From 1595e7a99c5540d31397f89eee5183b8eed75933 Mon Sep 17 00:00:00 2001
From: Shikhar Bhushan <shikhar@schmizz.net>
Date: Sat, 27 Feb 2010 15:36:58 +0100
Subject: [PATCH] import local

---
 LICENSE                                       |  202 ++
 NOTICE                                        |    8 +
 README                                        |    9 +
 buildfile                                     |   27 +
 src/main/java/examples/Exec.java              |   48 +
 src/main/java/examples/LocalPF.java           |   55 +
 src/main/java/examples/MTTest.java            |   56 +
 src/main/java/examples/RemotePF.java          |   62 +
 src/main/java/examples/RudimentaryPTY.java    |   76 +
 src/main/java/examples/SCPDownload.java       |   43 +
 src/main/java/examples/SCPUpload.java         |   46 +
 src/main/java/examples/SFTPDownload.java      |   42 +
 src/main/java/examples/SFTPUpload.java        |   40 +
 src/main/java/examples/X11.java               |   72 +
 .../java/net/schmizz/concurrent/Event.java    |   84 +
 .../schmizz/concurrent/ExceptionChainer.java  |   40 +
 .../java/net/schmizz/concurrent/Future.java   |  204 ++
 .../net/schmizz/concurrent/FutureUtils.java   |   32 +
 .../net/schmizz/sshj/AbstractService.java     |   83 +
 src/main/java/net/schmizz/sshj/Config.java    |  145 ++
 .../java/net/schmizz/sshj/ConfigImpl.java     |  152 ++
 .../java/net/schmizz/sshj/DefaultConfig.java  |  168 ++
 src/main/java/net/schmizz/sshj/SSHClient.java |  642 +++++++
 src/main/java/net/schmizz/sshj/Service.java   |   50 +
 .../java/net/schmizz/sshj/SocketClient.java   |  206 ++
 .../java/net/schmizz/sshj/common/Base64.java  | 1705 +++++++++++++++++
 .../java/net/schmizz/sshj/common/Buffer.java  |  531 +++++
 .../schmizz/sshj/common/ByteArrayUtils.java   |  146 ++
 .../schmizz/sshj/common/DisconnectReason.java |   56 +
 .../schmizz/sshj/common/ErrorNotifiable.java  |   41 +
 .../java/net/schmizz/sshj/common/Factory.java |  119 ++
 .../java/net/schmizz/sshj/common/IOUtils.java |   58 +
 .../java/net/schmizz/sshj/common/KeyType.java |   74 +
 .../java/net/schmizz/sshj/common/Message.java |  106 +
 .../net/schmizz/sshj/common/SSHException.java |  122 ++
 .../net/schmizz/sshj/common/SSHPacket.java    |   96 +
 .../schmizz/sshj/common/SSHPacketHandler.java |   35 +
 .../sshj/common/SSHRuntimeException.java      |   59 +
 .../schmizz/sshj/common/SecurityUtils.java    |  277 +++
 .../net/schmizz/sshj/common/StreamCopier.java |  128 ++
 .../schmizz/sshj/connection/Connection.java   |  150 ++
 .../sshj/connection/ConnectionException.java  |   86 +
 .../sshj/connection/ConnectionProtocol.java   |  234 +++
 .../connection/channel/AbstractChannel.java   |  382 ++++
 .../sshj/connection/channel/Channel.java      |  148 ++
 .../channel/ChannelInputStream.java           |  171 ++
 .../channel/ChannelOutputStream.java          |  158 ++
 .../connection/channel/OpenFailException.java |  100 +
 .../sshj/connection/channel/Window.java       |  113 ++
 .../channel/direct/AbstractDirectChannel.java |  101 +
 .../channel/direct/LocalPortForwarder.java    |  147 ++
 .../connection/channel/direct/PTYMode.java    |  179 ++
 .../connection/channel/direct/Session.java    |  248 +++
 .../channel/direct/SessionChannel.java        |  219 +++
 .../channel/direct/SessionFactory.java        |   34 +
 .../connection/channel/direct/Signal.java     |   70 +
 .../forwarded/AbstractForwardedChannel.java   |   87 +
 .../AbstractForwardedChannelOpener.java       |   97 +
 .../channel/forwarded/ConnectListener.java    |   36 +
 .../forwarded/ForwardedChannelOpener.java     |   36 +
 .../forwarded/RemotePortForwarder.java        |  236 +++
 .../SocketForwardingConnectListener.java      |   76 +
 .../channel/forwarded/X11Forwarder.java       |   65 +
 .../net/schmizz/sshj/sftp/FileAttributes.java |  229 +++
 .../java/net/schmizz/sshj/sftp/FileMode.java  |   97 +
 .../java/net/schmizz/sshj/sftp/OpenMode.java  |   60 +
 .../net/schmizz/sshj/sftp/PacketReader.java   |  103 +
 .../net/schmizz/sshj/sftp/PacketType.java     |   71 +
 .../net/schmizz/sshj/sftp/PathComponents.java |   71 +
 .../net/schmizz/sshj/sftp/PathHelper.java     |   59 +
 .../sshj/sftp/RandomAccessRemoteFile.java     |  272 +++
 .../schmizz/sshj/sftp/RemoteDirectory.java    |   60 +
 .../net/schmizz/sshj/sftp/RemoteFile.java     |  175 ++
 .../net/schmizz/sshj/sftp/RemoteResource.java |   57 +
 .../sshj/sftp/RemoteResourceFilter.java       |   22 +
 .../schmizz/sshj/sftp/RemoteResourceInfo.java |   80 +
 .../java/net/schmizz/sshj/sftp/Request.java   |   52 +
 .../java/net/schmizz/sshj/sftp/Requester.java |   26 +
 .../java/net/schmizz/sshj/sftp/Response.java  |   90 +
 .../net/schmizz/sshj/sftp/SFTPClient.java     |  175 ++
 .../net/schmizz/sshj/sftp/SFTPEngine.java     |  215 +++
 .../net/schmizz/sshj/sftp/SFTPException.java  |   80 +
 .../schmizz/sshj/sftp/SFTPFileTransfer.java   |  251 +++
 .../net/schmizz/sshj/sftp/SFTPPacket.java     |   66 +
 .../schmizz/sshj/sftp/StatefulSFTPClient.java |  150 ++
 .../sshj/signature/AbstractSignature.java     |  100 +
 .../net/schmizz/sshj/signature/Signature.java |   89 +
 .../schmizz/sshj/signature/SignatureDSA.java  |  125 ++
 .../schmizz/sshj/signature/SignatureRSA.java  |   80 +
 .../net/schmizz/sshj/transport/Converter.java |   91 +
 .../net/schmizz/sshj/transport/Decoder.java   |  205 ++
 .../net/schmizz/sshj/transport/Encoder.java   |  167 ++
 .../schmizz/sshj/transport/Heartbeater.java   |   98 +
 .../schmizz/sshj/transport/KeyExchanger.java  |  365 ++++
 .../sshj/transport/NegotiatedAlgorithms.java  |  107 ++
 .../net/schmizz/sshj/transport/Proposal.java  |  176 ++
 .../net/schmizz/sshj/transport/Reader.java    |   86 +
 .../net/schmizz/sshj/transport/Transport.java |  190 ++
 .../sshj/transport/TransportException.java    |   87 +
 .../sshj/transport/TransportProtocol.java     |  548 ++++++
 .../sshj/transport/cipher/AES128CBC.java      |   56 +
 .../sshj/transport/cipher/AES128CTR.java      |   56 +
 .../sshj/transport/cipher/AES192CBC.java      |   56 +
 .../sshj/transport/cipher/AES192CTR.java      |   56 +
 .../sshj/transport/cipher/AES256CBC.java      |   56 +
 .../sshj/transport/cipher/AES256CTR.java      |   56 +
 .../sshj/transport/cipher/BaseCipher.java     |  101 +
 .../sshj/transport/cipher/BlowfishCBC.java    |   56 +
 .../schmizz/sshj/transport/cipher/Cipher.java |   77 +
 .../sshj/transport/cipher/NoneCipher.java     |   66 +
 .../sshj/transport/cipher/TripleDESCBC.java   |   56 +
 .../transport/compression/Compression.java    |   82 +
 .../compression/DelayedZlibCompression.java   |   61 +
 .../compression/NoneCompression.java          |   52 +
 .../compression/ZlibCompression.java          |  123 ++
 .../sshj/transport/digest/BaseDigest.java     |   87 +
 .../schmizz/sshj/transport/digest/Digest.java |   51 +
 .../schmizz/sshj/transport/digest/MD5.java    |   57 +
 .../schmizz/sshj/transport/digest/SHA1.java   |   57 +
 .../sshj/transport/kex/AbstractDHG.java       |  144 ++
 .../net/schmizz/sshj/transport/kex/DH.java    |  133 ++
 .../net/schmizz/sshj/transport/kex/DHG1.java  |   64 +
 .../net/schmizz/sshj/transport/kex/DHG14.java |   65 +
 .../sshj/transport/kex/DHGroupData.java       |  104 +
 .../sshj/transport/kex/KeyExchange.java       |   87 +
 .../schmizz/sshj/transport/mac/BaseMAC.java   |  117 ++
 .../schmizz/sshj/transport/mac/HMACMD5.java   |   56 +
 .../schmizz/sshj/transport/mac/HMACMD596.java |   57 +
 .../schmizz/sshj/transport/mac/HMACSHA1.java  |   56 +
 .../sshj/transport/mac/HMACSHA196.java        |   56 +
 .../net/schmizz/sshj/transport/mac/MAC.java   |   56 +
 .../transport/random/BouncyCastleRandom.java  |   70 +
 .../sshj/transport/random/JCERandom.java      |   82 +
 .../schmizz/sshj/transport/random/Random.java |   50 +
 .../random/SingletonRandomFactory.java        |   56 +
 .../verification/ConsoleHostKeyVerifier.java  |   76 +
 .../verification/HostKeyVerifier.java         |   38 +
 .../verification/InsecureAccepter.java        |   26 +
 .../verification/OpenSSHKnownHosts.java       |  267 +++
 .../net/schmizz/sshj/userauth/AuthParams.java |   56 +
 .../net/schmizz/sshj/userauth/UserAuth.java   |   99 +
 .../sshj/userauth/UserAuthException.java      |   88 +
 .../sshj/userauth/UserAuthProtocol.java       |  250 +++
 .../userauth/keyprovider/FileKeyProvider.java |   53 +
 .../userauth/keyprovider/KeyPairWrapper.java  |   71 +
 .../userauth/keyprovider/KeyProvider.java     |   56 +
 .../userauth/keyprovider/KeyProviderUtil.java |   57 +
 .../userauth/keyprovider/OpenSSHKeyFile.java  |   96 +
 .../userauth/keyprovider/PKCS8KeyFile.java    |  148 ++
 .../userauth/method/AbstractAuthMethod.java   |   94 +
 .../sshj/userauth/method/AuthHostbased.java   |   69 +
 .../sshj/userauth/method/AuthMethod.java      |   69 +
 .../sshj/userauth/method/AuthNone.java        |   49 +
 .../sshj/userauth/method/AuthPassword.java    |   94 +
 .../sshj/userauth/method/AuthPublickey.java   |  105 +
 .../sshj/userauth/method/KeyedAuthMethod.java |   94 +
 .../userauth/password/AccountResource.java    |   24 +
 .../userauth/password/PasswordFinder.java     |   45 +
 .../sshj/userauth/password/PasswordUtils.java |   68 +
 .../password/PrivateKeyFileResource.java      |   24 +
 .../sshj/userauth/password/Resource.java      |   36 +
 .../sshj/xfer/AbstractFileTransfer.java       |   48 +
 .../schmizz/sshj/xfer/DefaultModeGetter.java  |   49 +
 .../schmizz/sshj/xfer/DefaultModeSetter.java  |   41 +
 .../net/schmizz/sshj/xfer/FilePermission.java |   85 +
 .../net/schmizz/sshj/xfer/FileTransfer.java   |   34 +
 .../schmizz/sshj/xfer/FileTransferUtil.java   |   50 +
 .../net/schmizz/sshj/xfer/ModeGetter.java     |   60 +
 .../net/schmizz/sshj/xfer/ModeSetter.java     |   57 +
 .../sshj/xfer/scp/SCPDownloadClient.java      |  188 ++
 .../net/schmizz/sshj/xfer/scp/SCPEngine.java  |  201 ++
 .../schmizz/sshj/xfer/scp/SCPException.java   |   28 +
 .../sshj/xfer/scp/SCPFileTransfer.java        |   47 +
 .../sshj/xfer/scp/SCPUploadClient.java        |  120 ++
 src/test/java/net/schmizz/sshj/SmokeTest.java |  108 ++
 .../sshj/keyprovider/OpenSSHKeyFileTest.java  |  118 ++
 .../sshj/keyprovider/PKCS8KeyFileTest.java    |   62 +
 .../verification/KnownHostsTest.java          |   62 +
 .../sshj/util/BogusPasswordAuthenticator.java |   31 +
 .../net/schmizz/sshj/util/BufferTest.java     |  107 ++
 .../java/net/schmizz/sshj/util/KeyUtil.java   |   65 +
 src/test/resources/hostkey.pem                |   15 +
 src/test/resources/id_dsa                     |   15 +
 src/test/resources/id_dsa.pub                 |    1 +
 src/test/resources/id_rsa                     |   27 +
 src/test/resources/id_rsa.pub                 |    1 +
 src/test/resources/known_hosts                |    3 +
 187 files changed, 20583 insertions(+)
 create mode 100644 LICENSE
 create mode 100644 NOTICE
 create mode 100644 README
 create mode 100644 buildfile
 create mode 100644 src/main/java/examples/Exec.java
 create mode 100644 src/main/java/examples/LocalPF.java
 create mode 100644 src/main/java/examples/MTTest.java
 create mode 100644 src/main/java/examples/RemotePF.java
 create mode 100644 src/main/java/examples/RudimentaryPTY.java
 create mode 100644 src/main/java/examples/SCPDownload.java
 create mode 100644 src/main/java/examples/SCPUpload.java
 create mode 100644 src/main/java/examples/SFTPDownload.java
 create mode 100644 src/main/java/examples/SFTPUpload.java
 create mode 100644 src/main/java/examples/X11.java
 create mode 100644 src/main/java/net/schmizz/concurrent/Event.java
 create mode 100644 src/main/java/net/schmizz/concurrent/ExceptionChainer.java
 create mode 100644 src/main/java/net/schmizz/concurrent/Future.java
 create mode 100644 src/main/java/net/schmizz/concurrent/FutureUtils.java
 create mode 100644 src/main/java/net/schmizz/sshj/AbstractService.java
 create mode 100644 src/main/java/net/schmizz/sshj/Config.java
 create mode 100644 src/main/java/net/schmizz/sshj/ConfigImpl.java
 create mode 100644 src/main/java/net/schmizz/sshj/DefaultConfig.java
 create mode 100644 src/main/java/net/schmizz/sshj/SSHClient.java
 create mode 100644 src/main/java/net/schmizz/sshj/Service.java
 create mode 100644 src/main/java/net/schmizz/sshj/SocketClient.java
 create mode 100644 src/main/java/net/schmizz/sshj/common/Base64.java
 create mode 100644 src/main/java/net/schmizz/sshj/common/Buffer.java
 create mode 100644 src/main/java/net/schmizz/sshj/common/ByteArrayUtils.java
 create mode 100644 src/main/java/net/schmizz/sshj/common/DisconnectReason.java
 create mode 100644 src/main/java/net/schmizz/sshj/common/ErrorNotifiable.java
 create mode 100644 src/main/java/net/schmizz/sshj/common/Factory.java
 create mode 100644 src/main/java/net/schmizz/sshj/common/IOUtils.java
 create mode 100644 src/main/java/net/schmizz/sshj/common/KeyType.java
 create mode 100644 src/main/java/net/schmizz/sshj/common/Message.java
 create mode 100644 src/main/java/net/schmizz/sshj/common/SSHException.java
 create mode 100644 src/main/java/net/schmizz/sshj/common/SSHPacket.java
 create mode 100644 src/main/java/net/schmizz/sshj/common/SSHPacketHandler.java
 create mode 100644 src/main/java/net/schmizz/sshj/common/SSHRuntimeException.java
 create mode 100644 src/main/java/net/schmizz/sshj/common/SecurityUtils.java
 create mode 100644 src/main/java/net/schmizz/sshj/common/StreamCopier.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/Connection.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/ConnectionException.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/ConnectionProtocol.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/AbstractChannel.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/Channel.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/ChannelInputStream.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/ChannelOutputStream.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/OpenFailException.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/Window.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/direct/AbstractDirectChannel.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/direct/LocalPortForwarder.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/direct/PTYMode.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/direct/Session.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/direct/SessionChannel.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/direct/SessionFactory.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/direct/Signal.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/forwarded/AbstractForwardedChannel.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/forwarded/AbstractForwardedChannelOpener.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/forwarded/ConnectListener.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/forwarded/ForwardedChannelOpener.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/forwarded/RemotePortForwarder.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/forwarded/SocketForwardingConnectListener.java
