Minecraft-SSHD/Minecraft-SSHD-Bukkit/src/main/java/com/ryanmichela/sshd/PublicKeyAuthenticator.java

package com.ryanmichela.sshd;

import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;
import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
import org.apache.sshd.server.session.ServerSession;

import java.io.File;
import java.util.List;
import java.util.HashMap;
import java.util.Map;
import java.io.FileReader;
import java.security.PublicKey;

/**
 * Copyright 2013 Ryan Michela
 */
public class PublicKeyAuthenticator implements PublickeyAuthenticator
{
	private File authorizedKeysDir;
	private Map<String, Integer> FailCounts = new HashMap<String, Integer>();

	public PublicKeyAuthenticator(File authorizedKeysDir) { this.authorizedKeysDir = authorizedKeysDir; }

	@Override public boolean authenticate(String username, PublicKey key, ServerSession session)
	{
		byte[] keyBytes = key.getEncoded();
		File keyFile 	= new File(authorizedKeysDir, username);
		Integer tries   = SshdPlugin.instance.getConfig().getInt("LoginRetries", 3);

		if (keyFile.exists())
		{
			try
            {
				// Read all the public key entries
                List<AuthorizedKeyEntry> pklist = AuthorizedKeyEntry.readAuthorizedKeys(keyFile.toPath());
                // Get an authenticator
                PublickeyAuthenticator auth = PublickeyAuthenticator.fromAuthorizedEntries(username, session, pklist,
                        PublicKeyEntryResolver.IGNORING);

				// Validate that the logging in user has the same valid SSH key
				if (auth.authenticate(username, key, session))
				{
					FailCounts.put(username, 0);
					return true;
				}
                else
                {
					SshdPlugin.instance.getLogger().info(
						username + " failed authentication via SSH session using key file " + keyFile.getAbsolutePath());
				}

				// If the user fails with several SSH keys, then terminate the connection.
				if (this.FailCounts.containsKey(username))
					this.FailCounts.put(username, this.FailCounts.get(username) + 1);
				else
					this.FailCounts.put(username, 1);

				if (this.FailCounts.get(username) >= tries)
				{
					this.FailCounts.put(username, 0);
					SshdPlugin.instance.getLogger().info("Too many failures for " + username + ", disconnecting.");
					session.close(true);
				}

				return false;
			}
			catch (Exception e)
			{
				e.printStackTrace();
				SshdPlugin.instance.getLogger().severe("Failed to process public key " + keyFile.getAbsolutePath());
			}
		}
		else
		{
			SshdPlugin.instance.getLogger().warning("Could not locate public key for " + username
													+ ". Make sure the user's key is named the same as their user name "
													+ "without a file extension.");
		}

		return false;
	}
}
Initial commit. 2013-11-14 07:17:51 +00:00			`package com.ryanmichela.sshd;`

Add support for authorized_keys files. Each user can have a set of authorized keys for public key authentication. This is better to support as it lets us use different algorithms and not just RSA. In the age of security, it's good to have variety. I also added additional libraries to support ed25519-based public keys. I updated the SSH libraries so any upstream bug fixes are applied, fixed some warnings and a few other things. 2019-10-03 02:14:56 +00:00			`import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;`
			`import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;`
Attempted fix for 1.12. 2017-11-13 01:02:19 +00:00			`import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;`
Initial commit. 2013-11-14 07:17:51 +00:00			`import org.apache.sshd.server.session.ServerSession;`

			`import java.io.File;`
Add support for authorized_keys files. Each user can have a set of authorized keys for public key authentication. This is better to support as it lets us use different algorithms and not just RSA. In the age of security, it's good to have variety. I also added additional libraries to support ed25519-based public keys. I updated the SSH libraries so any upstream bug fixes are applied, fixed some warnings and a few other things. 2019-10-03 02:14:56 +00:00			`import java.util.List;`
Fixed a bug (open on the upstream fork), also rewote config. Fixed a bug that caused sessions to get overwritten and some of them would seem to freeze, the whole thing relied on undefined behavior. This bug was a static variable that copied sessions all around globally. Rewrote the config to support a few more options (the PasswordType is coming soon) and explained how the new authorized_users files work. Public key authentication now has the same number of retires that password authentication has (this aligns with how OpenSSH does it) and the number of retries can now be configured in the configuration. 2019-10-04 04:07:00 +00:00			`import java.util.HashMap;`
			`import java.util.Map;`
Initial commit. 2013-11-14 07:17:51 +00:00			`import java.io.FileReader;`
			`import java.security.PublicKey;`

