admin: upgrade sshd library to 1.6.0

Motivation: Use latest version to avoid rediscovering bugs. Rather worryingly, all traces of releases v1.3.0 (which we're currently using) through to v1.5.0 are missing from the Apache SSHD webpage. Modification: The support for multiple hostkeys seems to be gone, so that is removed from dCache configuration. The check that the supplied hostkey path corresponds to a readable file is moved to the Spring injection point. This makes any such problem more visible. Result: Newer version of library with (hopefully) fewer bugs. Target: master Require-notes: no Require-book: no Patch: https://rb.dcache.org/r/10624/ Acked-by: Albert Rossi
dCache · Nov 10, 2017 · 2dfc71f · 2dfc71f
1 parent 81e9d17
commit 2dfc71f
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 19 deletions.
diff --git a/modules/dcache/src/main/java/org/dcache/services/ssh2/Ssh2Admin.java b/modules/dcache/src/main/java/org/dcache/services/ssh2/Ssh2Admin.java
@@ -6,17 +6,19 @@
 import org.apache.sshd.common.NamedFactory;
 import org.apache.sshd.common.PropertyResolverUtils;
 import org.apache.sshd.common.config.keys.KeyUtils;
-import org.apache.sshd.common.keyprovider.AbstractFileKeyPairProvider;
+import org.apache.sshd.common.keyprovider.KeyPairProvider;
 import org.apache.sshd.common.session.Session;
 import org.apache.sshd.common.session.SessionListener;
-import org.apache.sshd.common.util.SecurityUtils;
+import org.apache.sshd.common.util.security.SecurityUtils;
 import org.apache.sshd.server.Command;
 import org.apache.sshd.server.SshServer;
 import org.apache.sshd.server.auth.password.PasswordAuthenticator;
 import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
 import org.apache.sshd.server.session.ServerSession;
+
 import org.dcache.util.Glob;
 import org.dcache.util.Subnet;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Required;
@@ -29,6 +31,8 @@
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.security.NoSuchAlgorithmException;
 import java.security.PublicKey;
 import java.security.spec.InvalidKeySpecException;
@@ -55,8 +59,6 @@
 import org.dcache.util.Files;
 import org.dcache.util.NetLoggerBuilder;
 
-import static java.util.stream.Collectors.toList;
-
 /**
  * This class starts the ssh server. It is however not started in the
  * constructor, but in afterStart() to avoid race conditions. The class starts
@@ -78,7 +80,7 @@ public class Ssh2Admin implements CellCommandListener, CellLifeCycleAware
 
     private final SshServer _server;
     // UniversalSpringCell injected parameters
-    private List<File> _hostKeys;
+    private Path _hostKey;
     private File _authorizedKeyList;
     private String _host;
     private int _port;
@@ -125,8 +127,9 @@ public int getAdminGroupId() {
         return _adminGroupId;
     }
 
-    public void setHostKeys(String[] keys) {
-        _hostKeys = Stream.of(keys).map(File::new).collect(toList());
+    public void setHostKeys(String key) throws IOException {
+        Files.checkFile(key);
+        _hostKey = Paths.get(key);
     }
 
     public File getAuthorizedKeyList() {
@@ -184,16 +187,8 @@ public void beforeStop() {
     }
 
     private void configureKeyFiles() {
-        try {
-            for (File key : _hostKeys) {
-                Files.checkFile(key);
-            }
-            AbstractFileKeyPairProvider fKeyPairProvider = SecurityUtils.createFileKeyPairProvider();
-            fKeyPairProvider.setFiles(_hostKeys);
-            _server.setKeyPairProvider(fKeyPairProvider);
-        } catch (IOException e) {
-            throw new RuntimeException(e.getMessage(), e);
-        }
+        KeyPairProvider keyPair = SecurityUtils.createGeneratorHostKeyProvider(_hostKey);
+        _server.setKeyPairProvider(keyPair);
     }
 
     private void startServer() {

diff --git a/pom.xml b/pom.xml
@@ -514,7 +514,7 @@
             <dependency>
                 <groupId>org.apache.sshd</groupId>
                 <artifactId>sshd-core</artifactId>
-                <version>1.3.0</version>
+                <version>1.6.0</version>
             </dependency>
             <dependency>
                 <!-- Newer versions have two problems. A performance regression causes it to block on non-responding network

diff --git a/skel/share/defaults/admin.properties b/skel/share/defaults/admin.properties
@@ -59,7 +59,7 @@ admin.paths.authorized-keys = ${dcache.paths.admin}/authorized_keys2
 
 #  ---- Hostkey location
 #
-#  A comma separated list paths of of ssh server host keys.
+#  The path of the ssh server host key.
 #
 (obsolete)admin.paths.dsa-host-key.private = Use admin.paths.host-keys
 (obsolete)admin.paths.dsa-host-key.public = No longer used