor,
>> Le 18/03/2018 à 19:26, Lyor Goldstein a écrit :
>>>> Looks interesting is there a guide as to
+1
I fully agree that " Guillaume is a very nice and talended
person " and thank him for volunteering...
>> Vote Guillaume Nodet as the new MINA chairman :
>> [ ] +1 Great, I'm all in for Guillaume to be the new chairman
>> [ ] +/-0 No opinion
>> [ ] -1 I think somebody else should be chairman (
I find the FTPserver still useful. I personally use it in some other
project I am involved with in order to provide a test environment for (also
Apache) FTP(S) client.
While it might not be actively maintained, there are still issues being
opened on it (I myself opened such an issue), so perhaps w
>> Given we've introduced incompatible changes, especially on the client
side
>> SSHD api, I think we should switch the version to 2.0 to follow semantic
versioning.
Agreed - +1 - especially since we are likely to add more (e.g., SSHD-818 -
split SCP code to own module)
Hi everybody,
I believe we have accumulated a respectable amount of changes - both bug
fixes and new features - not to mention some non-trivial re-structuring of
the code. I therefore feel it is time to release version 2.0 - I am not
aware of major features or bug fixes currently pending so it fee
+1
>> I've staged a release of Mina SSHD 2.0.0
https://repository.apache.org/content/repositories/orgapachemina-1035/
I have read the proposed changes and I agree in principle, although the
suggested re-factoring feels a bit too extensive.
>> remove a few interfaces which are not actually used, i.e. they've been
introduced because various classes have methods with similar signatures,
but there's no real concept
> >> remove a few interfaces which are not actually used, i.e. they've
been
> introduced because various classes have methods with similar signatures,
> but there's no real concept behind
>
> I disagree with the characterization that they do not have a "real concept
> behind them" they represent
>>> > I disagree with the characterization that they do not have a "real
concept
> behind them" they represent contracts of entities that have similar
> attributes. IMO, all the various *XxxHolder*(s) represent an entity that
> provides whatever these "attribute" interfaces hold.
>>> Well, I wou
>>> But if the community want to pursue the 2.0.0 release as it is, that's
fine
with me, I can restart a vote quickly, as I haven't deleted the staging
repository or tag yet
I'm with Jonathan on this - let's release 2.0 as planned, and then discuss
and implement whatever re-factoring is deemed n
>>> In our case, I don't see any real purpose for all those interfaces
beyond
linking together unrelated objects just because they hold the same kind
object.
I think this is a worthy purpose nevertheless and feel very strongly that
we should keep them - I don't see the harm
BTW, I could argu
>>> > I think this is a worthy purpose nevertheless and feel very strongly
that
> we should keep them - I don't see the harm
>
> BTW, I could argue the same case against *InitializingBean* and
> *DisposableBean* in view of *@PostConstruct* and *@PreDispose*, but I
still
> think they are very u
>> Following up the discussions, I'm resuming the vote...
(Again) +1
>> This is a fix for the previous release (2.0.18) which broke the API by
mistake.
+1
Hi guys,
I was wondering where we are after resuming the vote on whether to release
SSHD 2.0 ...
Thanks,
I believe CAMEL can simply choose to use mina-core 2.0.18 (since they have
the same API) by simply overriding its version in the CAMEL POM.
Furthermore, since SSHD does not really need MINA, it can be configured to
use NIO2 and thus avoid dragging in the MINA dependency.
Hi,
I just noticed that SSHD 2.0 is listed on Maven central. I am all for it,
but I do not remember seeing the official announcement - did I miss it ?
Lyor
The Apache SSHD project is pleased to announce the release of SSHD 2.0.0
Apache SSHD is a 100% pure java library to support the SSH protocols on
both the client and server side. This library can leverage Apache MINA and
also Netty - scalable and high performance asynchronous IO libraries. SSHD
do
While going over the MINA SSHD code in order to try and break it down
further to smaller modules, I encountered quite a few utility classes that
duplicate (exactly or closely) code that already exists in other very
popular "3rd party" library - specifically Apache Commons (...so not quite
"3rd part
>>> Of course, it's all about the size of what is copied. At some point, it
would be better to go witha third party dependency instead of copying
its code.
Valid observation - we will need to "weigh" the amount of copied code and
see how "heavy" it is.
>>> On important aspect of adding external
>>> We should be careful when trying to replace existing code with
external libraries because there is rarely a guarantee that it will work
exactly as the old code does.