			`/**`
			`* Copyright 2013 Ryan Michela`
			`*/`
Add support for authorized_keys files. Each user can have a set of authorized keys for public key authentication. This is better to support as it lets us use different algorithms and not just RSA. In the age of security, it's good to have variety. I also added additional libraries to support ed25519-based public keys. I updated the SSH libraries so any upstream bug fixes are applied, fixed some warnings and a few other things. 2019-10-03 02:14:56 +00:00			`public class PublicKeyAuthenticator implements PublickeyAuthenticator`
			`{`
Fixed a bug (open on the upstream fork), also rewote config. Fixed a bug that caused sessions to get overwritten and some of them would seem to freeze, the whole thing relied on undefined behavior. This bug was a static variable that copied sessions all around globally. Rewrote the config to support a few more options (the PasswordType is coming soon) and explained how the new authorized_users files work. Public key authentication now has the same number of retires that password authentication has (this aligns with how OpenSSH does it) and the number of retries can now be configured in the configuration. 2019-10-04 04:07:00 +00:00			`private File authorizedKeysDir;`
			`private Map<String, Integer> FailCounts = new HashMap<String, Integer>();`
Fix codestyle 2018-05-06 16:42:57 +00:00
Fixed a bug (open on the upstream fork), also rewote config. Fixed a bug that caused sessions to get overwritten and some of them would seem to freeze, the whole thing relied on undefined behavior. This bug was a static variable that copied sessions all around globally. Rewrote the config to support a few more options (the PasswordType is coming soon) and explained how the new authorized_users files work. Public key authentication now has the same number of retires that password authentication has (this aligns with how OpenSSH does it) and the number of retries can now be configured in the configuration. 2019-10-04 04:07:00 +00:00			`public PublicKeyAuthenticator(File authorizedKeysDir) { this.authorizedKeysDir = authorizedKeysDir; }`
Initial commit. 2013-11-14 07:17:51 +00:00
Add support for authorized_keys files. Each user can have a set of authorized keys for public key authentication. This is better to support as it lets us use different algorithms and not just RSA. In the age of security, it's good to have variety. I also added additional libraries to support ed25519-based public keys. I updated the SSH libraries so any upstream bug fixes are applied, fixed some warnings and a few other things. 2019-10-03 02:14:56 +00:00			`@Override public boolean authenticate(String username, PublicKey key, ServerSession session)`
			`{`
			`byte[] keyBytes = key.getEncoded();`
Fixed a bug (open on the upstream fork), also rewote config. Fixed a bug that caused sessions to get overwritten and some of them would seem to freeze, the whole thing relied on undefined behavior. This bug was a static variable that copied sessions all around globally. Rewrote the config to support a few more options (the PasswordType is coming soon) and explained how the new authorized_users files work. Public key authentication now has the same number of retires that password authentication has (this aligns with how OpenSSH does it) and the number of retries can now be configured in the configuration. 2019-10-04 04:07:00 +00:00			`File keyFile = new File(authorizedKeysDir, username);`
Added hover text and click to copy for /mkpasswd - Added hover text and click to copy so you can now copy your hash to the clipboard. - Added default values for the configuration in case none were set for some reason. - Validate permissions from the config (something I forgot to do) - Tell the user permission denied if they don't have permission to run the command. - Added a default pseudo-user for global permissions and rules. - Updated some verbage in the config comments 2020-03-27 04:43:34 +00:00			`Integer tries = SshdPlugin.instance.getConfig().getInt("LoginRetries", 3);`
Initial commit. 2013-11-14 07:17:51 +00:00