 create mode 100644 src/main/java/net/schmizz/sshj/connection/channel/forwarded/X11Forwarder.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/FileAttributes.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/FileMode.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/OpenMode.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/PacketReader.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/PacketType.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/PathComponents.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/PathHelper.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/RandomAccessRemoteFile.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/RemoteDirectory.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/RemoteFile.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/RemoteResource.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/RemoteResourceFilter.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/RemoteResourceInfo.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/Request.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/Requester.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/Response.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/SFTPClient.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/SFTPEngine.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/SFTPException.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/SFTPFileTransfer.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/SFTPPacket.java
 create mode 100644 src/main/java/net/schmizz/sshj/sftp/StatefulSFTPClient.java
 create mode 100644 src/main/java/net/schmizz/sshj/signature/AbstractSignature.java
 create mode 100644 src/main/java/net/schmizz/sshj/signature/Signature.java
 create mode 100644 src/main/java/net/schmizz/sshj/signature/SignatureDSA.java
 create mode 100644 src/main/java/net/schmizz/sshj/signature/SignatureRSA.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/Converter.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/Decoder.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/Encoder.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/Heartbeater.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/KeyExchanger.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/NegotiatedAlgorithms.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/Proposal.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/Reader.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/Transport.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/TransportException.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/TransportProtocol.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/cipher/AES128CBC.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/cipher/AES128CTR.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/cipher/AES192CBC.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/cipher/AES192CTR.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/cipher/AES256CBC.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/cipher/AES256CTR.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/cipher/BaseCipher.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/cipher/BlowfishCBC.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/cipher/Cipher.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/cipher/NoneCipher.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/cipher/TripleDESCBC.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/compression/Compression.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/compression/DelayedZlibCompression.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/compression/NoneCompression.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/compression/ZlibCompression.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/digest/BaseDigest.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/digest/Digest.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/digest/MD5.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/digest/SHA1.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/kex/DH.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/kex/DHG1.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/kex/DHG14.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/kex/DHGroupData.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/kex/KeyExchange.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/mac/BaseMAC.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/mac/HMACMD5.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/mac/HMACMD596.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/mac/HMACSHA1.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/mac/HMACSHA196.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/mac/MAC.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/random/BouncyCastleRandom.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/random/JCERandom.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/random/Random.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/random/SingletonRandomFactory.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/verification/ConsoleHostKeyVerifier.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/verification/HostKeyVerifier.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/verification/InsecureAccepter.java
 create mode 100644 src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/AuthParams.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/UserAuth.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/UserAuthException.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/UserAuthProtocol.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/keyprovider/FileKeyProvider.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyPairWrapper.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyProvider.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyProviderUtil.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/keyprovider/OpenSSHKeyFile.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/method/AbstractAuthMethod.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/method/AuthHostbased.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/method/AuthMethod.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/method/AuthNone.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/method/AuthPassword.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/method/AuthPublickey.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/method/KeyedAuthMethod.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/password/AccountResource.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/password/PasswordFinder.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/password/PasswordUtils.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/password/PrivateKeyFileResource.java
 create mode 100644 src/main/java/net/schmizz/sshj/userauth/password/Resource.java
 create mode 100644 src/main/java/net/schmizz/sshj/xfer/AbstractFileTransfer.java
 create mode 100644 src/main/java/net/schmizz/sshj/xfer/DefaultModeGetter.java
 create mode 100644 src/main/java/net/schmizz/sshj/xfer/DefaultModeSetter.java
 create mode 100644 src/main/java/net/schmizz/sshj/xfer/FilePermission.java
 create mode 100644 src/main/java/net/schmizz/sshj/xfer/FileTransfer.java
 create mode 100644 src/main/java/net/schmizz/sshj/xfer/FileTransferUtil.java
 create mode 100644 src/main/java/net/schmizz/sshj/xfer/ModeGetter.java
 create mode 100644 src/main/java/net/schmizz/sshj/xfer/ModeSetter.java
 create mode 100644 src/main/java/net/schmizz/sshj/xfer/scp/SCPDownloadClient.java
 create mode 100644 src/main/java/net/schmizz/sshj/xfer/scp/SCPEngine.java
 create mode 100644 src/main/java/net/schmizz/sshj/xfer/scp/SCPException.java
 create mode 100644 src/main/java/net/schmizz/sshj/xfer/scp/SCPFileTransfer.java
 create mode 100644 src/main/java/net/schmizz/sshj/xfer/scp/SCPUploadClient.java
 create mode 100644 src/test/java/net/schmizz/sshj/SmokeTest.java
 create mode 100644 src/test/java/net/schmizz/sshj/keyprovider/OpenSSHKeyFileTest.java
 create mode 100644 src/test/java/net/schmizz/sshj/keyprovider/PKCS8KeyFileTest.java
 create mode 100644 src/test/java/net/schmizz/sshj/transport/verification/KnownHostsTest.java
 create mode 100644 src/test/java/net/schmizz/sshj/util/BogusPasswordAuthenticator.java
 create mode 100644 src/test/java/net/schmizz/sshj/util/BufferTest.java
 create mode 100644 src/test/java/net/schmizz/sshj/util/KeyUtil.java
 create mode 100644 src/test/resources/hostkey.pem
 create mode 100644 src/test/resources/id_dsa
 create mode 100644 src/test/resources/id_dsa.pub
 create mode 100644 src/test/resources/id_rsa
 create mode 100644 src/test/resources/id_rsa.pub
 create mode 100644 src/test/resources/known_hosts

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 00000000..d6456956
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/NOTICE b/NOTICE
new file mode 100644
index 00000000..c6955c3d
--- /dev/null
+++ b/NOTICE
@@ -0,0 +1,8 @@
+sshj - SSH library and client
+Copyright 2010 Shikhar Bhushan
+
+This product includes code derived from software developed at 
+The Apache Software Foundation (http://www.apache.org/):
+
+- Apache MINA SSHD
+- Apache Commons-Net
diff --git a/README b/README
new file mode 100644
index 00000000..5d759618
--- /dev/null
+++ b/README
@@ -0,0 +1,9 @@
+sshj - SSHv2 library for Java
+==============================
+
+Required:
+* slf4j
+
+Optional:
+* bouncycastle for using high-strength ciphers and for reading openssh private key files
+* jzlib for using zlib compression
diff --git a/buildfile b/buildfile
new file mode 100644
index 00000000..6156c6af
--- /dev/null
+++ b/buildfile
@@ -0,0 +1,27 @@
+require 'buildr/scala'
+
+repositories.remote << 'http://www.ibiblio.org/maven2/'
+
+# Dependencies
+SLF4J = 'org.slf4j:slf4j-api:jar:1.5.10'
+SLF4J_LOG4J = 'org.slf4j:slf4j-log4j12:jar:1.5.10'
+LOG4J = 'log4j:log4j:jar:1.2.15'
+SSHD = transitive('org.apache.sshd:sshd-core:jar:0.3.0')
+JCRAFT = 'com.jcraft:jzlib:jar:1.0.7'
+BC = 'org.bouncycastle:bcprov-jdk16:jar:1.45'
+
+desc 'SSHv2 library for Java'
+define 'sshj', :version=>'0.1.0', :group=>'sshj' do
+    
+    shell.using :scala
+    
+    compile.with SLF4J, LOG4J, SLF4J_LOG4J, BC, JCRAFT
+
+    test.with SSHD, LOG4J, SLF4J, SLF4J_LOG4J
+    
+    package(:jar).exclude('**/examples/*')
+    package(:sources).exclude('**/examples/*')
+    package(:javadoc).exclude('**/examples/*')
+    package(:zip, :classifier=>'examples').path('examples').include(_('**/examples/*.{java,class}'))
+    
+end
diff --git a/src/main/java/examples/Exec.java b/src/main/java/examples/Exec.java
new file mode 100644
index 00000000..6096d714
--- /dev/null
+++ b/src/main/java/examples/Exec.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package examples;
+
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.connection.channel.direct.Session.Command;
+
+/** This examples demonstrates how a remote command can be executed. */
+public class Exec {
+
+    // static {
+    // BasicConfigurator.configure(new ConsoleAppender(new PatternLayout("%d [%-15.15t] %-5p %-30.30c{1} - %m%n")));
+    // }
+
+    public static void main(String... args) throws Exception {
+        SSHClient ssh = new SSHClient();
+        ssh.loadKnownHosts();
+
+        ssh.connect("localhost");
+        try {
+
+            ssh.authPublickey(System.getProperty("user.name"));
+
+            Command cmd = ssh.startSession().exec("ping google.com -n 1");
+
+            // Pipe.pipe(cmd.getInputStream(), System.out, cmd.getLocalMaxPacketSize(), false);
+            System.out.print(cmd.getOutputAsString());
+            System.out.println("\n** exit status: " + cmd.getExitStatus());
+
+        } finally {
+            ssh.disconnect();
+        }
+    }
+
+}
diff --git a/src/main/java/examples/LocalPF.java b/src/main/java/examples/LocalPF.java
new file mode 100644
index 00000000..0a24f3ce
--- /dev/null
+++ b/src/main/java/examples/LocalPF.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package examples;
+
+import net.schmizz.sshj.SSHClient;
+
+import java.net.InetSocketAddress;
+
+/**
+ * This example demonstrates local port forwarding, i.e. when we listen on a particular address and port; and forward
+ * all incoming connections to SSH server which further forwards them to a specified address and port.
+ */
+public class LocalPF {
+
+    // static
+    // {
+    // BasicConfigurator.configure(new ConsoleAppender(new PatternLayout("%d [%-15.15t] %-5p %-30.30c{1} - %m%n")));
+    // }
+
+    public static void main(String... args) throws Exception {
+        SSHClient ssh = new SSHClient();
+
+        ssh.loadKnownHosts();
+
+        ssh.connect("localhost");
+        try {
+
+            ssh.authPublickey(System.getProperty("user.name"));
+
+            /*
+            * _We_ listen on localhost:8080 and forward all connections on to server, which then forwards it to
+            * google.com:80
+            */
+
+            ssh.newLocalPortForwarder(new InetSocketAddress("localhost", 8080), "google.com", 80).listen();
+
+        } finally {
+            ssh.disconnect();
+        }
+    }
+
+}
diff --git a/src/main/java/examples/MTTest.java b/src/main/java/examples/MTTest.java
new file mode 100644
index 00000000..3fd2e290
--- /dev/null
+++ b/src/main/java/examples/MTTest.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package examples;
+
+import net.schmizz.sshj.SSHClient;
+import org.apache.log4j.BasicConfigurator;
+import org.apache.log4j.ConsoleAppender;
+import org.apache.log4j.PatternLayout;
+
+/** This example demonstrates uploading of a file over SCP to the SSH server. */
+public class MTTest {
+
+    static {
+        BasicConfigurator.configure(new ConsoleAppender(new PatternLayout("%d [%-15.15t] %-5p %-30.30c{1} - %m%n")));
+    }
+
+    public static void main(String[] args) throws Exception {
+        final SSHClient ssh = new SSHClient();
+        ssh.loadKnownHosts();
+        ssh.connect("localhost");
+        try {
+            ssh.authPublickey(System.getProperty("user.name"));
+
+            new Thread() {
+                @Override
+                public void run() {
+                    try {
+                        Thread.sleep(1000);
+                        // Compression = significant speedup for large file transfers on fast links
+                        // present here to demo algorithm renegotiation - could have just put this before connect()
+                        ssh.useCompression();
+                    } catch (Exception ex) {
+                        throw new RuntimeException(ex);
+                    }
+                }
+            }.start();
+
+            ssh.newSCPFileTransfer().upload("/Users/shikhar/well", "/tmp/");
+        } finally {
+            ssh.disconnect();
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/examples/RemotePF.java b/src/main/java/examples/RemotePF.java
new file mode 100644
index 00000000..868130f8
--- /dev/null
+++ b/src/main/java/examples/RemotePF.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package examples;
+
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.connection.channel.forwarded.RemotePortForwarder.Forward;
+import net.schmizz.sshj.connection.channel.forwarded.SocketForwardingConnectListener;
+import org.apache.log4j.BasicConfigurator;
+import org.apache.log4j.ConsoleAppender;
+import org.apache.log4j.PatternLayout;
+
+import java.net.InetSocketAddress;
+
+/**
+ * This example demonstrates remote port forwarding i.e. when the remote host is made to listen on a specific address
+ * and port; and forwards us incoming connections.
