├── .gitignore ├── LICENSE.MIT ├── build.gradle ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat └── src └── main ├── java └── com │ └── goeswhere │ └── sshkeycapture │ ├── CommandWrapper.java │ ├── KeyCapture.java │ └── SampleApp.java └── resources └── logback.xml /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | build 3 | *.iml 4 | .gradle 5 | -------------------------------------------------------------------------------- /LICENSE.MIT: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Chris West 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /build.gradle: -------------------------------------------------------------------------------- 1 | apply plugin: 'java' 2 | apply plugin: 'application' 3 | 4 | sourceCompatibility = 1.8 5 | 6 | repositories { 7 | mavenCentral() 8 | } 9 | 10 | dependencies { 11 | compile 'org.apache.sshd:sshd-core:1.0.0'; 12 | compile 'com.google.code.findbugs:jsr305:3.0.0'; 13 | 14 | compile 'org.slf4j:slf4j-simple:1.7.12'; 15 | } 16 | 17 | mainClassName = "com.goeswhere.sshkeycapture.SampleApp" 18 | 19 | task wrapper(type: Wrapper) { 20 | gradleVersion = '2.5' 21 | } 22 | 23 | run { 24 | standardInput = System.in 25 | } 26 | -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FauxFaux/ssh-key-capture/efd2d4b5ec077c5f14ee0a9287e781f20a2298da/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | #Thu Oct 01 22:55:22 BST 2015 2 | distributionBase=GRADLE_USER_HOME 3 | distributionPath=wrapper/dists 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | distributionUrl=https\://services.gradle.org/distributions/gradle-2.5-all.zip 7 | -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ############################################################################## 4 | ## 5 | ## Gradle start up script for UN*X 6 | ## 7 | ############################################################################## 8 | 9 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 10 | DEFAULT_JVM_OPTS="" 11 | 12 | APP_NAME="Gradle" 13 | APP_BASE_NAME=`basename "$0"` 14 | 15 | # Use the maximum available, or set MAX_FD != -1 to use that value. 16 | MAX_FD="maximum" 17 | 18 | warn ( ) { 19 | echo "$*" 20 | } 21 | 22 | die ( ) { 23 | echo 24 | echo "$*" 25 | echo 26 | exit 1 27 | } 28 | 29 | # OS specific support (must be 'true' or 'false'). 30 | cygwin=false 31 | msys=false 32 | darwin=false 33 | case "`uname`" in 34 | CYGWIN* ) 35 | cygwin=true 36 | ;; 37 | Darwin* ) 38 | darwin=true 39 | ;; 40 | MINGW* ) 41 | msys=true 42 | ;; 43 | esac 44 | 45 | # For Cygwin, ensure paths are in UNIX format before anything is touched. 46 | if $cygwin ; then 47 | [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 48 | fi 49 | 50 | # Attempt to set APP_HOME 51 | # Resolve links: $0 may be a link 52 | PRG="$0" 53 | # Need this for relative symlinks. 54 | while [ -h "$PRG" ] ; do 55 | ls=`ls -ld "$PRG"` 56 | link=`expr "$ls" : '.*-> \(.*\)$'` 57 | if expr "$link" : '/.*' > /dev/null; then 58 | PRG="$link" 59 | else 60 | PRG=`dirname "$PRG"`"/$link" 61 | fi 62 | done 63 | SAVED="`pwd`" 64 | cd "`dirname \"$PRG\"`/" >&- 65 | APP_HOME="`pwd -P`" 66 | cd "$SAVED" >&- 67 | 68 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 69 | 70 | # Determine the Java command to use to start the JVM. 71 | if [ -n "$JAVA_HOME" ] ; then 72 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 73 | # IBM's JDK on AIX uses strange locations for the executables 74 | JAVACMD="$JAVA_HOME/jre/sh/java" 75 | else 76 | JAVACMD="$JAVA_HOME/bin/java" 77 | fi 78 | if [ ! -x "$JAVACMD" ] ; then 79 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 80 | 81 | Please set the JAVA_HOME variable in your environment to match the 82 | location of your Java installation." 83 | fi 84 | else 85 | JAVACMD="java" 86 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 87 | 88 | Please set the JAVA_HOME variable in your environment to match the 89 | location of your Java installation." 