Add support for authorized_keys files. Each user can have a set of authorized keys for public key authentication. This is better to support as it lets us use different algorithms and not just RSA. In the age of security, it's good to have variety. I also added additional libraries to support ed25519-based public keys. I updated the SSH libraries so any upstream bug fixes are applied, fixed some warnings and a few other things. 2019-10-03 02:14:56 +00:00			`if (keyFile.exists())`
			`{`
			`try`
			`{`
Fixed a bug (open on the upstream fork), also rewote config. Fixed a bug that caused sessions to get overwritten and some of them would seem to freeze, the whole thing relied on undefined behavior. This bug was a static variable that copied sessions all around globally. Rewrote the config to support a few more options (the PasswordType is coming soon) and explained how the new authorized_users files work. Public key authentication now has the same number of retires that password authentication has (this aligns with how OpenSSH does it) and the number of retries can now be configured in the configuration. 2019-10-04 04:07:00 +00:00			`// Read all the public key entries`
Add support for authorized_keys files. Each user can have a set of authorized keys for public key authentication. This is better to support as it lets us use different algorithms and not just RSA. In the age of security, it's good to have variety. I also added additional libraries to support ed25519-based public keys. I updated the SSH libraries so any upstream bug fixes are applied, fixed some warnings and a few other things. 2019-10-03 02:14:56 +00:00			`List<AuthorizedKeyEntry> pklist = AuthorizedKeyEntry.readAuthorizedKeys(keyFile.toPath());`
Fixed a bug (open on the upstream fork), also rewote config. Fixed a bug that caused sessions to get overwritten and some of them would seem to freeze, the whole thing relied on undefined behavior. This bug was a static variable that copied sessions all around globally. Rewrote the config to support a few more options (the PasswordType is coming soon) and explained how the new authorized_users files work. Public key authentication now has the same number of retires that password authentication has (this aligns with how OpenSSH does it) and the number of retries can now be configured in the configuration. 2019-10-04 04:07:00 +00:00			`// Get an authenticator`
Add support for authorized_keys files. Each user can have a set of authorized keys for public key authentication. This is better to support as it lets us use different algorithms and not just RSA. In the age of security, it's good to have variety. I also added additional libraries to support ed25519-based public keys. I updated the SSH libraries so any upstream bug fixes are applied, fixed some warnings and a few other things. 2019-10-03 02:14:56 +00:00			`PublickeyAuthenticator auth = PublickeyAuthenticator.fromAuthorizedEntries(username, session, pklist,`
			`PublicKeyEntryResolver.IGNORING);`
Initial commit. 2013-11-14 07:17:51 +00:00
Fixed a bug (open on the upstream fork), also rewote config. Fixed a bug that caused sessions to get overwritten and some of them would seem to freeze, the whole thing relied on undefined behavior. This bug was a static variable that copied sessions all around globally. Rewrote the config to support a few more options (the PasswordType is coming soon) and explained how the new authorized_users files work. Public key authentication now has the same number of retires that password authentication has (this aligns with how OpenSSH does it) and the number of retries can now be configured in the configuration. 2019-10-04 04:07:00 +00:00			`// Validate that the logging in user has the same valid SSH key`
			`if (auth.authenticate(username, key, session))`
			`{`
			`FailCounts.put(username, 0);`
			`return true;`
Add support for authorized_keys files. Each user can have a set of authorized keys for public key authentication. This is better to support as it lets us use different algorithms and not just RSA. In the age of security, it's good to have variety. I also added additional libraries to support ed25519-based public keys. I updated the SSH libraries so any upstream bug fixes are applied, fixed some warnings and a few other things. 2019-10-03 02:14:56 +00:00			`}`
			`else`
			`{`
			`SshdPlugin.instance.getLogger().info(`
			`username + " failed authentication via SSH session using key file " + keyFile.getAbsolutePath());`
			`}`