+ */
+public class RemotePF {
+
+    static {
+        BasicConfigurator.configure(new ConsoleAppender(new PatternLayout("%d [%-15.15t] %-5p %-30.30c{1} - %m%n")));
+    }
+
+    public static void main(String... args) throws Exception {
+        SSHClient client = new SSHClient();
+        client.loadKnownHosts();
+
+        client.connect("localhost");
+        try {
+
+            client.authPublickey(System.getProperty("user.name"));
+
+            /*
+            * We make _server_ listen on port 8080, which forwards all connections to us as a channel, and we further
+            * forward all such channels to google.com:80
+            */
+            client.getRemotePortForwarder().bind(new Forward(8080), //
+                    new SocketForwardingConnectListener(new InetSocketAddress("google.com", 80)));
+
+            client.getTransport().setHeartbeatInterval(30);
+            // Something to hang on to so that the forwarding stays
+            client.getTransport().join();
+
+        } finally {
+            client.disconnect();
+        }
+    }
+
+}
diff --git a/src/main/java/examples/RudimentaryPTY.java b/src/main/java/examples/RudimentaryPTY.java
new file mode 100644
index 00000000..9b62c5f2
--- /dev/null
+++ b/src/main/java/examples/RudimentaryPTY.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package examples;
+
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.common.StreamCopier;
+import net.schmizz.sshj.connection.channel.direct.Session;
+import net.schmizz.sshj.connection.channel.direct.Session.Shell;
+import net.schmizz.sshj.transport.verification.ConsoleHostKeyVerifier;
+import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
+
+import java.io.File;
+import java.io.IOException;
+
+/** A very rudimentary psuedo-terminal based on console I/O. */
+class RudimentaryPTY {
+
+//    static {
+//        BasicConfigurator.configure(new ConsoleAppender(new PatternLayout("%d [%-15.15t] %-5p %-30.30c{1} - %m%n")));
+//    }
+
+    public static void main(String... args) throws IOException {
+
+        final SSHClient ssh = new SSHClient();
+
+        ssh.addHostKeyVerifier(new ConsoleHostKeyVerifier(new File(OpenSSHKnownHosts.detectSSHDir(), "known_hosts"), System.console()));
+
+        ssh.connect("localhost");
+
+        Shell shell = null;
+
+        try {
+
+            ssh.authPublickey(System.getProperty("user.name"));
+
+            final Session session = ssh.startSession();
+            session.allocateDefaultPTY();
+
+            shell = session.startShell();
+
+            new StreamCopier("stdout", shell.getInputStream(), System.out)
+                    .bufSize(shell.getLocalMaxPacketSize())
+                    .start();
+
+            new StreamCopier("stderr", shell.getErrorStream(), System.err)
+                    .bufSize(shell.getLocalMaxPacketSize())
+                    .start();
+
+            // Now make System.in act as stdin. To exit, hit Ctrl+D (since that results in an EOF on System.in)
+            // This is kinda messy because java only allows console input after you hit return
+            // But this is just an example... a GUI app could implement a proper PTY
+            StreamCopier.copy(System.in, shell.getOutputStream(), shell.getRemoteMaxPacketSize(), true);
+
+        } finally {
+
+            if (shell != null)
+                shell.close();
+
+            ssh.disconnect();
+        }
+    }
+
+}
diff --git a/src/main/java/examples/SCPDownload.java b/src/main/java/examples/SCPDownload.java
new file mode 100644
index 00000000..52e3d15b
--- /dev/null
+++ b/src/main/java/examples/SCPDownload.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package examples;
+
+import net.schmizz.sshj.SSHClient;
+import org.apache.log4j.BasicConfigurator;
+import org.apache.log4j.ConsoleAppender;
+import org.apache.log4j.PatternLayout;
+
+/** This example demonstrates downloading of a file over SCP from the SSH server. */
+public class SCPDownload {
+
+    static {
+        BasicConfigurator.configure(new ConsoleAppender(new PatternLayout("%d [%-15.15t] %-5p %-30.30c{1} - %m%n")));
+    }
+
+    public static void main(String[] args) throws Exception {
+        SSHClient ssh = new SSHClient();
+        // ssh.useCompression(); // => significant speedup for large file transfers on fast links
+        ssh.loadKnownHosts();
+        ssh.connect("localhost");
+        try {
+            ssh.authPublickey(System.getProperty("user.name"));
+            ssh.newSCPFileTransfer().download("well", "/tmp/");
+        } finally {
+            ssh.disconnect();
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/examples/SCPUpload.java b/src/main/java/examples/SCPUpload.java
new file mode 100644
index 00000000..c2965fb2
--- /dev/null
+++ b/src/main/java/examples/SCPUpload.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package examples;
+
+import net.schmizz.sshj.SSHClient;
+import org.apache.log4j.BasicConfigurator;
+import org.apache.log4j.ConsoleAppender;
+import org.apache.log4j.PatternLayout;
+
+/** This example demonstrates uploading of a file over SCP to the SSH server. */
+public class SCPUpload {
+
+    static {
+        BasicConfigurator.configure(new ConsoleAppender(new PatternLayout("%d [%-15.15t] %-5p %-30.30c{1} - %m%n")));
+    }
+
+    public static void main(String[] args) throws Exception {
+        SSHClient ssh = new SSHClient();
+        ssh.loadKnownHosts();
+        ssh.connect("localhost");
+        try {
+            ssh.authPublickey(System.getProperty("user.name"));
+
+            // Compression = significant speedup for large file transfers on fast links
+            // present here to demo algorithm renegotiation - could have just put this before connect()
+            ssh.useCompression();
+
+            ssh.newSCPFileTransfer().upload("/Users/shikhar/well", "/tmp/");
+        } finally {
+            ssh.disconnect();
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/examples/SFTPDownload.java b/src/main/java/examples/SFTPDownload.java
new file mode 100644
index 00000000..fa1321e1
--- /dev/null
+++ b/src/main/java/examples/SFTPDownload.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package examples;
+
+import net.schmizz.sshj.SSHClient;
+import org.apache.log4j.BasicConfigurator;
+import org.apache.log4j.ConsoleAppender;
+import org.apache.log4j.PatternLayout;
+
+/** This example demonstrates downloading of a file over SFTP from the SSH server. */
+public class SFTPDownload {
+
+    static {
+        BasicConfigurator.configure(new ConsoleAppender(new PatternLayout("%d [%-15.15t] %-5p %-30.30c{1} - %m%n")));
+    }
+
+    public static void main(String[] args) throws Exception {
+        SSHClient ssh = new SSHClient();
+        ssh.loadKnownHosts();
+        ssh.connect("localhost");
+        try {
+            ssh.authPublickey(System.getProperty("user.name"));
+            ssh.newSFTPClient().get("well", "/tmp/");
+        } finally {
+            ssh.disconnect();
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/examples/SFTPUpload.java b/src/main/java/examples/SFTPUpload.java
new file mode 100644
index 00000000..545b3a87
--- /dev/null
+++ b/src/main/java/examples/SFTPUpload.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package examples;
+
+import net.schmizz.sshj.SSHClient;
+
+/** This example demonstrates uploading of a file over SFTP to the SSH server. */
+public class SFTPUpload {
+
+    // static
+    // {
+    // BasicConfigurator.configure(new ConsoleAppender(new PatternLayout("%d [%-15.15t] %-5p %-30.30c{1} - %m%n")));
+    // }
+
+    public static void main(String[] args) throws Exception {
+        SSHClient ssh = new SSHClient();
+        ssh.loadKnownHosts();
+        ssh.connect("localhost");
+        try {
+            ssh.authPublickey(System.getProperty("user.name"));
+            ssh.newSFTPClient().put("/Users/shikhar/well", "/tmp/");
+        } finally {
+            ssh.disconnect();
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/examples/X11.java b/src/main/java/examples/X11.java
new file mode 100644
index 00000000..5186c2ed
--- /dev/null
+++ b/src/main/java/examples/X11.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package examples;
+
+import net.schmizz.sshj.SSHClient;
+import net.schmizz.sshj.common.StreamCopier;
+import net.schmizz.sshj.connection.channel.direct.Session;
+import net.schmizz.sshj.connection.channel.direct.Session.Command;
+import net.schmizz.sshj.connection.channel.forwarded.SocketForwardingConnectListener;
+
+import java.net.InetSocketAddress;
+
+/** This example demonstrates how forwarding X11 connections from a remote host can be accomplished. */
+public class X11 {
+
+    // static {
+    // BasicConfigurator.configure(new ConsoleAppender(new PatternLayout("%d [%-15.15t] %-5p %-30.30c{1} - %m%n")));
+    // }
+
+    public static void main(String... args) throws Exception {
+        SSHClient ssh = new SSHClient();
+
+        // Compression makes X11 more feasible over slower connections
+        // ssh.useCompression();
+
+        ssh.loadKnownHosts();
+
+        /*
+        * NOTE: Forwarding incoming X connections to localhost:6000 only works if X is started without the
+        * "-nolisten tcp" option (this is usually not the default for good reason)
+        */
+        ssh.registerX11Forwarder(new SocketForwardingConnectListener(new InetSocketAddress("localhost", 6000)));
+
+        ssh.connect("localhost");
+        try {
+
+            ssh.authPublickey(System.getProperty("user.name"));
+
+            Session sess = ssh.startSession();
+
+            /*
+            * It is recommendable to send a fake cookie, and in your ConnectListener when a connection comes in replace
+            * it with the real one. But here simply one from `xauth list` is being used.
+            */
+            sess.reqX11Forwarding("MIT-MAGIC-COOKIE-1", "b0956167c9ad8f34c8a2788878307dc9", 0);
+
+            Command cmd = sess.exec("mate");
+
+            new StreamCopier("stdout", cmd.getInputStream(), System.out).start();
+            new StreamCopier("stderr", cmd.getErrorStream(), System.err).start();
+
+            // Wait for session & X11 channel to get closed
+            ssh.getConnection().join();
+
+        } finally {
+            ssh.disconnect();
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/concurrent/Event.java b/src/main/java/net/schmizz/concurrent/Event.java
new file mode 100644
index 00000000..a3f00510
--- /dev/null
+++ b/src/main/java/net/schmizz/concurrent/Event.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.concurrent;
+
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.locks.ReentrantLock;
+
+/*
+ * Syntactic sugar around Future
+ */
+
+/**
+ * A kind of {@link Future} that caters to boolean values.
+ * <p/>
+ * An event can be set, cleared, or awaited, similar to Python's {@code threading.event}. The key difference is that a
+ * waiter may be delivered an exception of parameterized type {@code T}. Furthermore, an event {@link #isSet()} when it
+ * is not {@code null} i.e. it can be either {@code true} or {@code false} when set.
+ *
+ * @see Future
+ */
+public class Event<T extends Exception> extends Future<Boolean, T> {
+
+    /**
+     * Creates this event with given {@code name} and exception {@code chainer}. Allocates a new {@link
+     * java.util.concurrent.locks.Lock Lock} object for this event.
+     *
+     * @param name    name of this event
+     * @param chainer {@link ExceptionChainer} that will be used for chaining exceptions
+     */
+    public Event(String name, ExceptionChainer<T> chainer) {
+        super(name, chainer);
+    }
+
+    /**
+     * Creates this event with given {@code name}, exception {@code chainer}, and associated {@code lock}.
+     *
+     * @param name    name of this event
+     * @param chainer {@link ExceptionChainer} that will be used for chaining exceptions
+     * @param lock    lock to use
+     */
+    public Event(String name, ExceptionChainer<T> chainer, ReentrantLock lock) {
+        super(name, chainer, lock);
+    }
+
+    /** Sets this event to be {@code true}. Short for {@code set(true)}. */
+    public void set() {
+        super.set(true);
+    }
+
+    /**
+     * Await this event to have a definite {@code true} or {@code false} value.
+     *
+     * @throws T if another thread meanwhile informs this event of an error
+     */
+    public void await() throws T {
+        super.get();
+    }
+
+    /**
+     * Await this event to have a definite {@code true} or {@code false} value, for {@code timeout} seconds.