I agree in principle, but am not sure about "rarely a guarantee" -
especially in this case where the code is a 100% duplicate o
Thanks for all the great inputs - at this stage we will not add these
dependencies in view of their relative small "weight" in our code. If this
should change in the future we will revisit this decision.
As part of an ongoing agenda to make SSHD less "monolithic" we have
re-factored the code and extracted MINA, Netty, SCP, SFTP and CLI to their
own modules. As part of this agenda I have been considering splitting the
*sshd-core* further into *sshd-utils* that will contain common support code
- e.g.
Hi guys,
I believe we have achieved a respectable number of bug fixes and/or
features since the release of 2.0 to warrant a new release (some of the
fixes are long awaited by some our users - e.g. SSHD-839, SSHD-841 to name
a few).
Guillaume, I was wondering if you could cut a release version (as
>> I'll try to find some time to do it.
Great, thanks Guillaume...
Hi Guillaume,
If you have not cut out a release version, then all is well, otherwise, I
apologize for the inconvenience, but please include the fix I just
committed for SSHD-843.
Thanks again,
Lyor G.
+1
>> Compiled the package, compiled from source, check the N&L files.
>> Weird enough, everything works fine with source grabbed from the git repo,
but the package consistently fails with those errors
Indeed strange. We are aware of *intermittent* errors when building MINA or
NETTY code - but neve
Hi Emmanuel,
>> I just used the link Guillaume provided
https://repository.apache.org/content/repositories/orgapachemina-1038/
The link contains only binaries - do you mean that you somehow unzipped the
sources that are posted there and tried to build from them ? How is it even
possible - after a
> sources that are posted there and tried to build from them ? How is it
even
> possible - after all (AFAIK) they do not form a valid Maven project ?
>> They should. What's the pount in distributing a source package if you
can't build it ?
>> Also keep in mind that Apache does *only* distribute s
>> Also Github is own by a private company, we should not depend on them, they
can easily shutdown their service, or stopping offering it for
free.
Very good point - however, why shouldn't Apache run its own GIT repository
(which it actually does, since github is just a mirror of it...)
>> Or sim
>
>>> Or simply have an issue and lose the data.
>
> Then they would lose the community's support as well...
>> Which is the least of our concern ;-) Since they have been bought by M$,
many projects already migrated to gitlab (wait for gitlab to be bought
by some big co...)
Excellent point (BTW,
>>> I just used the link Guillaume provided
> https://repository.apache.org/content/repositories/orgapachemina-1038/
> build fails
I was able to reproduce the build failure and also figure out the reason
for it + fix it. Turns out the the source ZIP contains several extra files
(in this case 2 *
>> #2 is not an option imho. Given the amount of work that would be
needed to manually re-package and re-sign the distributions artifacts, i'd
go for #1 if this is considered a blocker.
Reasonable - I was only bringing it up so that when we decide how to
proceed we have all the relevant options
>> Lyor, would you mind writing the release annoucement ? I'll publish the
>> artifacts
this morning, so we can send it later today.
Sure - I'll send it to your private mail for proof-reading and any
last-minute modifications you see fit so you can release it whenever you
feel is right.
>> Lyor, would you mind writing the release annoucement ? I'll publish the
artifacts this morning, so we can send it later today.
>> Sure - I'll send it to your private mail for proof-reading and any
last-minute modifications you see fit so you can release it whenever you
feel is right.
Done - s
Le 01/10/2018 à 09:10, Lyor Goldstein a écrit :
>>> Lyor, would you mind writing the release annoucement ? I'll publish
the artifacts
> this morning, so we can send it later today.
>
> Sure - I'll send it to your private mail for proof-reading and any
> last-minu
Here is the issue in a nutshell - a client might open an SSH tunnel, send
some data and close (normally) its side of the tunnel before the channel to
the other side has been successfully established and all data transmitted.
Currently a race condition may occur in such a scenario where the code
clo
>> You should not have to deal with the delayed closing: MINA is already
>> allowing
you to do that, if you call closeOnFlush() instead of
closeNow() -or close(), which maps to closeNow()-. It will then flushall
the pending messages before closing the session. No message written in the
session *af
>> I just hope you guys can provide some short examples with full code to
do tasks such as file upload, download, fire commands on remote server. All
I could find was abstract examples.
I appreciate the vote of confidence in our library (we are rather proud of
it and it seems to be used in quite a
The issue recognizes the fact that since SSH packets are RLE (read-length
encoded) it is possible to craft malicious packets that can cause memory
allocation errors due to reporting extremely large lengths of data (up to
32-bit). We can easily implement some mechanism that executes some sanity
chec
>> In ApacheDS, we decided to limit the size of a PDU to avoid crazy big
(and crafted) messages to be processed. This is of course configurable. I
guess you could do the same. Note that I don't think it makes sense to send
a big chunk of data in SSH, IMO.