Fixed a bug (open on the upstream fork), also rewote config. Fixed a bug that caused sessions to get overwritten and some of them would seem to freeze, the whole thing relied on undefined behavior. This bug was a static variable that copied sessions all around globally. Rewrote the config to support a few more options (the PasswordType is coming soon) and explained how the new authorized_users files work. Public key authentication now has the same number of retires that password authentication has (this aligns with how OpenSSH does it) and the number of retries can now be configured in the configuration. 2019-10-04 04:07:00 +00:00			`// If the user fails with several SSH keys, then terminate the connection.`
			`if (this.FailCounts.containsKey(username))`
			`this.FailCounts.put(username, this.FailCounts.get(username) + 1);`
			`else`
			`this.FailCounts.put(username, 1);`
Add support for authorized_keys files. Each user can have a set of authorized keys for public key authentication. This is better to support as it lets us use different algorithms and not just RSA. In the age of security, it's good to have variety. I also added additional libraries to support ed25519-based public keys. I updated the SSH libraries so any upstream bug fixes are applied, fixed some warnings and a few other things. 2019-10-03 02:14:56 +00:00
Fixed a bug (open on the upstream fork), also rewote config. Fixed a bug that caused sessions to get overwritten and some of them would seem to freeze, the whole thing relied on undefined behavior. This bug was a static variable that copied sessions all around globally. Rewrote the config to support a few more options (the PasswordType is coming soon) and explained how the new authorized_users files work. Public key authentication now has the same number of retires that password authentication has (this aligns with how OpenSSH does it) and the number of retries can now be configured in the configuration. 2019-10-04 04:07:00 +00:00			`if (this.FailCounts.get(username) >= tries)`
Add support for authorized_keys files. Each user can have a set of authorized keys for public key authentication. This is better to support as it lets us use different algorithms and not just RSA. In the age of security, it's good to have variety. I also added additional libraries to support ed25519-based public keys. I updated the SSH libraries so any upstream bug fixes are applied, fixed some warnings and a few other things. 2019-10-03 02:14:56 +00:00			`{`
Fixed a bug (open on the upstream fork), also rewote config. Fixed a bug that caused sessions to get overwritten and some of them would seem to freeze, the whole thing relied on undefined behavior. This bug was a static variable that copied sessions all around globally. Rewrote the config to support a few more options (the PasswordType is coming soon) and explained how the new authorized_users files work. Public key authentication now has the same number of retires that password authentication has (this aligns with how OpenSSH does it) and the number of retries can now be configured in the configuration. 2019-10-04 04:07:00 +00:00			`this.FailCounts.put(username, 0);`
Added 3 new password hashing schemes Support for bcrypt, sha256, pbkdf2 and plain text ofc. This makes password-based auth actually secure. 2019-10-06 07:08:34 +00:00			`SshdPlugin.instance.getLogger().info("Too many failures for " + username + ", disconnecting.");`
Fixed a bug (open on the upstream fork), also rewote config. Fixed a bug that caused sessions to get overwritten and some of them would seem to freeze, the whole thing relied on undefined behavior. This bug was a static variable that copied sessions all around globally. Rewrote the config to support a few more options (the PasswordType is coming soon) and explained how the new authorized_users files work. Public key authentication now has the same number of retires that password authentication has (this aligns with how OpenSSH does it) and the number of retries can now be configured in the configuration. 2019-10-04 04:07:00 +00:00			`session.close(true);`
Add support for authorized_keys files. Each user can have a set of authorized keys for public key authentication. This is better to support as it lets us use different algorithms and not just RSA. In the age of security, it's good to have variety. I also added additional libraries to support ed25519-based public keys. I updated the SSH libraries so any upstream bug fixes are applied, fixed some warnings and a few other things. 2019-10-03 02:14:56 +00:00			`}`
Fixed a bug (open on the upstream fork), also rewote config. Fixed a bug that caused sessions to get overwritten and some of them would seem to freeze, the whole thing relied on undefined behavior. This bug was a static variable that copied sessions all around globally. Rewrote the config to support a few more options (the PasswordType is coming soon) and explained how the new authorized_users files work. Public key authentication now has the same number of retires that password authentication has (this aligns with how OpenSSH does it) and the number of retries can now be configured in the configuration. 2019-10-04 04:07:00 +00:00
			`return false;`
Add support for authorized_keys files. Each user can have a set of authorized keys for public key authentication. This is better to support as it lets us use different algorithms and not just RSA. In the age of security, it's good to have variety. I also added additional libraries to support ed25519-based public keys. I updated the SSH libraries so any upstream bug fixes are applied, fixed some warnings and a few other things. 2019-10-03 02:14:56 +00:00			`}`
			`catch (Exception e)`
			`{`
Added hover text and click to copy for /mkpasswd - Added hover text and click to copy so you can now copy your hash to the clipboard. - Added default values for the configuration in case none were set for some reason. - Validate permissions from the config (something I forgot to do) - Tell the user permission denied if they don't have permission to run the command. - Added a default pseudo-user for global permissions and rules. - Updated some verbage in the config comments 2020-03-27 04:43:34 +00:00			`e.printStackTrace();`
			`SshdPlugin.instance.getLogger().severe("Failed to process public key " + keyFile.getAbsolutePath());`
Add support for authorized_keys files. Each user can have a set of authorized keys for public key authentication. This is better to support as it lets us use different algorithms and not just RSA. In the age of security, it's good to have variety. I also added additional libraries to support ed25519-based public keys. I updated the SSH libraries so any upstream bug fixes are applied, fixed some warnings and a few other things. 2019-10-03 02:14:56 +00:00			`}`
			`}`
			`else`
			`{`
			`SshdPlugin.instance.getLogger().warning("Could not locate public key for " + username`
			`+ ". Make sure the user's key is named the same as their user name "`
			`+ "without a file extension.");`
			`}`

			`return false;`
			`}`
Initial commit. 2013-11-14 07:17:51 +00:00			`}`