+     *
+     * @param timeout timeout in seconds
+     * @param unit
+     *
+     * @throws T if another thread meanwhile informs this event of an error, or timeout expires
+     */
+    public void await(long timeout, TimeUnit unit) throws T {
+        super.get(timeout, unit);
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/concurrent/ExceptionChainer.java b/src/main/java/net/schmizz/concurrent/ExceptionChainer.java
new file mode 100644
index 00000000..6ca58486
--- /dev/null
+++ b/src/main/java/net/schmizz/concurrent/ExceptionChainer.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.concurrent;
+
+/**
+ * Chains an exception to desired type. For example: </p>
+ * <p/>
+ * <pre>
+ * ExceptionChainer&lt;SomeException&gt; chainer = new ExceptionChainer&lt;SomeException&gt;()
+ * {
+ *     public SomeException chain(Throwable t)
+ *     {
+ *         if (t instanceof SomeException)
+ *             return (SomeException) t;
+ *         else
+ *             return new SomeExcepion(t);
+ *     }
+ * };
+ * </pre>
+ *
+ * @param <Z> Throwable type
+ */
+public interface ExceptionChainer<Z extends Throwable> {
+
+    Z chain(Throwable t);
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/concurrent/Future.java b/src/main/java/net/schmizz/concurrent/Future.java
new file mode 100644
index 00000000..3148de5d
--- /dev/null
+++ b/src/main/java/net/schmizz/concurrent/Future.java
@@ -0,0 +1,204 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.concurrent;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+import java.util.concurrent.locks.Condition;
+import java.util.concurrent.locks.ReentrantLock;
+
+/**
+ * Represents future data of the parameterized type {@code V} and allows waiting on it. An exception may also be
+ * delivered to a waiter, and will be of the parameterized type {@code T}.
+ * <p/>
+ * For atomic operations on a future, e.g. checking if a value is set and if it is not then setting it - in other words,
+ * Compare-And-Set type operations - the associated lock for the future should be acquired while doing so.
+ */
+public class Future<V, T extends Exception> {
+
+    private final Logger log;
+
+    private final ExceptionChainer<T> chainer;
+    private final ReentrantLock lock;
+    private final Condition cond;
+
+    private V val;
+    private T pendingEx;
+
+    /**
+     * Creates this future with given {@code name} and exception {@code chainer}. Allocates a new {@link
+     * java.util.concurrent.locks.Lock lock} object for this future.
+     *
+     * @param name    name of this future
+     * @param chainer {@link ExceptionChainer} that will be used for chaining exceptions
+     */
+    public Future(String name, ExceptionChainer<T> chainer) {
+        this(name, chainer, null);
+    }
+
+    /**
+     * Creates this future with given {@code name}, exception {@code chainer}, and associated {@code lock}.
+     *
+     * @param name    name of this future
+     * @param chainer {@link ExceptionChainer} that will be used for chaining exceptions
+     * @param lock    lock to use
+     */
+    public Future(String name, ExceptionChainer<T> chainer, ReentrantLock lock) {
+        this.log = LoggerFactory.getLogger("<< " + name + " >>");
+        this.chainer = chainer;
+        this.lock = lock == null ? new ReentrantLock() : lock;
+        this.cond = this.lock.newCondition();
+    }
+
+    /**
+     * Set this future's value to {@code val}. Any waiters will be delivered this value.
+     *
+     * @param val the value
+     */
+    public void set(V val) {
+        lock();
+        try {
+            log.debug("Setting to `{}`", val);
+            this.val = val;
+            cond.signalAll();
+        } finally {
+            unlock();
+        }
+    }
+
+    /**
+     * Queues error that will be thrown in any waiting thread or any thread that attempts to wait on this future
+     * hereafter.
+     *
+     * @param e the error
+     */
+    public void error(Exception e) {
+        lock();
+        try {
+            pendingEx = chainer.chain(e);
+            cond.signalAll();
+        } finally {
+            unlock();
+        }
+    }
+
+    /** Clears this future by setting its value and queued exception to {@code null}. */
+    public void clear() {
+        lock();
+        try {
+            pendingEx = null;
+            set(null);
+        } finally {
+            unlock();
+        }
+    }
+
+    /**
+     * Wait indefinitely for this future's value to be set.
+     *
+     * @return the value
+     *
+     * @throws T in case another thread informs the future of an error meanwhile
+     */
+    public V get() throws T {
+        return get(0, TimeUnit.SECONDS);
+    }
+
+    /**
+     * Wait for {@code timeout} seconds for this future's value to be set.
+     *
+     * @param timeout the timeout in seconds
+     * @param unit
+     *
+     * @return the value
+     *
+     * @throws T in case another thread informs the future of an error meanwhile, or the timeout expires
+     */
+    public V get(long timeout, TimeUnit unit) throws T {
+        lock();
+        try {
+            if (pendingEx != null)
+                throw pendingEx;
+            if (val != null)
+                return val;
+            log.debug("Awaiting");
+            while (val == null && pendingEx == null)
+                if (timeout == 0)
+                    cond.await();
+                else if (!cond.await(timeout, unit))
+                    throw chainer.chain(new TimeoutException("Timeout expired"));
+            if (pendingEx != null) {
+                log.error("Woke to: {}", pendingEx.toString());
+                throw pendingEx;
+            }
+            return val;
+        } catch (InterruptedException ie) {
+            throw chainer.chain(ie);
+        } finally {
+            unlock();
+        }
+    }
+
+    /** @return Whether this future has a value set, and no error waiting to pop. */
+    public boolean isSet() {
+        lock();
+        try {
+            return pendingEx == null && val != null;
+        } finally {
+            unlock();
+        }
+    }
+
+    /** @return Whether this future currently has an error set. */
+    public boolean hasError() {
+        lock();
+        try {
+            return pendingEx != null;
+        } finally {
+            unlock();
+        }
+    }
+
+    /** @return Whether this future has threads waiting on it. */
+    public boolean hasWaiters() {
+        lock();
+        try {
+            return lock.hasWaiters(cond);
+        } finally {
+            unlock();
+        }
+    }
+
+    /**
+     * Lock using the associated lock. Use as part of a {@code try-finally} construct in conjunction with {@link
+     * #unlock()}.
+     */
+    public void lock() {
+        lock.lock();
+    }
+
+    /**
+     * Unlock using the associated lock. Use as part of a {@code try-finally} construct in conjunction with {@link
+     * #lock()}.
+     */
+    public void unlock() {
+        lock.unlock();
+    }
+
+}
diff --git a/src/main/java/net/schmizz/concurrent/FutureUtils.java b/src/main/java/net/schmizz/concurrent/FutureUtils.java
new file mode 100644
index 00000000..dce60e5b
--- /dev/null
+++ b/src/main/java/net/schmizz/concurrent/FutureUtils.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.concurrent;
+
+import java.util.Collection;
+
+public class FutureUtils {
+
+    public static void alertAll(Exception x, Future... futures) {
+        for (Future f : futures)
+            f.error(x);
+    }
+
+    public static void alertAll(Exception x, Collection<? extends Future> futures) {
+        for (Future f : futures)
+            f.error(x);
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/AbstractService.java b/src/main/java/net/schmizz/sshj/AbstractService.java
new file mode 100644
index 00000000..0a452c57
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/AbstractService.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj;
+
+import net.schmizz.sshj.common.DisconnectReason;
+import net.schmizz.sshj.common.Message;
+import net.schmizz.sshj.common.SSHException;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.transport.Transport;
+import net.schmizz.sshj.transport.TransportException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/** An abstract class for {@link Service} that implements common or default functionality. */
+public abstract class AbstractService implements Service {
+
+    /** Logger */
+    protected final Logger log = LoggerFactory.getLogger(getClass());
+
+    /** Assigned name of this service */
+    protected final String name;
+    /** Transport layer */
+    protected final Transport trans;
+    /** Timeout for blocking operations */
+    protected int timeout;
+
+    public AbstractService(String name, Transport trans) {
+        this.name = name;
+        this.trans = trans;
+        timeout = trans.getTimeout();
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public int getTimeout() {
+        return this.timeout;
+    }
+
+    public void handle(Message msg, SSHPacket buf) throws SSHException {
+        trans.sendUnimplemented();
+    }
+
+    public void notifyError(SSHException error) {
+        log.debug("Was notified of {}", error.toString());
+    }
+
+    public void notifyUnimplemented(long seqNum) throws SSHException {
+        throw new SSHException(DisconnectReason.PROTOCOL_ERROR, "Unexpected: SSH_MSG_UNIMPLEMENTED");
+    }
+
+    public void request() throws TransportException {
+        final Service active = trans.getService();
+        if (!equals(active))
+            if (name.equals(active.getName()))
+                trans.setService(this);
+            else
+                trans.reqService(this);
+    }
+
+    public void setTimeout(int timeout) {
+        this.timeout = timeout;
+    }
+
+    public void notifyDisconnect() throws SSHException {
+        log.debug("Was notified of disconnect");
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/Config.java b/src/main/java/net/schmizz/sshj/Config.java
new file mode 100644
index 00000000..a0b56b4d
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/Config.java
@@ -0,0 +1,145 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj;
+
+import net.schmizz.sshj.common.Factory;
+import net.schmizz.sshj.signature.Signature;
+import net.schmizz.sshj.transport.cipher.Cipher;
+import net.schmizz.sshj.transport.compression.Compression;
+import net.schmizz.sshj.transport.kex.KeyExchange;
+import net.schmizz.sshj.transport.mac.MAC;
+import net.schmizz.sshj.transport.random.Random;
+import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
+
+import java.util.List;
+
+/**
+ * Holds configuration information and factories. Acts a container for factories of {@link KeyExchange}, {@link Cipher},
+ * {@link Compression}, {@link MAC}, {@link Signature}, {@link Random}, and {@link FileKeyProvider}.
+ */
+public interface Config {
+    /**
+     * Retrieve the list of named factories for {@code Cipher}.
+     *
+     * @return a list of named {@code Cipher} factories
+     */
+    List<Factory.Named<Cipher>> getCipherFactories();
+
+    /**
+     * Retrieve the list of named factories for {@code Compression}.
+     *
+     * @return a list of named {@code Compression} factories
+     */
+    List<Factory.Named<Compression>> getCompressionFactories();
+
+    /**
+     * Retrieve the list of named factories for {@code FileKeyProvider}.
+     *
+     * @return a list of named {@code FileKeyProvider} factories
+     */
+    List<Factory.Named<FileKeyProvider>> getFileKeyProviderFactories();
+
+    /**
+     * Retrieve the list of named factories for <code>KeyExchange</code>.
+     *
+     * @return a list of named <code>KeyExchange</code> factories
+     */
+    List<Factory.Named<KeyExchange>> getKeyExchangeFactories();
+
+    /**
+     * Retrieve the list of named factories for <code>MAC</code>.
+     *
+     * @return a list of named <code>MAC</code> factories
+     */
+    List<Factory.Named<MAC>> getMACFactories();
+
+    /**
+     * Retrieve the {@link net.schmizz.sshj.transport.random.Random} factory.
+     *
+     * @return the {@link net.schmizz.sshj.transport.random.Random} factory
+     */
+    Factory<Random> getRandomFactory();
+
+    /**
+     * Retrieve the list of named factories for {@link net.schmizz.sshj.signature.Signature}
+     *
+     * @return a list of named {@link net.schmizz.sshj.signature.Signature} factories
+     */
+    List<Factory.Named<Signature>> getSignatureFactories();
+
+    /**
+     * Returns the software version information for identification during SSH connection initialization. For example,
+     * {@code "NET_3_0"}.
+     */
+    String getVersion();
+
+    /**
+     * Set the named factories for {@link net.schmizz.sshj.transport.cipher.Cipher}.
+     *
+     * @param cipherFactories a list of named factories
+     */
+    void setCipherFactories(List<Factory.Named<Cipher>> cipherFactories);
+
+    /**
+     * Set the named factories for {@link net.schmizz.sshj.transport.compression.Compression}.
+     *
+     * @param compressionFactories a list of named factories
+     */
+    void setCompressionFactories(List<Factory.Named<Compression>> compressionFactories);
+
+    /**
+     * Set the named factories for {@link net.schmizz.sshj.userauth.keyprovider.FileKeyProvider}.
+     *
+     * @param fileKeyProviderFactories a list of named factories
+     */
+    void setFileKeyProviderFactories(List<Factory.Named<FileKeyProvider>> fileKeyProviderFactories);
+
+    /**
+     * Set the named factories for {@link net.schmizz.sshj.transport.kex.KeyExchange}.
+     *
+     * @param kexFactories a list of named factories
+     */
+    void setKeyExchangeFactories(List<Factory.Named<KeyExchange>> kexFactories);
+
+    /**
+     * Set the named factories for {@link net.schmizz.sshj.transport.mac.MAC}.
+     *
+     * @param macFactories a list of named factories
+     */
+    void setMACFactories(List<Factory.Named<MAC>> macFactories);
+
+    /**
+     * Set the factory for {@link net.schmizz.sshj.transport.random.Random}.
+     *
+     * @param randomFactory the factory
+     */
+    void setRandomFactory(Factory<Random> randomFactory);
+
+    /**
+     * Set the named factories for {@link net.schmizz.sshj.signature.Signature}.
+     *
+     * @param signatureFactories a list of named factories
+     */
+    void setSignatureFactories(List<Factory.Named<Signature>> signatureFactories);
+
+    /**
+     * Set the software version information for identification during SSH connection initialization. For example, {@code
+     * "NET_3_0"}.
