com.maverick.sshd

Interface AuthenticationMechanism

All Known Implementing Classes:

GSSAPIWithMICAuthentication, KeyboardInteractiveAuthentication, NoneAuthentication, PasswordAuthentication, PublicKeyAuthentication

public interface AuthenticationMechanism

Each authentication mechanism the server supports should implement this interface. When an authentication request is received from the client the server looks up the authentication method name, for example "password" from the com.maverick.sshd.ConfigurationContext. To support a new type of SSH authentication mechanism, or to overide an existing implementation you should add its Class object to the ConfigurationContext. This can be acheived by adding the following code to your com.maverick.sshd.SshDaemon code implementation of the com.maverick.sshd.SshDaemon#configure(ConfigurationContext) method.

 protected void configure(ConfigurationContext context) {
        context.supportedAuthenticationMechanisms().add("kerberos@sshtools.com",
                        Class.forName("com.sshtools.kerberos.SSHKerberos"));
 }
 

The SSH protocol recommends that method names are in the name@domain.com syntax.

The server will initialize your authentication object first by calling the #init(com.maverick.sshd.TransportProtocol, com.maverick.sshd.AuthenticationProtocol, byte[]) method, you should save the variables provided as these will be required to communicate back to the client. Once initialized the transaction will be started by the server by calling the startRequest(java.lang.String, byte[]) method. Here you will be provided with the users' name and the request specific data. How you proceed from here depends upon the authentication mechanism, in the standard password authentication mechanism, the password is provided in the request data and a native login takes place. If the authentication is successful your implementation should call the AuthenticationProtocol.completedAuthentication() method, if it fails call AuthenticationProtocol.failedAuthentication() instead.

If your mechanism require further SSH messages to be sent you send them using com.maverick.sshd.TransportProtocol#sendMessage(SshMessage) and messages sent by the client will be received by your processMessage(byte[]) implementation.

Author:

Lee David Painter

Method Summary

Modifier and Type	Method and Description
String	getMethod() Return the SSH method name for this authentication.
boolean	processMessage(byte[] msg) If the SSH protocol authentication method defines additional messages which are sent from the client, they will be passed into your implementation here when received.
boolean	startRequest(String username, byte[] msg) Start an authentication transaction.

Method Detail

startRequest

boolean startRequest(String username,
                     byte[] msg)
              throws IOException

Start an authentication transaction. If the authentication mechanism is simple and you can determine the result from all information received in the SSH_MSG_USERAUTH_REQUEST message, you should call the approriate completion methods on the AuthenticationProtocol instance that was passed in the initialization process. The request data varies according to the authentication method.

 if (success)
        authentication.completedAuthentication(method, username, service);
 else
        authentication.failedAuthentication(method);
 

Parameters:

username -

msg - the request data from the SSH_MSG_USERAUTH_REQUEST message

Returns:

true if the message was processed, otherwise false

Throws:

IOException

processMessage

boolean processMessage(byte[] msg)
                throws IOException

If the SSH protocol authentication method defines additional messages which are sent from the client, they will be passed into your implementation here when received.

Parameters:

msg -

Returns:

boolean

Throws:

IOException

getMethod

String getMethod()

Return the SSH method name for this authentication. e.g "password"

Returns:

String