Please note though that the limiting the
>> I have question regarding SSH server timeout. Can you please help me
with timeout configuration for sshd apache server.
There are many timeouts or other configuration values that affect timeouts
in SSHD. The code assumes some reasonable widely used defaults. If these
are not good enough for y
Hi Adam,
I have not been able to figure out is the exact issue you are encountering,
but if you can diagnose it and perhaps provide some test code that
reproduces it, we will certainly try and see how to make it work.
That being said, a few remarks on this issue:
>> have been implementing variou
>> SSH user@host -i key.pem
There are many ways to do this - here is the simplest
// Do it ONCE in your main method
SshClient client = SshClient.setupDefaultClient();
client.start();
// to connect and authenticate in the code
try (ClientSession session = client.connect(user, host)
I have opened https://issues.apache.org/jira/browse/INFRA-17374 to track
it, but as per the original email (see below), we need to provide the link
to the discussion on this issue so I am asking you to vote on it so we can
go ahead and do it.
Thanks.
Lyor
Daniel Gruno
Fri 12/7/2018, 6:53 PM
us.
I have opened https://issues.apache.org/jira/browse/INFRA-17374 to track
it, but as per the original email (see below), we need to provide the link
to the discussion on this issue so I am asking you to vote on it so we can
go ahead and do it.
Thanks.
Lyor
Daniel Gruno
Fri 12/7/2018, 6:53 PM
us.
>> Do we have to do this for MINA also?
I believe so - see the original mail I posted. Anyway, seems it is not up
to us - anyone not initiating such a migration will be migrated anyway. I
have sent this mail since they require a documented discussion/vote if one
initiates the transition before t
>> Unless someone has any problem with the migration, I'm going to create
the JIRA early next week to comply.
No problem from my end - but I already opened
https://issues.apache.org/jira/browse/INFRA-17374 - all that is required is
a recorded vote (which I also sent an e-mail on this list).
>> +1 for me Unless someone objects, I think we should move all mina
repositories.
+1 for me as well
How do we got about to provide the required "proof" that the vote has been
taken ? Who else needs to vote and how do we record it in the JIRA issue ?
I am going to be unavailable for the next 3
>> The repositories have been migrated.
>> Please update the main pom to point to the new locations.
Done.
>> Would it be possible to have a 2.2.0 release in the maven repo by
mid-February? I'd very much like to upgrade the integration in Eclipse's
JGit/EGit to 2.2.0 for _our_ next release, which will be 5.3.0 on March 20,
2019. I would need a published sshd release at the latest about a month
earlier
1) When will there be a maven release for the current snapshot status?
If there are no unforeseen problems I hope that by start of February we
will release 2.2.0
2) Does anybody have the time to check my code at GitHub for obvious „Oh my
god“ hints - I guess I use SSHD pretty unconventional…
Mig
Hi,
I believe we have accumulated a respectable amount of new features and/or
bug fixes to warrant releasing a new version of SSHD. Some of the features
are eagerly awaited by our users - e.g.,
https://bugs.eclipse.org/bugs/show_bug.cgi?id=541425, bcrypt encrypted key
files (SSHD-708). Therefore,
In this context, please dis-regard any work-in-progress you might see on
SSHD issues - the new code is definitely *not* intended to be included in
the up-coming release, so no need to wait for them.
One important item though - once we publish 2.2.0, we need to make sure
that sshd-osgi sources JAR
+1
:-)
Lyor
I would appreciate your feedback on the attempt - see
https://github.com/lgoldstein/mina-sshd/tree/SSHD-882 as an example of how
it would look.
Thanks
I see no a-priori reason why one should not be able to run multiple SCP
upload/downloads over a single session:
try (ClientSession session = client.connect(...)
,verify(...timeout...)
.getSession()) {
session.addPassword(...) / addKey(...);
session.auth().v
>> I think it's easier to read, maybe we should have a list of links
instead
of titles, so that everything does not look like titles.
Personally, I prefer the titles that lead to the documentation via the
links since they give the user an idea as to what the link contains. I am
still looking into
It may be the case that you are running out of nio2 worker threads, or
memory or buffers - trying to transmit so many concurrent files puts a lot
of pressure on the memory and I/O. Trying increasing the "nio2-workers"
configuration value:
SshClient client = ...