+     *
+     * @param version software version info
+     */
+    void setVersion(String version);
+}
diff --git a/src/main/java/net/schmizz/sshj/ConfigImpl.java b/src/main/java/net/schmizz/sshj/ConfigImpl.java
new file mode 100644
index 00000000..f5a0d92d
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/ConfigImpl.java
@@ -0,0 +1,152 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj;
+
+import net.schmizz.sshj.common.Factory;
+import net.schmizz.sshj.signature.Signature;
+import net.schmizz.sshj.transport.cipher.Cipher;
+import net.schmizz.sshj.transport.compression.Compression;
+import net.schmizz.sshj.transport.kex.KeyExchange;
+import net.schmizz.sshj.transport.mac.MAC;
+import net.schmizz.sshj.transport.random.Random;
+import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
+
+import java.util.Arrays;
+import java.util.List;
+
+
+public class ConfigImpl implements Config {
+
+    private String version;
+
+    private Factory<Random> randomFactory;
+
+    private List<Factory.Named<KeyExchange>> kexFactories;
+    private List<Factory.Named<Cipher>> cipherFactories;
+    private List<Factory.Named<Compression>> compressionFactories;
+    private List<Factory.Named<MAC>> macFactories;
+    private List<Factory.Named<Signature>> signatureFactories;
+    private List<Factory.Named<FileKeyProvider>> fileKeyProviderFactories;
+
+    public List<Factory.Named<Cipher>> getCipherFactories() {
+        return cipherFactories;
+    }
+
+    public List<Factory.Named<Compression>> getCompressionFactories() {
+        return compressionFactories;
+    }
+
+    public List<Factory.Named<FileKeyProvider>> getFileKeyProviderFactories() {
+        return fileKeyProviderFactories;
+    }
+
+    public List<Factory.Named<KeyExchange>> getKeyExchangeFactories() {
+        return kexFactories;
+    }
+
+    public List<Factory.Named<MAC>> getMACFactories() {
+        return macFactories;
+    }
+
+    public Factory<Random> getRandomFactory() {
+        return randomFactory;
+    }
+
+    public List<Factory.Named<Signature>> getSignatureFactories() {
+        return signatureFactories;
+    }
+
+    public String getVersion() {
+        return version;
+    }
+
+    public void setCipherFactories(Factory.Named<Cipher>... cipherFactories) {
+        setCipherFactories(Arrays.<Factory.Named<Cipher>>asList(cipherFactories));
+    }
+
+    public void setCipherFactories(List<Factory.Named<Cipher>> cipherFactories) {
+        this.cipherFactories = cipherFactories;
+    }
+
+    public void setCompressionFactories(Factory.Named<Compression>... compressionFactories) {
+        setCompressionFactories(Arrays.<Factory.Named<Compression>>asList(compressionFactories));
+    }
+
+    public void setCompressionFactories(List<Factory.Named<Compression>> compressionFactories) {
+        this.compressionFactories = compressionFactories;
+    }
+
+    public void setFileKeyProviderFactories(Factory.Named<FileKeyProvider>... fileKeyProviderFactories) {
+        setFileKeyProviderFactories(Arrays.<Factory.Named<FileKeyProvider>>asList(fileKeyProviderFactories));
+    }
+
+    public void setFileKeyProviderFactories(List<Factory.Named<FileKeyProvider>> fileKeyProviderFactories) {
+        this.fileKeyProviderFactories = fileKeyProviderFactories;
+    }
+
+    public void setKeyExchangeFactories(Factory.Named<KeyExchange>... kexFactories) {
+        setKeyExchangeFactories(Arrays.<Factory.Named<KeyExchange>>asList(kexFactories));
+    }
+
+    public void setKeyExchangeFactories(List<Factory.Named<KeyExchange>> kexFactories) {
+        this.kexFactories = kexFactories;
+    }
+
+    public void setMACFactories(Factory.Named<MAC>... macFactories) {
+        setMACFactories(Arrays.<Factory.Named<MAC>>asList(macFactories));
+    }
+
+    public void setMACFactories(List<Factory.Named<MAC>> macFactories) {
+        this.macFactories = macFactories;
+    }
+
+    public void setRandomFactory(Factory<Random> randomFactory) {
+        this.randomFactory = randomFactory;
+    }
+
+    public void setSignatureFactories(Factory.Named<Signature>... signatureFactories) {
+        setSignatureFactories(Arrays.<Factory.Named<Signature>>asList(signatureFactories));
+    }
+
+    public void setSignatureFactories(List<Factory.Named<Signature>> signatureFactories) {
+        this.signatureFactories = signatureFactories;
+    }
+
+    public void setVersion(String version) {
+        this.version = version;
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/DefaultConfig.java b/src/main/java/net/schmizz/sshj/DefaultConfig.java
new file mode 100644
index 00000000..60b9ef49
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/DefaultConfig.java
@@ -0,0 +1,168 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+
+package net.schmizz.sshj;
+
+import net.schmizz.sshj.common.Factory;
+import net.schmizz.sshj.common.SecurityUtils;
+import net.schmizz.sshj.signature.SignatureDSA;
+import net.schmizz.sshj.signature.SignatureRSA;
+import net.schmizz.sshj.transport.cipher.AES128CBC;
+import net.schmizz.sshj.transport.cipher.AES128CTR;
+import net.schmizz.sshj.transport.cipher.AES192CBC;
+import net.schmizz.sshj.transport.cipher.AES192CTR;
+import net.schmizz.sshj.transport.cipher.AES256CBC;
+import net.schmizz.sshj.transport.cipher.AES256CTR;
+import net.schmizz.sshj.transport.cipher.BlowfishCBC;
+import net.schmizz.sshj.transport.cipher.Cipher;
+import net.schmizz.sshj.transport.cipher.TripleDESCBC;
+import net.schmizz.sshj.transport.compression.NoneCompression;
+import net.schmizz.sshj.transport.kex.DHG1;
+import net.schmizz.sshj.transport.kex.DHG14;
+import net.schmizz.sshj.transport.mac.HMACMD5;
+import net.schmizz.sshj.transport.mac.HMACMD596;
+import net.schmizz.sshj.transport.mac.HMACSHA1;
+import net.schmizz.sshj.transport.mac.HMACSHA196;
+import net.schmizz.sshj.transport.random.BouncyCastleRandom;
+import net.schmizz.sshj.transport.random.JCERandom;
+import net.schmizz.sshj.transport.random.SingletonRandomFactory;
+import net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile;
+import net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Arrays;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ * Constructor for a {@link ConfigImpl} that is initialized as follows. Items marked with an asterisk are added to the
+ * config only if BouncyCastle is in the classpath.
+ * <p/>
+ * <ul> <li>{@link ConfigImpl#setKeyExchangeFactories Key exchange}: {@link DHG14}*, {@link DHG1}</li> <li>{@link
+ * ConfigImpl#setCipherFactories Ciphers} [1]: {@link AES128CTR}, {@link AES192CTR}, {@link AES256CTR}, {@link
+ * AES128CBC}, {@link AES192CBC}, {@link AES256CBC}, {@link AES192CBC}, {@link TripleDESCBC}, {@link BlowfishCBC}</li>
+ * <li>{@link ConfigImpl#setMACFactories MAC}: {@link HMACSHA1}, {@link HMACSHA196}, {@link HMACMD5}, {@link
+ * HMACMD596}</li> <li>{@link ConfigImpl#setCompressionFactories Compression}: {@link NoneCompression}</li> <li>{@link
+ * ConfigImpl#setSignatureFactories Signature}: {@link SignatureRSA}, {@link SignatureDSA}</li> <li>{@link
+ * ConfigImpl#setRandomFactory PRNG}: {@link BouncyCastleRandom}* or {@link JCERandom}</li> <li>{@link
+ * ConfigImpl#setFileKeyProviderFactories Key file support}: {@link PKCS8KeyFile}*, {@link OpenSSHKeyFile}*</li>
+ * <li>{@link ConfigImpl#setVersion Client version}: {@code "NET_3_0"}</li> </ul>
+ * <p/>
+ * [1] It is worth noting that Sun's JRE does not have the unlimited cryptography extension enabled by default. This
+ * prevents using ciphers with strength greater than 128.
+ */
+public class DefaultConfig extends ConfigImpl {
+
+    private final Logger log = LoggerFactory.getLogger(getClass());
+
+    private static final String VERSION = "SSHJ_0_1";
+
+    public DefaultConfig() {
+        setVersion(VERSION);
+        final boolean bouncyCastleRegistered = SecurityUtils.isBouncyCastleRegistered();
+        initKeyExchangeFactories(bouncyCastleRegistered);
+        initRandomFactory(bouncyCastleRegistered);
+        initFileKeyProviderFactories(bouncyCastleRegistered);
+        initCipherFactories();
+        initCompressionFactories();
+        initMACFactories();
+        initSignatureFactories();
+    }
+
+    protected void initKeyExchangeFactories(boolean bouncyCastleRegistered) {
+        if (bouncyCastleRegistered)
+            setKeyExchangeFactories(new DHG14.Factory(), new DHG1.Factory());
+        else
+            setKeyExchangeFactories(new DHG1.Factory());
+    }
+
+    protected void initRandomFactory(boolean bouncyCastleRegistered) {
+        setRandomFactory(new SingletonRandomFactory(bouncyCastleRegistered ? new BouncyCastleRandom.Factory() : new JCERandom.Factory()));
+    }
+
+    protected void initFileKeyProviderFactories(boolean bouncyCastleRegistered) {
+        if (bouncyCastleRegistered) {
+            setFileKeyProviderFactories(new PKCS8KeyFile.Factory(), new OpenSSHKeyFile.Factory());
+        }
+    }
+
+
+    protected void initCipherFactories() {
+        List<Factory.Named<Cipher>> avail = new LinkedList<Factory.Named<Cipher>>(Arrays.<Factory.Named<Cipher>>asList(
+                new AES128CTR.Factory(), //
+                new AES192CTR.Factory(), //
+                new AES256CTR.Factory(), //
+                new AES128CBC.Factory(), //
+                new AES192CBC.Factory(), //
+                new AES256CBC.Factory(), //
+                new TripleDESCBC.Factory(), //
+                new BlowfishCBC.Factory()));
+
+        // Ref. https://issues.apache.org/jira/browse/SSHD-24
+        // "AES256 and AES192 requires unlimited cryptography extension"
+        for (Iterator<Factory.Named<Cipher>> i = avail.iterator(); i.hasNext();) {
+            final Factory.Named<Cipher> f = i.next();
+            try {
+                final Cipher c = f.create();
+                final byte[] key = new byte[c.getBlockSize()];
+                final byte[] iv = new byte[c.getIVSize()];
+                c.init(Cipher.Mode.Encrypt, key, iv);
+            } catch (Exception e) {
+                log.warn("Disabling cipher `{}`: cipher strengths apparently limited by JCE policy", f.getName());
+                i.remove();
+            }
+        }
+
+        setCipherFactories(avail);
+    }
+
+    protected void initSignatureFactories() {
+        setSignatureFactories(new SignatureRSA.Factory(), new SignatureDSA.Factory());
+    }
+
+    protected void initMACFactories() {
+        setMACFactories(new HMACSHA1.Factory(), new HMACSHA196.Factory(), new HMACMD5.Factory(),
+                new HMACMD596.Factory());
+    }
+
+    protected void initCompressionFactories() {
+        setCompressionFactories(new NoneCompression.Factory());
+    }
+
+
+}
diff --git a/src/main/java/net/schmizz/sshj/SSHClient.java b/src/main/java/net/schmizz/sshj/SSHClient.java
new file mode 100644
index 00000000..386131dd
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/SSHClient.java
@@ -0,0 +1,642 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+
+package net.schmizz.sshj;
+
+import net.schmizz.sshj.common.DisconnectReason;
+import net.schmizz.sshj.common.Factory;
+import net.schmizz.sshj.common.SSHException;
+import net.schmizz.sshj.common.SecurityUtils;
+import net.schmizz.sshj.connection.Connection;
+import net.schmizz.sshj.connection.ConnectionException;
+import net.schmizz.sshj.connection.ConnectionProtocol;
+import net.schmizz.sshj.connection.channel.direct.LocalPortForwarder;
+import net.schmizz.sshj.connection.channel.direct.Session;
+import net.schmizz.sshj.connection.channel.direct.SessionChannel;
+import net.schmizz.sshj.connection.channel.direct.SessionFactory;
+import net.schmizz.sshj.connection.channel.forwarded.ConnectListener;
+import net.schmizz.sshj.connection.channel.forwarded.RemotePortForwarder;
+import net.schmizz.sshj.connection.channel.forwarded.RemotePortForwarder.ForwardedTCPIPChannel;
+import net.schmizz.sshj.connection.channel.forwarded.X11Forwarder;
+import net.schmizz.sshj.connection.channel.forwarded.X11Forwarder.X11Channel;
+import net.schmizz.sshj.sftp.SFTPClient;
+import net.schmizz.sshj.sftp.StatefulSFTPClient;
+import net.schmizz.sshj.transport.Transport;
+import net.schmizz.sshj.transport.TransportException;
+import net.schmizz.sshj.transport.TransportProtocol;
+import net.schmizz.sshj.transport.compression.DelayedZlibCompression;
+import net.schmizz.sshj.transport.compression.NoneCompression;
+import net.schmizz.sshj.transport.compression.ZlibCompression;
+import net.schmizz.sshj.transport.verification.HostKeyVerifier;
+import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
+import net.schmizz.sshj.userauth.UserAuth;
+import net.schmizz.sshj.userauth.UserAuthException;
+import net.schmizz.sshj.userauth.UserAuthProtocol;
+import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
+import net.schmizz.sshj.userauth.keyprovider.KeyPairWrapper;
+import net.schmizz.sshj.userauth.keyprovider.KeyProvider;
+import net.schmizz.sshj.userauth.keyprovider.KeyProviderUtil;
+import net.schmizz.sshj.userauth.method.AuthMethod;
+import net.schmizz.sshj.userauth.method.AuthPassword;
+import net.schmizz.sshj.userauth.method.AuthPublickey;
+import net.schmizz.sshj.userauth.password.PasswordFinder;
+import net.schmizz.sshj.userauth.password.PasswordUtils;
+import net.schmizz.sshj.xfer.scp.SCPFileTransfer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.SocketAddress;
+import java.security.KeyPair;
+import java.security.PublicKey;
+import java.util.Arrays;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ * Secure SHell client API.
+ * <p/>
+ * Before connection is established, host key verification needs to be accounted for. This is done by {@link
+ * #addHostKeyVerifier(HostKeyVerifier) specifying} one or more {@link HostKeyVerifier} objects. Database of known
+ * hostname-key pairs in the OpenSSH {@code "known_hosts"} format can be {@link #loadKnownHosts(File) loaded} for host
+ * key verification.
+ * <p/>
+ * User authentication can be performed by any of the {@code auth*()} method.
+ * <p/>
+ * {@link #startSession()} caters to the most typical use case of starting a {@code session} channel and executing a
+ * remote command, starting a subsystem, etc. If you wish to request X11 forwarding for some session, first {@link
+ * #registerX11Forwarder(net.schmizz.sshj.connection.channel.forwarded.ConnectListener) register} a {@link
+ * net.schmizz.sshj.connection.channel.forwarded.ConnectListener} for {@code x11} channels.
+ * <p/>
+ * {@link #newLocalPortForwarder Local} and {@link #getRemotePortForwarder() remote} port forwarding is possible. There
+ * are also utility method for easily creating {@link #newSCPFileTransfer SCP} and {@link #newSFTPClient() SFTP}
+ * implementations.