90 | fi 91 | 92 | # Increase the maximum file descriptors if we can. 93 | if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then 94 | MAX_FD_LIMIT=`ulimit -H -n` 95 | if [ $? -eq 0 ] ; then 96 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 97 | MAX_FD="$MAX_FD_LIMIT" 98 | fi 99 | ulimit -n $MAX_FD 100 | if [ $? -ne 0 ] ; then 101 | warn "Could not set maximum file descriptor limit: $MAX_FD" 102 | fi 103 | else 104 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 105 | fi 106 | fi 107 | 108 | # For Darwin, add options to specify how the application appears in the dock 109 | if $darwin; then 110 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 111 | fi 112 | 113 | # For Cygwin, switch paths to Windows format before running java 114 | if $cygwin ; then 115 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 116 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 117 | 118 | # We build the pattern for arguments to be converted via cygpath 119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 120 | SEP="" 121 | for dir in $ROOTDIRSRAW ; do 122 | ROOTDIRS="$ROOTDIRS$SEP$dir" 123 | SEP="|" 124 | done 125 | OURCYGPATTERN="(^($ROOTDIRS))" 126 | # Add a user-defined pattern to the cygpath arguments 127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 129 | fi 130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 131 | i=0 132 | for arg in "$@" ; do 133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 135 | 136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 138 | else 139 | eval `echo args$i`="\"$arg\"" 140 | fi 141 | i=$((i+1)) 142 | done 143 | case $i in 144 | (0) set -- ;; 145 | (1) set -- "$args0" ;; 146 | (2) set -- "$args0" "$args1" ;; 147 | (3) set -- "$args0" "$args1" "$args2" ;; 148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 154 | esac 155 | fi 156 | 157 | # Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules 158 | function splitJvmOpts() { 159 | JVM_OPTS=("$@") 160 | } 161 | eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS 162 | JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME" 163 | 164 | exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@" 165 | -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem Gradle startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 12 | set DEFAULT_JVM_OPTS= 13 | 14 | set DIRNAME=%~dp0 15 | if "%DIRNAME%" == "" set DIRNAME=. 16 | set APP_BASE_NAME=%~n0 17 | set APP_HOME=%DIRNAME% 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windowz variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | if "%@eval[2+2]" == "4" goto 4NT_args 53 | 54 | :win9xME_args 55 | @rem Slurp the command line arguments. 56 | set CMD_LINE_ARGS= 57 | set _SKIP=2 58 | 59 | :win9xME_args_slurp 60 | if "x%~1" == "x" goto execute 61 | 62 | set CMD_LINE_ARGS=%* 63 | goto execute 64 | 65 | :4NT_args 66 | @rem Get arguments from the 4NT Shell from JP Software 67 | set CMD_LINE_ARGS=%$ 68 | 69 | :execute 70 | @rem Setup the command line 71 | 72 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 73 | 74 | @rem Execute Gradle 75 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% 76 | 77 | :end 78 | @rem End local scope for the variables with windows NT shell 79 | if "%ERRORLEVEL%"=="0" goto mainEnd 80 | 81 | :fail 82 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 83 | rem the _cmd.exe /c_ return code! 84 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 85 | exit /b 1 86 | 87 | :mainEnd 88 | if "%OS%"=="Windows_NT" endlocal 89 | 90 | :omega 91 | -------------------------------------------------------------------------------- /src/main/java/com/goeswhere/sshkeycapture/CommandWrapper.java: -------------------------------------------------------------------------------- 1 | package com.goeswhere.sshkeycapture; 2 | 3 | import org.apache.sshd.common.Factory; 4 | import org.apache.sshd.server.Command; 5 | import org.apache.sshd.server.Environment; 6 | import org.apache.sshd.server.ExitCallback; 7 | import org.apache.sshd.server.SessionAware; 8 | import org.apache.sshd.server.session.ServerSession; 9 | import org.slf4j.Logger; 10 | import org.slf4j.LoggerFactory; 11 | 12 | import java.io.IOException; 13 | import java.io.InputStream; 14 | import java.io.OutputStream; 15 | 16 | public abstract class CommandWrapper implements Command, SessionAware { 17 | private static final Logger logger = LoggerFactory.getLogger(CommandWrapper.class); 18 | 19 | private ExitCallback callback; 20 | private InputStream in; 21 | private OutputStream out; 22 | private OutputStream err; 23 | protected ServerSession session; 24 | 25 | @Override 26 | public void start(Environment env) throws IOException { 27 | new Thread("command-wrapper") { 28 | @Override 29 | public void run() { 30 | int code = 0; 31 | try { 32 | code = CommandWrapper.this.run(in, out, err); 33 | } catch (Exception e) { 34 | code = 1; 35 | logger.error("command failed", e); 36 | } finally { 37 | closeQuietly(out, err); 38 | callback.onExit(code); 39 | } 40 | } 41 | }.start(); 42 | } 43 | 44 | @FunctionalInterface 45 | public interface CommandRunner { 46 | int run(InputStream in, OutputStream out, OutputStream err, ServerSession session) throws IOException; 47 | } 48 | 49 | public static Factory wrap(CommandRunner runner) { 50 | return () -> new CommandWrapper() { 51 | @Override 52 | public int run(InputStream in, OutputStream out, OutputStream err) throws IOException { 53 | return runner.run(in, out, err, session); 54 | } 55 | }; 56 | } 57 | 58 | public abstract int run(InputStream in, OutputStream out, OutputStream err) throws IOException; 59 | 60 | @Override 61 | public void setSession(ServerSession session) { 62 | this.session = session; 63 | } 64 | 65 | @Override 66 | public void setOutputStream(OutputStream out) { 67 | this.out = out; 68 | } 69 | 70 | @Override 71 | public void setInputStream(InputStream in) { 72 | this.in = in; 73 | } 74 | 75 | @Override 76 | public void setExitCallback(ExitCallback callback) { 77 | this.callback = callback; 78 | } 79 | 80 | @Override 81 | public void setErrorStream(OutputStream err) { 82 | this.err = err; 83 | } 84 | 85 | @Override 86 | public void destroy() { 87 | } 88 | 89 | private static void closeQuietly(OutputStream... streams) { 90 | for (OutputStream o : streams) { 91 | try { 92 | o.flush(); 93 | o.close(); 94 | } catch (IOException e) { 95 | logger.debug("couldn't close stream", e); 96 | } 97 | } 98 | } 99 | } 100 | -------------------------------------------------------------------------------- /src/main/java/com/goeswhere/sshkeycapture/KeyCapture.java: -------------------------------------------------------------------------------- 1 | package com.goeswhere.sshkeycapture; 2 | 3 | import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider; 4 | import org.apache.sshd.common.session.Session; 5 | import org.apache.sshd.common.util.SecurityUtils; 6 | import org.apache.sshd.server.SshServer; 7 | import org.slf4j.Logger; 8 | import org.slf4j.LoggerFactory; 9 | 10 | import javax.annotation.concurrent.GuardedBy; 11 | import java.io.IOException; 12 | import java.io.PrintStream; 13 | import java.security.GeneralSecurityException; 14 | import java.security.KeyPair; 15 | import java.security.PublicKey; 16 | import java.util.*; 17 | 18 | public class KeyCapture implements AutoCloseable { 19 | private static final Logger logger = LoggerFactory.getLogger(KeyCapture.class); 20 | 21 | static final Session.AttributeKey ACCOUNT_NAME = new Session.AttributeKey<>(); 22 | static final Session.AttributeKey JUST_ADDED = new Session.AttributeKey<>(); 23 | 24 | private final SshServer sshd = SshServer.setUpDefaultServer(); 25 | private final KeyPair serverKeyPair = serverKeyPair(); 26 | 27 | @GuardedBy("this") 28 | private final Map userDatabase = new HashMap<>(); 29 | @GuardedBy("this") 30 | private final Map issuedTokens = new HashMap<>(); 31 | 32 | public KeyCapture() { 33 | sshd.setPort(9422); 34 | 35 | sshd.setPublickeyAuthenticator((username, key, session) -> { 36 | final String expectedKey; 37 | final String fingerprint = fingerprint(key); 38 | 39 | synchronized (KeyCapture.this) { 40 | final String newUser = issuedTokens.get(username); 41 | if (null != newUser) { 42 | userDatabase.put(newUser, fingerprint); 43 | session.setAttribute(JUST_ADDED, true); 44 | session.setAttribute(ACCOUNT_NAME, username); 45 | return true; 46 | } 47 | 48 | expectedKey = userDatabase.get(username); 49 | } 50 | 51 | logger.info("{} trying to authenticate with {}, db contains {}", username, fingerprint, expectedKey); 52 | 53 | if (null == expectedKey || !expectedKey.equals(fingerprint)) { 54 | return false; 55 | } 56 | 57 | session.setAttribute(ACCOUNT_NAME, username); 58 | session.setAttribute(JUST_ADDED, false); 59 | return true; 60 | }); 61 | 62 | sshd.setKeyPairProvider(new AbstractKeyPairProvider() { 63 | @Override 64 | public Iterable loadKeys() { 65 | return Collections.singleton(serverKeyPair); 66 | } 67 | }); 68 | 69 | sshd.setShellFactory(CommandWrapper.wrap((in, out, err, session) -> { 70 | try (final PrintStream ps = new PrintStream(out)) { 71 | final String whom = session.getAttribute(ACCOUNT_NAME); 72 | 73 | if (session.getAttribute(JUST_ADDED)) { 74 | ps.println("Added successfully! You can now log-in normally.\r"); 75 | synchronized (KeyCapture.this) { 76 | issuedTokens.remove(whom); 77 | } 78 | return 0; 79 | } 80 | ps.println("Hi! You've successfully authenticated as " + whom + "\r"); 81 | ps.println("Bye!\r"); 82 | } 83 | return 0; 84 | })); 85 | } 86 | 87 | public void start() throws IOException { 88 | sshd.start(); 89 | } 90 | 91 | public void close() throws IOException { 92 | sshd.close(); 93 | } 94 | 95 | private static KeyPair serverKeyPair() { 96 | try { 97 | return SecurityUtils.getKeyPairGenerator("RSA").generateKeyPair(); 98 | } catch (GeneralSecurityException e) { 99 | throw new IllegalStateException("couldn't generate a key", e); 100 | } 101 | } 102 | 103 | static String fingerprint(PublicKey key) { 104 | return key.getAlgorithm() + " " + Base64.getEncoder().encodeToString(key.getEncoded()); 105 | } 106 | 107 | public synchronized String newTokenFor(String user) { 108 | final String newUuid = UUID.randomUUID().toString(); 109 | issuedTokens.put(newUuid, user); 110 | return newUuid; 111 | } 112 | 113 | public Map getUsers() { 114 | return Collections.unmodifiableMap(userDatabase); 115 | } 116 | } 117 | -------------------------------------------------------------------------------- /src/main/java/com/goeswhere/sshkeycapture/SampleApp.java: -------------------------------------------------------------------------------- 1 | package com.goeswhere.sshkeycapture; 2 | 3 | import java.io.BufferedReader; 4 | import java.io.IOException; 5 | import java.io.InputStreamReader; 6 | import java.nio.charset.StandardCharsets; 7 | 8 | public class SampleApp { 9 | public static void main(String[] args) throws IOException { 10 | 11 | try (final KeyCapture keyCapture = new KeyCapture(); 12 | final BufferedReader stdin = new BufferedReader(new InputStreamReader(System.in, StandardCharsets.UTF_8))) { 13 | 14 | keyCapture.start(); 15 | 16 | while (true) { 17 | System.out.print("Enter a new user name, or blank to exit: "); 18 | final String user = trimAndCoalesce(stdin.readLine()); 19 | if (user.isEmpty()) { 20 | printCapturedUsers(keyCapture); 21 | return; 22 | } 23 | 24 | final String newUuid = keyCapture.newTokenFor(user); 25 | 26 | System.out.println("Ask '" + user + "' to ssh to '" + newUuid + "@...'"); 27 | } 28 | } 29 | } 30 | 31 | private static String trimAndCoalesce(String line) { 32 | if (null == line) { 33 | return ""; 34 | } 35 | return line.trim(); 36 | } 37 | 38 | private static void printCapturedUsers(KeyCapture keyCapture) { 39 | System.out.println("captured users:"); 40 | keyCapture.getUsers().forEach((name, key) -> { 41 | System.out.println(name + ": " + key); 42 | }); 43 | } 44 | } -------------------------------------------------------------------------------- /src/main/resources/logback.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | --------------------------------------------------------------------------------