PropertyResolverUtils.updateProperty
The behavior seems as expected - the SCP code sends this warning/error via
its STDERR stream and then aborts the channel.
The problem seems obvious and not related to SSHD - the target
device/partition where the files are copied into has run out of space.
There is nothing that SSH/SCP or anyone ca
Hi Emmanuel,
The log messages seem to be incomplete - anyway, I will try and find some
time to test this version (I am a bit swamped at the moment..).
Lyor
---.
Hi guys,
yesterday evening, I cut a MINA 2.0.20 release (vote to come). Then I
tested it w
The Apache SSHD project is pleased to announce the release of SSHD 2.2.0
version.
Apache SSHD is a 100% pure java library to support the SSH protocols on
both the client and server side.
This library can leverage Apache MINA and also Netty - scalable and high
performance asynchronous I/O libraries
Our recommendation is definitely to have *one* SshClient instance
throughout the
application and (re-)use it to create as many SSH sessions as needed,
public static void main(String[] args) {
SshClient client = ... initialize the client ...
client.start();
try {
...run the application pro
Hi,
I have recently completed SSHD-904 and SSHD-905 that provide the option to
make sure that transferred data is synchronized with the local file system
(a.k.a. 'fsync'). This makes sure that if another process accesses the
updated files shortly after having been copied/updated either through SFT
>> I would like to know if there are anyone that can point me in a
direction of
configuring the:
Session Timeout and the Session readBufferSize when using SSHD.
I followed the 5 minute guide and got a server running. I can login and
everything works.
There are several configuration options involve
>> is it possibleto filter remote commands, i.e. I want to reject to
execute some dangerous commands like "rm"
Seems relatively straightforward - since you are a proxy, then I assume you
present your "server" face to the potential clients whose dangerous
commands you want to filter. There are ac
>> how to treat the arrow keys or any other more effective method could
audit the commands
Arrow keys are quite tricky to handle and I cannot offer a tried-and-tested
approach to it. Basically, you need to handle several issues:
* Detect arrow keys - very tricky since they are usually a *sequenc
>> how can I identify partially uploaded files on the server?
There is no such term as "partially uploaded" when a file is copied via
SFTP to a server. The server is not told ahead of time how much data to
expect - the client simply opens a file (for write) and writes data at
successive offsets.
I don't really have a lot of experience with the scripting - but we provide
both a Linux and Windows ssh.sh/bat so you can use them and they should
work fine (see
https://github.com/apache/mina-sshd/tree/master/assembly/src/main/distribution/bin
).
Off the top of my head I would say that you are l
>> I wonder if currently SshClient class supports authentication
via ssh-agent [2] configured via SSH_AUTH_SOCK environment variable?
The code seems to indicate that we do support this, though we have not had
much experience using this - see org.apache.sshd.agent.SshAgent class
implementations a
https://github.com/apache/mina-sshd/pull/102
This PR involves some changes to very crucial mutual exclusion and
signalling locks so I would like to be sure that (a) nothing was missed and
(b) no deadlocks were introduced (beyond what SSHD-911 and SSHD-912 seem to
indicate)
For those who want - y
>> I am embedding the SSHD server and I want to only allow certain users
to request a shell - for other users, I want it to deny the request as
if I hadn't
configured a ShellFactory.
Strangely enough you seem to be right - there is no simple straightforward
way to achieve this (I have opened an
>> I've ran into an issue whereby my SSHD cannot bind to any port!
>> Have you by chance ever seen this issue before?
No, does not ring a bell
>> I don't believe for one moment it is the mina-sshd code
Neither do I
>> Hopefully it is something obvious that I'll spot soon.
Perhaps some kind
>> Is there a simple way to set up a command like this? I was wondering
if I can use the InvertedShellWrapper or if those thoughts mean I am going
off at a tangent!?
No, you're on the right track - although sadly there is no simple way. I
would recommend you extend InteractiveProcessShellFactory
>> If I've not take too much of your time already. How do you recommend
that I reject a shell? At the moment, I just threw an Unchecked exception
- it works, but I'm not sure if I should do something else for 'niceness'
sake.
There might be something "nicer" - off the top my head though nothing
>> Suppose my scripts needs the profile to run at the beginning.
I am not sure what "profile" you mean - in the context of SSH there is no
such concept. If you mean the ".profile" file (or something similar) that
"runs" automatically when you login, then it depends on the definitions of
your shel
>> How or can I hold the channel open ?
Channels are auto-closeable - i.e., try-with-resource can be used. In other
words, it won't close on your end unless you close it. However:
>> It seems that once I create and open and actually use the channel, it is
being closed without my knowledge.