+ * <p/>
+ * <em>A simple example:</em>
+ * <p/>
+ * <p/>
+ * <pre>
+ * client = new SSHClient();
+ * client.initUserKnownHosts();
+ * client.connect(&quot;hostname&quot;);
+ * try
+ * {
+ *     client.authPassword(&quot;username&quot;, &quot;password&quot;);
+ *     client.startSession().exec(&quot;true&quot;);
+ *     client.getConnection().join();
+ * } finally
+ * {
+ *     client.disconnect();
+ * }
+ * </pre>
+ * <p/>
+ * Where a password or passphrase is required, if you're extra-paranoid use the {@code char[]} based method. The {@code
+ * char[]} will be blanked out after use.
+ */
+public class SSHClient extends SocketClient implements SessionFactory {
+
+    /** Default port for SSH */
+    public static final int DEFAULT_PORT = 22;
+
+    /** Logger */
+    protected final Logger log = LoggerFactory.getLogger(getClass());
+
+
+    /** Transport layer */
+    protected final Transport trans;
+
+    /** {@code ssh-userauth} service */
+    protected final UserAuth auth;
+
+    /** {@code ssh-connection} service */
+    protected final ConnectionProtocol conn;
+
+    /** Default constructor. Initializes this object using {@link DefaultConfig}. */
+    public SSHClient() {
+        this(new DefaultConfig());
+    }
+
+    /**
+     * Constructor that allows specifying a {@code config} to be used.
+     *
+     * @param config {@link ConfigImpl} instance
+     */
+    public SSHClient(Config config) {
+        super(DEFAULT_PORT);
+        this.trans = new TransportProtocol(config);
+        this.auth = new UserAuthProtocol(trans);
+        this.conn = new ConnectionProtocol(trans);
+    }
+
+    /**
+     * Add a {@link HostKeyVerifier} which will be invoked for verifying host key during connection establishment and
+     * future key exchanges.
+     *
+     * @param hostKeyVerifier {@link HostKeyVerifier} instance
+     */
+    public void addHostKeyVerifier(HostKeyVerifier hostKeyVerifier) {
+        trans.addHostKeyVerifier(hostKeyVerifier);
+    }
+
+    /**
+     * Add a {@link HostKeyVerifier} that will verify any host at given {@code hostname:port} and a host key that has
+     * the given {@code fingerprint}, e.g. {@code "4b:69:6c:72:6f:79:20:77:61:73:20:68:65:72:65:21"}
+     *
+     * @param host        the hostname / IP address
+     * @param port        the port for which the {@code fingerprint} applies
+     * @param fingerprint expected fingerprint in colon-delimited format (16 octets in hex delimited by a colon)
+     *
+     * @see net.schmizz.sshj.common.SecurityUtils#getFingerprint
+     */
+    public void addHostKeyVerifier(final String host, final int port, final String fingerprint) {
+        addHostKeyVerifier(new HostKeyVerifier() {
+            public boolean verify(String h, int p, PublicKey k) {
+                return host.equals(h) && port == p && SecurityUtils.getFingerprint(k).equals(fingerprint);
+            }
+        });
+    }
+
+    /**
+     * Authenticate {@code username} using the supplied {@code methods}.
+     *
+     * @param username user to authenticate
+     * @param methods  one or more authentication method
+     *
+     * @throws UserAuthException  in case of authentication failure
+     * @throws TransportException if there was a transport-layer error
+     */
+    public void auth(String username, AuthMethod... methods) throws UserAuthException, TransportException {
+        assert isConnected();
+        auth(username, Arrays.<AuthMethod>asList(methods));
+    }
+
+    /**
+     * Authenticate {@code username} using the supplied {@code methods}.
+     *
+     * @param username user to authenticate
+     * @param methods  one or more authentication method
+     *
+     * @throws UserAuthException  in case of authentication failure
+     * @throws TransportException if there was a transport-layer error
+     */
+    public void auth(String username, Iterable<AuthMethod> methods) throws UserAuthException, TransportException {
+        assert isConnected();
+        auth.authenticate(username, conn, methods);
+    }
+
+    /**
+     * Authenticate {@code username} using the {@code "password"} authentication method. The {@code password} array is
+     * blanked out after use.
+     *
+     * @param username user to authenticate
+     * @param password the password to use for authentication
+     *
+     * @throws UserAuthException  in case of authentication failure
+     * @throws TransportException if there was a transport-layer error
+     */
+    public void authPassword(String username, char[] password) throws UserAuthException, TransportException {
+        authPassword(username, PasswordUtils.createOneOff(password));
+    }
+
+    /**
+     * Authenticate {@code username} using the {@code "password"} authentication method.
+     *
+     * @param username user to authenticate
+     * @param pfinder  the {@link net.schmizz.sshj.userauth.password.PasswordFinder} to use for authentication
+     *
+     * @throws UserAuthException  in case of authentication failure
+     * @throws TransportException if there was a transport-layer error
+     */
+    public void authPassword(String username, PasswordFinder pfinder) throws UserAuthException, TransportException {
+        auth(username, new AuthPassword(pfinder));
+    }
+
+    /**
+     * Authenticate {@code username} using the {@code "password"} authentication method.
+     *
+     * @param username user to authenticate
+     * @param password the password to use for authentication
+     *
+     * @throws UserAuthException  in case of authentication failure
+     * @throws TransportException if there was a transport-layer error
+     */
+    public void authPassword(String username, String password) throws UserAuthException, TransportException {
+        authPassword(username, password.toCharArray());
+    }
+
+    /**
+     * Authenticate {@code username} using the {@code "publickey"} authentication method, with keys from some commons
+     * locations on the file system. This method relies on {@code ~/.ssh/id_rsa} and {@code ~/.ssh/id_dsa}.
+     * <p/>
+     * This method does not provide a way to specify a passphrase.
+     *
+     * @param username user to authenticate
+     *
+     * @throws UserAuthException  in case of authentication failure
+     * @throws TransportException if there was a transport-layer error
+     */
+    public void authPublickey(String username) throws UserAuthException, TransportException {
+        String base = System.getProperty("user.home") + File.separator + ".ssh" + File.separator;
+        authPublickey(username, base + "id_rsa", base + "id_dsa");
+    }
+
+    /**
+     * Authenticate {@code username} using the {@code "publickey"} authentication method.
+     * <p/>
+     * {@link KeyProvider} instances can be created using any of the of the {@code loadKeys()} method provided in this
+     * class. In case multiple {@code keyProviders} are specified; authentication is attempted in order as long as the
+     * {@code "publickey"} authentication method is available.
+     *
+     * @param username     user to authenticate
+     * @param keyProviders one or more {@link KeyProvider} instances
+     *
+     * @throws UserAuthException  in case of authentication failure
+     * @throws TransportException if there was a transport-layer error
+     */
+    public void authPublickey(String username, Iterable<KeyProvider> keyProviders) throws UserAuthException,
+            TransportException {
+        List<AuthMethod> am = new LinkedList<AuthMethod>();
+        for (KeyProvider kp : keyProviders)
+            am.add(new AuthPublickey(kp));
+        auth(username, am);
+    }
+
+    /**
+     * Authenticate {@code username} using the {@code "publickey"} authentication method.
+     * <p/>
+     * {@link KeyProvider} instances can be created using any of the {@code loadKeys()} method provided in this class.
+     * In case multiple {@code keyProviders} are specified; authentication is attempted in order as long as the {@code
+     * "publickey"} authentication method is available.
+     *
+     * @param username     user to authenticate
+     * @param keyProviders one or more {@link KeyProvider} instances
+     *
+     * @throws UserAuthException  in case of authentication failure
+     * @throws TransportException if there was a transport-layer error
+     */
+    public void authPublickey(String username, KeyProvider... keyProviders) throws UserAuthException,
+            TransportException {
+        authPublickey(username, Arrays.<KeyProvider>asList(keyProviders));
+    }
+
+    /**
+     * Authenticate {@code username} using the {@code "publickey"} authentication method, with keys from one or more
+     * {@code locations} in the file system.
+     * <p/>
+     * In case multiple {@code locations} are specified; authentication is attempted in order as long as the {@code
+     * "publickey"} authentication method is available. If there is an error loading keys from any of them (e.g. file
+     * could not be read, file format not recognized) that key file it is ignored.
+     * <p/>
+     * This method does not provide a way to specify a passphrase.
+     *
+     * @param username  user to authenticate
+     * @param locations one or more locations in the file system containing the private key
+     *
+     * @throws UserAuthException  in case of authentication failure
+     * @throws TransportException if there was a transport-layer error
+     */
+    public void authPublickey(String username, String... locations) throws UserAuthException, TransportException {
+        List<KeyProvider> keyProviders = new LinkedList<KeyProvider>();
+        for (String loc : locations)
+            try {
+                log.debug("Attempting to load key from: {}", loc);
+                keyProviders.add(loadKeys(loc));
+            } catch (IOException logged) {
+                log.warn("Could not load keys due to: {}", logged);
+            }
+        authPublickey(username, keyProviders);
+    }
+
+    /**
+     * Disconnects from the connected SSH server. {@code SSHClient} objects are not reusable therefore it is incorrect
+     * to attempt connection after this method has been called.
+     * <p/>
+     * This method should be called from a {@code finally} construct after connection is established; so that proper
+     * cleanup is done and the thread spawned by the transport layer for dealing with incoming packets is stopped.
+     */
+    @Override
+    public void disconnect() throws IOException {
+        assert isConnected();
+        trans.disconnect();
+        super.disconnect();
+        assert !isConnected();
+    }
+
+    /** @return associated {@link Connection} instance. */
+    public Connection getConnection() {
+        return conn;
+    }
+
+    /** @return a {@link RemotePortForwarder} that allows requesting remote forwarding over this connection. */
+    public RemotePortForwarder getRemotePortForwarder() {
+        synchronized (conn) {
+            RemotePortForwarder rpf = (RemotePortForwarder) conn.get(ForwardedTCPIPChannel.TYPE);
+            if (rpf == null)
+                conn.attach(rpf = new RemotePortForwarder(conn));
+            return rpf;
+        }
+    }
+
+    /** @return the associated {@link Transport} instance. */
+    public Transport getTransport() {
+        return trans;
+    }
+
+    /**
+     * @return the associated {@link UserAuth} instance. This allows access to information like the {@link
+     *         UserAuth#getBanner() authentication banner}, whether authentication was at least {@link
+     *         UserAuth#hadPartialSuccess() partially successful}, and any {@link UserAuth#getSavedExceptions() saved
+     *         exceptions} that were ignored because there were more authentication method that could be tried.
+     */
+    public UserAuth getUserAuth() {
+        return auth;
+    }
+
+    /** @return whether authenticated. */
+    public boolean isAuthenticated() {
+        return trans.isAuthenticated();
+    }
+
+    /** @return whether connected. */
+    @Override
+    public boolean isConnected() {
+        return super.isConnected() && trans.isRunning();
+    }
+
+    /**
+     * Creates a {@link KeyProvider} from supplied {@link KeyPair}.
+     *
+     * @param kp the key pair
+     *
+     * @return the key provider ready for use in authentication
+     */
+    public KeyProvider loadKeys(KeyPair kp) {
+        return new KeyPairWrapper(kp);
+    }
+
+    /**
+     * Returns a {@link KeyProvider} instance created from a location on the file system where an <em>unencrypted</em>
+     * private key file (does not require a passphrase) can be found. Simply calls {@link #loadKeys(String,
+     * PasswordFinder)} with the {@link net.schmizz.sshj.userauth.password.PasswordFinder} argument as {@code null}.
+     *
+     * @param location the location for the key file
+     *
+     * @return the key provider ready for use in authentication
+     *
+     * @throws SSHException if there was no suitable key provider available for the file format; typically because
+     *                      BouncyCastle is not in the classpath
+     * @throws IOException  if the key file format is not known, if the file could not be read, etc.
+     */
+    public KeyProvider loadKeys(String location) throws IOException {
+        return loadKeys(location, (PasswordFinder) null);
+    }
+
+    /**
+     * Utility function for createing a {@link KeyProvider} instance from given location on the file system. Creates a
+     * one-off {@link PasswordFinder} using {@link net.schmizz.sshj.userauth.password.PasswordUtils#createOneOff(char[])},
+     * and calls {@link #loadKeys(String,PasswordFinder)}.
+     *
+     * @param location   location of the key file
+     * @param passphrase passphrase as a char-array
+     *
+     * @return the key provider ready for use in authentication
+     *
+     * @throws net.schmizz.sshj.common.SSHException
+     *                     if there was no suitable key provider available for the file format; typically because
+     *                     BouncyCastle is not in the classpath
+     * @throws IOException if the key file format is not known, if the file could not be read, etc.
+     */
+    public KeyProvider loadKeys(String location, char[] passphrase) throws IOException {
+        return loadKeys(location, PasswordUtils.createOneOff(passphrase));
+    }
+
+    /**
+     * Creates a {@link KeyProvider} instance from given location on the file system. Currently only PKCS8 format
+     * private key files are supported (OpenSSH uses this format).
+     * <p/>
+     *
+     * @param location       the location of the key file
+     * @param passwordFinder the {@link PasswordFinder} that can supply the passphrase for decryption (may be {@code
+     *                       null} in case keyfile is not encrypted)
+     *
+     * @return the key provider ready for use in authentication
+     *
+     * @throws SSHException if there was no suitable key provider available for the file format; typically because
+     *                      BouncyCastle is not in the classpath
+     * @throws IOException  if the key file format is not known, if the file could not be read, etc.
+     */
+    public KeyProvider loadKeys(String location, PasswordFinder passwordFinder) throws IOException {
+        File loc = new File(location);
+        FileKeyProvider.Format format = KeyProviderUtil.detectKeyFileFormat(loc);
+        FileKeyProvider fkp = Factory.Named.Util.create(trans.getConfig().getFileKeyProviderFactories(), format
+                .toString());
+        if (fkp == null)
+            throw new SSHException("No provider available for " + format + " key file");
+        fkp.init(loc, passwordFinder);
+        return fkp;
+    }
+
+    /**
+     * Convenience method for creating a {@link KeyProvider} instance from a {@code location} where an <i>encrypted</i>
+     * key file is located. Calls {@link #loadKeys(String, char[])} with a character array created from the supplied
+     * {@code passphrase} string.
+     *
+     * @param location   location of the key file
+     * @param passphrase passphrase as a string
+     *
+     * @return the key provider for use in authentication
+     *
+     * @throws IOException if the key file format is not known, if the file could not be read etc.
+     */
+    public KeyProvider loadKeys(String location, String passphrase) throws IOException {
+        return loadKeys(location, passphrase.toCharArray());
+    }
+
+    /**
+     * Attempts loading the user's {@code known_hosts} file from the default locations, i.e. {@code ~/.ssh/known_hosts}
+     * and {@code ~/.ssh/known_hosts2} on most platforms. Adds the resulting {@link OpenSSHKnownHosts} object as a host
+     * key verifier.
+     * <p/>
+     * For finer control over which file is used, see {@link #loadKnownHosts(File)}.
+     *
+     * @throws IOException if there is an error loading from <em>both</em> locations
+     */
+    public void loadKnownHosts() throws IOException {
+        boolean loaded = false;
+        final File sshDir = OpenSSHKnownHosts.detectSSHDir();
+        if (sshDir != null) {
+            for (File loc : Arrays.asList(new File(sshDir, "known_hosts"), new File(sshDir, "known_hosts2"))) {
+                loadKnownHosts(loc);
+                loaded = true;
+            }
+        }
+        if (!loaded)
+            throw new IOException("Could not load known_hosts");
+    }
+
+    /**
+     * Adds a {@link OpenSSHKnownHosts} object created from the specified location as a host key verifier.
+     *
+     * @param location location for {@code known_hosts} file
+     *
+     * @throws IOException if there is an error loading from any of these locations
+     */
+    public void loadKnownHosts(File location) throws IOException {
+        addHostKeyVerifier(new OpenSSHKnownHosts(location));
+    }
+
+    /**
+     * Create a {@link LocalPortForwarder} that will listen on {@code address} and forward incoming connections to the
+     * server; which will further forward them to {@code host:port}.
+     * <p/>
+     * The returned forwarder's {@link LocalPortForwarder#listen() listen()} method should be called to actually start
+     * listening, this method just creates an instance.
+     *
+     * @param address defines where the {@link net.schmizz.sshj.connection.channel.direct.LocalPortForwarder} listens
+     * @param host    hostname to which the server will forward
+     * @param port    the port at {@code hostname} to which the server wil forward
+     *
+     * @return a {@link LocalPortForwarder}
+     *
+     * @throws IOException if there is an error opening a local server socket
+     */
+    public LocalPortForwarder newLocalPortForwarder(SocketAddress address, String host, int port) throws IOException {
+        return new LocalPortForwarder(getServerSocketFactory(), conn, address, host, port);
+    }
+
+    /**
+     * Register a {@code listener} for handling forwarded X11 channels. Without having done this, an incoming X11
+     * forwarding will be summarily rejected.
+     * <p/>
+     * It should be clarified that multiple listeners for X11 forwarding over a single SSH connection are not supported
+     * (and don't make much sense). So a subsequent call to this method is only going to replace the registered {@code
+     * listener}.
+     *
+     * @param listener the {@link ConnectListener} that should be delegated the responsibility of handling forwarded
+     *                 {@link X11Channel} 's
+     *
+     * @return an {@link net.schmizz.sshj.connection.channel.forwarded.X11Forwarder} that allows to {@link
+     *         X11Forwarder#stop() stop acting} on X11 requests from server
+     */
+    public X11Forwarder registerX11Forwarder(ConnectListener listener) {
+        X11Forwarder x11f = new X11Forwarder(conn, listener);
+        conn.attach(x11f);
+        return x11f;
+    }
+
+    /** @return instantiated {@link SCPFileTransfer} implementation. */
+    public SCPFileTransfer newSCPFileTransfer() {
+        assert isConnected() && isAuthenticated();
+        return new SCPFileTransfer(this);
+    }
+
+    /**
+     * @return instantiated {@link SFTPClient} implementation.
+     *
+     * @throws IOException if there is an error starting the {@code sftp} subsystem
+     * @see StatefulSFTPClient
+     */
+    public SFTPClient newSFTPClient() throws IOException {
+        assert isConnected() && isAuthenticated();
+        return new SFTPClient(this);
+    }
+
+    /**
+     * Does key re-exchange.
+     *
+     * @throws TransportException if an error occurs during key exchange
+     */
+    public void rekey() throws TransportException {
+        doKex();
+    }
+
+    public Session startSession() throws ConnectionException, TransportException {
+        assert isConnected() && isAuthenticated();
+        SessionChannel sess = new SessionChannel(conn);
+        sess.open();
+        assert sess.isOpen();
+        return sess;
+    }
+
+    /**
+     * Adds {@code zlib} compression to preferred compression algorithms. There is no guarantee that it will be
+     * successfully negotiatied.
+     * <p/>
+     * If the client is already connected renegotiation is done; otherwise this method simply returns (and compression
+     * will be negotiated during connection establishment).
+     *
+     * @throws ClassNotFoundException if {@code JZlib} is not in classpath
+     * @throws TransportException     if an error occurs during renegotiation
+     */
+    public void useCompression() throws ClassNotFoundException, TransportException {
+        trans.getConfig().setCompressionFactories(Arrays.asList(
+                new DelayedZlibCompression.Factory(),
+                new ZlibCompression.Factory(),
+                new NoneCompression.Factory()));
+        if (isConnected())
+            rekey();
+    }
+
+    /** On connection establishment, also initialize the SSH transport via {@link Transport#init} and {@link #doKex()}. */
+    @Override
+    protected void onConnect() throws IOException {
+        super.onConnect();
+        trans.init(getRemoteHostname(), getRemotePort(), getInputStream(), getOutputStream());
+        doKex();
+    }
+
+    /**
+     * Do key exchange.
+     *
+     * @throws TransportException if error during kex
+     */
+    protected void doKex() throws TransportException {
+        assert trans.isRunning();
+
+        long start = System.currentTimeMillis();
+
+        try {
+            trans.doKex();
+        } catch (TransportException te) {
+            trans.disconnect(DisconnectReason.KEY_EXCHANGE_FAILED);
+            throw te;
+        }
+
+        log.info("Key exchange took {} seconds", (System.currentTimeMillis() - start) / 1000.0);
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/Service.java b/src/main/java/net/schmizz/sshj/Service.java
new file mode 100644
index 00000000..a319bfa1
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/Service.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj;
+
+import net.schmizz.sshj.common.ErrorNotifiable;
+import net.schmizz.sshj.common.SSHException;
+import net.schmizz.sshj.common.SSHPacketHandler;
+import net.schmizz.sshj.transport.TransportException;
+
+/** Represents a service running on top of the SSH {@link net.schmizz.sshj.transport.Transport transport layer}. */
+public interface Service extends SSHPacketHandler, ErrorNotifiable {
+
+    /** @return The assigned name for this SSH service. */
+    String getName();
+
+    /**
+     * Notifies this service that a {@code SSH_MSG_UNIMPLEMENTED} was received for packet with given sequence number.
+     * Meant to be invoked as a callback by the transport layer.
+     *
+     * @param seqNum sequence number of the packet which the server claims is unimplemented
+     *
+     * @throws SSHException if the packet is unexpected and may represent a disruption
+     */
+    void notifyUnimplemented(long seqNum) throws SSHException;
+
+    /**
+     * Request and install this service with the associated transport. Implementations should aim to make this method
+     * idempotent by first checking the {@link net.schmizz.sshj.transport.Transport#getService() currently active
+     * service}.
+     *
+     * @throws TransportException if there is an error sending the service request
+     */
+    void request() throws TransportException;
+
+    void notifyDisconnect() throws SSHException;
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/SocketClient.java b/src/main/java/net/schmizz/sshj/SocketClient.java
new file mode 100644
index 00000000..71aac843
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/SocketClient.java
@@ -0,0 +1,206 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file incorporates work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj;
+
+import javax.net.ServerSocketFactory;
+import javax.net.SocketFactory;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.SocketException;
+
+
+abstract class SocketClient {
+
+    private final int defaultPort;
+
+    private Socket socket;
+    private InputStream input;
+    private OutputStream output;
+
+    private SocketFactory socketFactory = SocketFactory.getDefault();
+    private ServerSocketFactory serverSocketFactory = ServerSocketFactory.getDefault();
+
+    private static final int DEFAULT_CONNECT_TIMEOUT = 0;
+    private int connectTimeout = DEFAULT_CONNECT_TIMEOUT;
+
+    private int timeout = 0;
+
+    private String hostname;
+
+    SocketClient(int defaultPort) {
+        this.defaultPort = defaultPort;
+    }
+
+    public void connect(InetAddress host, int port)
+            throws IOException {
+        socket = socketFactory.createSocket();
+        socket.connect(new InetSocketAddress(host, port), connectTimeout);
+        onConnect();
+    }
+
+    public void connect(String hostname, int port)
+            throws SocketException, IOException {
+        this.hostname = hostname;
+        connect(InetAddress.getByName(hostname), port);
+    }
+
+    public void connect(InetAddress host, int port,
+                        InetAddress localAddr, int localPort)
+            throws SocketException, IOException {
+        socket = socketFactory.createSocket();
+        socket.bind(new InetSocketAddress(localAddr, localPort));
+        socket.connect(new InetSocketAddress(host, port), connectTimeout);
+        onConnect();
+    }
+
+    public void connect(String hostname, int port,
+                        InetAddress localAddr, int localPort)
+            throws SocketException, IOException {
+        this.hostname = hostname;
+        connect(InetAddress.getByName(hostname), port, localAddr, localPort);
+    }
+
+    public void connect(InetAddress host) throws SocketException, IOException {
+        connect(host, defaultPort);
+    }
+
+    public void connect(String hostname) throws SocketException, IOException {
+        connect(hostname, defaultPort);
+    }
+
+    public void disconnect() throws IOException {
+        if (socket != null) {
+            socket.close();
+            socket = null;
+        }
+        if (input != null) {
+            input.close();
+            input = null;
+        }
+        if (output != null) {
+            output.close();
+            output = null;
+        }
+        input = null;
+        output = null;
+    }
+
+    public boolean isConnected() {
+        return (socket != null) && socket.isConnected();
+    }
+
+    public int getLocalPort() {
+        return socket.getLocalPort();
+    }
+
+
+    public InetAddress getLocalAddress() {
+        return socket.getLocalAddress();
+    }
+
+    public String getRemoteHostname() {
+        return hostname == null ? (hostname = getRemoteAddress().getHostName()) : hostname;
+    }
+
+    public int getRemotePort() {
+        return socket.getPort();
+    }
+
+    public InetAddress getRemoteAddress() {
+        return socket.getInetAddress();
+    }
+
+    public void setSocketFactory(SocketFactory factory) {
+        if (factory == null)
+            socketFactory = SocketFactory.getDefault();
+        else
+            socketFactory = factory;
+    }
+
+    public SocketFactory getSocketFactory() {
+        return socketFactory;
+    }
+
+    public void setServerSocketFactory(ServerSocketFactory factory) {
+        if (factory == null)
+            serverSocketFactory = ServerSocketFactory.getDefault();
+        else
+            serverSocketFactory = factory;
+    }
+
+    public ServerSocketFactory getServerSocketFactory() {
+        return serverSocketFactory;
+    }
+
+    public int getConnectTimeout() {
+        return connectTimeout;
+    }
+
+    public void setConnectTimeout(int connectTimeout) {
+        this.connectTimeout = connectTimeout;
+    }
+
+    public int getTimeout() {
+        return timeout;
+    }
+
+    public void setTimeout(int timeout) {
+        this.timeout = timeout;
+    }
+
+    public Socket getSocket() {
+        return socket;
+    }
+
+    InputStream getInputStream() {
+        return input;
+    }
+
+    OutputStream getOutputStream() {
+        return output;
+    }
+
+    void onConnect() throws IOException {
+        socket.setSoTimeout(timeout);
+        input = socket.getInputStream();
+        output = socket.getOutputStream();
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/common/Base64.java b/src/main/java/net/schmizz/sshj/common/Base64.java
new file mode 100644
index 00000000..8d206563
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/common/Base64.java
@@ -0,0 +1,1705 @@
+package net.schmizz.sshj.common;
+
+
+/**
+ * <p> Encodes and decodes to and from Base64 notation. </p> <p> Homepage: <a href="http://iharder.net/base64">http://iharder.net/base64</a>.
+ * </p> <p/> <p> Example: </p> <p/> <code>String encoded = Base64.encode( myByteArray );</code> <br /> <code>byte[]
+ * myByteArray = Base64.decode( encoded );</code> <p/> <p> The <tt>options</tt> parameter, which appears in a few
+ * places, is used to pass several pieces of information to the encoder. In the "higher level" method such as
+ * encodeBytes( bytes, options ) the options parameter can be used to indicate such things as first gzipping the bytes
+ * before encoding them, not inserting linefeeds, and encoding using the URL-safe and Ordered dialects. </p> <p/> <p>
+ * Note, according to <a href="http://www.faqs.org/rfcs/rfc3548.html">RFC3548</a>, Section 2.1, implementations should
+ * not add line feeds unless explicitly told to do so. I've got Base64 set to this behavior now, although earlier
+ * versions broke lines by default. </p> <p/> <p> The constants defined in Base64 can be OR-ed together to combine
+ * options, so you might make a call like this: </p> <p/> <code>String encoded = Base64.encodeBytes( mybytes,
+ * Base64.GZIP | Base64.DO_BREAK_LINES );</code> <p> to compress the data before encoding it and then making the output
+ * have newline characters. </p> <p> Also... </p> <code>String encoded = Base64.encodeBytes( crazyString.getBytes()
+ * );</code> <p/> <p> I am placing this code in the Public Domain. Do with it as you will. This software comes with no
+ * guarantees or warranties but with plenty of well-wishing instead! Please visit <a
+ * href="http://iharder.net/base64">http://iharder.net/base64</a> periodically to check for updates or to contribute
+ * improvements. </p>
+ *
+ * @author Robert Harder
+ * @author rob@iharder.net
+ * @version 2.3.3
+ */
+public class Base64 {
+
+    /**
+     * A {@link Base64.InputStream} will read data from another <tt>java.io.InputStream</tt>, given in the constructor,
+     * and encode/decode to/from Base64 notation on the fly.