You c
>> By the way, in addition to the previous question. Can I increase the
session idle timeout ? Currently 10m, let's say I want it to be 30m ?
Easily: see FactoryManager#IDLE_TIMEOUT configuration parameter.Can be done
globally - by setting it on the SSH client/server or even per specific
session
>> I took this code
https://github.com/oVirt/ovirt-engine/blob/master/backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/ssh/SSHClient.java
that
is using the sshd
The code you mention runs a single (!) command and then exits. I believe
your original question was about .pro
>> How do I set it? Is it better solution then the idletimeout ?
See
https://github.com/apache/mina-sshd/blob/master/docs/client-setup.md#keeping-the-session-alive-while-no-traffic
Also:
https://github.com/apache/mina-sshd/blob/master/docs/client-setup.md#running-a-command-or-opening-a-shell
;shell" channel
You are right. What shall I do?
-----Original Message-
From: Lyor Goldstein
Sent: Sunday, June 16, 2019 6:57 PM
To: dev@mina.apache.org
Subject: RE: channel request
>> I took this code
https://github.com/oVirt/ovirt-engine/blob/master/backend/manager/modules/uutils/s
who implements it and how
4. Rifle through the unit tests in the source code and get a sense of
how to work with the code - specifically *PropertyResolverUtils* and its
usage
hanks for both but no example anywhere on how to actual set it/
Dor
-Original Message-
From: Lyor
>> Wanted to advice with you. I have couple of linux instances and I want
to hold or keep in memory couple of sshclient
Not sure I understand what you mean - basically, unless extremely special
requirements/circumstances one needs only one SshClient instance per
application. One instance can be
>> When you are saying multiple sessions, you mean, I can have one
instance with > 1 different sessions to different linux instances with
different credentials ?
A single SshClient instance can create virtually infinite number of
sessions each with a different server (including different ports),
>> Do you have an example for such implementation ?
What do you mean ? The code is simple:
// Do this ONCE in 'main'
SshClient client = setup..and..initialize
client.start();
// wherever in the code and as many times a necessary - including
concurrently
try (ClientSession session =
client.con
Hi all,
I believe we have reached a respectable number of bug fixes, features and
improvements to warrant a new release of SSHD. Therefore, if no one
objects, I would like to ask Guillaume to cut a release and publish a
request for a vote.
Thanks to all who posted bugs, feature requests and code
>> I'll put that on my todo list ;-) I should be able to find some time
before
the end of the week.
Great, thanks...
Is Apache MINA SSHD's implementation FIPS compliant? That is, can MINA SSHD
be configured to use a FIPS-compliant cryptographic engine (like openssl),
does it clear memory at the appropriate times, etc.?
I do not believe SSHD is FIPS compliant - while it can be configured to use
any security prov
The change list is completed - CHANGES.md shows the latest changes as of
last release - 2.2.0 in this case - i.e. all changes from 2.2.0 towards
2.3.0. The 2.2.0 file shows the changes from 2.1.0 to 2.2.0. Once you
release 2.3.0, I will create a separate file for the 2.2.0 to 2.3.0
changes (which
+1
The Apache SSHD project is pleased to announce the release of SSHD 2.2.0
version.
Apache SSHD is a 100% pure java library to support the SSH protocols on both
the client and server side. This library can leverage Apache MINA and also
Netty - scalable and high performance asynchronous I/O libraries
I am not sure I understand exactly what you mean - however, it seems that
you are on the right track. Assuming indeed that SFTPMinaClientConnector
is a prototype bean all you need to do is initialize a session + SFTP on
connect and tear them down on close. From what you describe though, it
seems
We do not have any current PKCS11 support in MINA SSHD. We do support SSH
agents in general, so one could add the necessary support - Java even seems
to have some PKCS11 support in it (
https://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html)
but I have never looked into it.
Hi,
I believe enough time has passed since we released version 2.3.0 and enough
new features and/or bug fixes have been accumulated since to warrant the
release of a new version.
I would like to ask Guillaume to cut a new version and initiate a vote on
it in the upcoming week.
Thanks.
+1
[
https://issues.apache.org/jira/browse/SSHD-964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17017920#comment-17017920
]
Lyor Goldstein commented on SSHD-964:
-
{quote}
Let me know if we can commit
[
https://issues.apache.org/jira/browse/SSHD-964?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Work on SSHD-964 started by Lyor Goldstein.
---
> SSH_MSG_CHANNEL_EOF never sent or received for local and remote p
101 - 200 of 1468 matches
Mail list logo