+     *
+     * @see Base64
+     * @since 1.3
+     */
+    public static class InputStream extends java.io.FilterInputStream {
+
+        private final boolean encode; // Encoding or decoding
+        private int position; // Current position in the buffer
+        private final byte[] buffer; // Small buffer holding converted data
+        private final int bufferLength; // Length of buffer (3 or 4)
+        private int numSigBytes; // Number of meaningful bytes in the buffer
+        private int lineLength;
+        private final boolean breakLines; // Break lines at less than 80 characters
+        private final int options; // Record options used to create the stream.
+        // private final byte[] alphabet; // Local copies to avoid extra method calls
+        private final byte[] decodabet; // Local copies to avoid extra method calls
+
+        /**
+         * Constructs a {@link Base64.InputStream} in DECODE mode.
+         *
+         * @param in the <tt>java.io.InputStream</tt> from which to read data.
+         *
+         * @since 1.3
+         */
+        public InputStream(java.io.InputStream in) {
+            this(in, DECODE);
+        } // end constructor
+
+        /**
+         * Constructs a {@link Base64.InputStream} in either ENCODE or DECODE mode.
+         * <p/>
+         * Valid options:
+         * <p/>
+         * <pre>
+         *   ENCODE or DECODE: Encode or Decode as data is read.
+         *   DO_BREAK_LINES: break lines at 76 characters
+         *     (only meaningful when encoding)&lt;/i&gt;
+         * </pre>
+         * <p/>
+         * Example: <code>new Base64.InputStream( in, Base64.DECODE )</code>
+         *
+         * @param in      the <tt>java.io.InputStream</tt> from which to read data.
+         * @param options Specified options
+         *
+         * @see Base64#ENCODE
+         * @see Base64#DECODE
+         * @see Base64#DO_BREAK_LINES
+         * @since 2.0
+         */
+        public InputStream(java.io.InputStream in, int options) {
+
+            super(in);
+            this.options = options; // Record for later
+            breakLines = (options & DO_BREAK_LINES) > 0;
+            encode = (options & ENCODE) > 0;
+            bufferLength = encode ? 4 : 3;
+            buffer = new byte[bufferLength];
+            position = -1;
+            lineLength = 0;
+            // alphabet = getAlphabet(options);
+            decodabet = getDecodabet(options);
+        } // end constructor
+
+        /**
+         * Reads enough of the input stream to convert to/from Base64 and returns the next byte.
+         *
+         * @return next byte
+         *
+         * @since 1.3
+         */
+        @Override
+        public int read() throws java.io.IOException {
+
+            // Do we need to get data?
+            if (position < 0)
+                if (encode) {
+                    byte[] b3 = new byte[3];
+                    int numBinaryBytes = 0;
+                    for (int i = 0; i < 3; i++) {
+                        int b = in.read();
+
+                        // If end of stream, b is -1.
+                        if (b >= 0) {
+                            b3[i] = (byte) b;
+                            numBinaryBytes++;
+                        } else
+                            break; // out of for loop
+
+                    } // end for: each needed input byte
+
+                    if (numBinaryBytes > 0) {
+                        encode3to4(b3, 0, numBinaryBytes, buffer, 0, options);
+                        position = 0;
+                        numSigBytes = 4;
+                    } // end if: got data
+                    else
+                        return -1; // Must be end of stream
+                } // end if: encoding
+
+                // Else decoding
+                else {
+                    byte[] b4 = new byte[4];
+                    int i = 0;
+                    for (i = 0; i < 4; i++) {
+                        // Read four "meaningful" bytes:
+                        int b = 0;
+                        do
+                            b = in.read();
+                        while (b >= 0 && decodabet[b & 0x7f] <= WHITE_SPACE_ENC);
+
+                        if (b < 0)
+                            break; // Reads a -1 if end of stream
+
+                        b4[i] = (byte) b;
+                    } // end for: each needed input byte
+
+                    if (i == 4) {
+                        numSigBytes = decode4to3(b4, 0, buffer, 0, options);
+                        position = 0;
+                    } // end if: got four characters
+                    else if (i == 0)
+                        return -1;
+                    else
+                        // Must have broken out from above.
+                        throw new java.io.IOException("Improperly padded Base64 input.");
+
+                } // end else: decode
+
+            // Got data?
+            if (position >= 0) {
+                // End of relevant data?
+                if ( /* !encode && */position >= numSigBytes)
+                    return -1;
+
+                if (encode && breakLines && lineLength >= MAX_LINE_LENGTH) {
+                    lineLength = 0;
+                    return '\n';
+                } // end if
+                else {
+                    lineLength++; // This isn't important when decoding
+                    // but throwing an extra "if" seems
+                    // just as wasteful.
+
+                    int b = buffer[position++];
+
+                    if (position >= bufferLength)
+                        position = -1;
+
+                    return b & 0xFF; // This is how you "cast" a byte that's
+                    // intended to be unsigned.
+                } // end else
+            } // end if: position >= 0
+            else
+                throw new java.io.IOException("Error in Base64 code reading stream.");
+        } // end read
+
+        /**
+         * Calls {@link #read()} repeatedly until the end of stream is reached or <var>len</var> bytes are read. Returns
+         * number of bytes read into array or -1 if end of stream is encountered.
+         *
+         * @param dest array to hold values
+         * @param off  offset for array
+         * @param len  max number of bytes to read into array
+         *
+         * @return bytes read into array or -1 if end of stream is encountered.
+         *
+         * @since 1.3
+         */
+        @Override
+        public int read(byte[] dest, int off, int len) throws java.io.IOException {
+            int i;
+            int b;
+            for (i = 0; i < len; i++) {
+                b = read();
+
+                if (b >= 0)
+                    dest[off + i] = (byte) b;
+                else if (i == 0)
+                    return -1;
+                else
+                    break; // Out of 'for' loop
+            } // end for: each byte read
+            return i;
+        } // end read
+
+    } // end inner class InputStream
+
+    /**
+     * A {@link Base64.OutputStream} will write data to another <tt>java.io.OutputStream</tt>, given in the constructor,
+     * and encode/decode to/from Base64 notation on the fly.
+     *
+     * @see Base64
+     * @since 1.3
+     */
+    public static class OutputStream extends java.io.FilterOutputStream {
+
+        private final boolean encode;
+        private int position;
+        private byte[] buffer;
+        private final int bufferLength;
+        private int lineLength;
+        private final boolean breakLines;
+        private final byte[] b4; // Scratch used in a few places
+        private boolean suspendEncoding;
+        private final int options; // Record for later
+        // private final byte[] alphabet; // Local copies to avoid extra method calls
+        private final byte[] decodabet; // Local copies to avoid extra method calls
+
+        /**
+         * Constructs a {@link Base64.OutputStream} in ENCODE mode.
+         *
+         * @param out the <tt>java.io.OutputStream</tt> to which data will be written.
+         *
+         * @since 1.3
+         */
+        public OutputStream(java.io.OutputStream out) {
+            this(out, ENCODE);
+        } // end constructor
+
+        /**
+         * Constructs a {@link Base64.OutputStream} in either ENCODE or DECODE mode.
+         * <p/>
+         * Valid options:
+         * <p/>
+         * <pre>
+         *   ENCODE or DECODE: Encode or Decode as data is read.
+         *   DO_BREAK_LINES: don't break lines at 76 characters
+         *     (only meaningful when encoding)&lt;/i&gt;
+         * </pre>
+         * <p/>
+         * Example: <code>new Base64.OutputStream( out, Base64.ENCODE )</code>
+         *
+         * @param out     the <tt>java.io.OutputStream</tt> to which data will be written.
+         * @param options Specified options.
+         *
+         * @see Base64#ENCODE
+         * @see Base64#DECODE
+         * @see Base64#DO_BREAK_LINES
+         * @since 1.3
+         */
+        public OutputStream(java.io.OutputStream out, int options) {
+            super(out);
+            breakLines = (options & DO_BREAK_LINES) > 0;
+            encode = (options & ENCODE) > 0;
+            bufferLength = encode ? 3 : 4;
+            buffer = new byte[bufferLength];
+            position = 0;
+            lineLength = 0;
+            suspendEncoding = false;
+            b4 = new byte[4];
+            this.options = options;
+            // alphabet = getAlphabet(options);
+            decodabet = getDecodabet(options);
+        } // end constructor
+
+        /**
+         * Flushes and closes (I think, in the superclass) the stream.
+         *
+         * @since 1.3
+         */
+        @Override
+        public void close() throws java.io.IOException {
+            // 1. Ensure that pending characters are written
+            flush();
+
+            // 2. Actually close the stream
+            // Base class both flushes and closes.
+            super.close();
+
+            buffer = null;
+            out = null;
+        } // end close
+
+        /**
+         * Flushes the stream (and the enclosing streams).
+         *
+         * @throws java.io.IOException
+         * @since 2.3
+         */
+        @Override
+        public void flush() throws java.io.IOException {
+            flushBase64();
+            super.flush();
+        }
+
+        /**
+         * Method added by PHIL. [Thanks, PHIL. -Rob] This pads the buffer without closing the stream.
+         *
+         * @throws java.io.IOException if there's an error.
+         */
+        public void flushBase64() throws java.io.IOException {
+            if (position > 0)
+                if (encode) {
+                    out.write(encode3to4(b4, buffer, position, options));
+                    position = 0;
+                } // end if: encoding
+                else
+                    throw new java.io.IOException("Base64 input not properly padded.");
+
+        } // end flush
+
+        /**
+         * Resumes encoding of the stream. May be helpful if you need to embed a piece of base64-encoded data in a
+         * stream.
+         *
+         * @since 1.5.1
+         */
+        public void resumeEncoding() {
+            suspendEncoding = false;
+        } // end resumeEncoding
+
+        /**
+         * Suspends encoding of the stream. May be helpful if you need to embed a piece of base64-encoded data in a
+         * stream.
+         *
+         * @throws java.io.IOException if there's an error flushing
+         * @since 1.5.1
+         */
+        public void suspendEncoding() throws java.io.IOException {
+            flushBase64();
+            suspendEncoding = true;
+        } // end suspendEncoding
+
+        /**
+         * Calls {@link #write(int)} repeatedly until <var>len</var> bytes are written.
+         *
+         * @param theBytes array from which to read bytes
+         * @param off      offset for array
+         * @param len      max number of bytes to read into array
+         *
+         * @since 1.3
+         */
+        @Override
+        public void write(byte[] theBytes, int off, int len) throws java.io.IOException {
+            // Encoding suspended?
+            if (suspendEncoding) {
+                super.out.write(theBytes, off, len);
+                return;
+            } // end if: supsended
+
+            for (int i = 0; i < len; i++)
+                write(theBytes[off + i]);
+
+        } // end write
+
+        /**
+         * Writes the byte to the output stream after converting to/from Base64 notation. When encoding, bytes are
+         * buffered three at a time before the output stream actually gets a write() call. When decoding, bytes are
+         * buffered four at a time.
+         *
+         * @param theByte the byte to write
+         *
+         * @since 1.3
+         */
+        @Override
+        public void write(int theByte) throws java.io.IOException {
+            // Encoding suspended?
+            if (suspendEncoding) {
+                super.out.write(theByte);
+                return;
+            } // end if: supsended
+
+            // Encode?
+            if (encode) {
+                buffer[position++] = (byte) theByte;
+                if (position >= bufferLength) { // Enough to encode.
+
+                    out.write(encode3to4(b4, buffer, bufferLength, options));
+
+                    lineLength += 4;
+                    if (breakLines && lineLength >= MAX_LINE_LENGTH) {
+                        out.write(NEW_LINE);
+                        lineLength = 0;
+                    } // end if: end of line
+
+                    position = 0;
+                } // end if: enough to output
+            } // end if: encoding
+            else // Meaningful Base64 character?
+                if (decodabet[theByte & 0x7f] > WHITE_SPACE_ENC) {
+                    buffer[position++] = (byte) theByte;
+                    if (position >= bufferLength) { // Enough to output.
+
+                        int len = Base64.decode4to3(buffer, 0, b4, 0, options);
+                        out.write(b4, 0, len);
+                        position = 0;
+                    } // end if: enough to output
+                } // end if: meaningful base64 character
+                else if (decodabet[theByte & 0x7f] != WHITE_SPACE_ENC)
+                    throw new java.io.IOException("Invalid character in Base64 data.");
+        } // end write
+
+    } // end inner class OutputStream
+
+    /** No options specified. Value is zero. */
+    public final static int NO_OPTIONS = 0;
+
+    /** Specify encoding in first bit. Value is one. */
+    public final static int ENCODE = 1;
+
+    /** Specify decoding in first bit. Value is zero. */
+    public final static int DECODE = 0;
+
+    /** Specify that data should be gzip-compressed in second bit. Value is two. */
+    public final static int GZIP = 2;
+
+    /** Do break lines when encoding. Value is 8. */
+    public final static int DO_BREAK_LINES = 8;
+
+    /*          ******** P R I V A T E F I E L D S ******** */
+
+    /**
+     * Encode using Base64-like encoding that is URL- and Filename-safe as described in Section 4 of RFC3548: <a
+     * href="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>. It is important to note
+     * that data encoded this way is <em>not</em> officially valid Base64, or at the very least should not be called
+     * Base64 without also specifying that is was encoded using the URL- and Filename-safe dialect.
+     */
+    public final static int URL_SAFE = 16;
+
+    /** Encode using the special "ordered" dialect of Base64 described here: <a href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-1940.html</a>. */
+    public final static int ORDERED = 32;
+
+    /** Maximum line length (76) of Base64 output. */
+    private final static int MAX_LINE_LENGTH = 76;
+
+    /** The equals sign (=) as a byte. */
+    private final static byte EQUALS_SIGN = (byte) '=';
+
+    /** The new line character (\n) as a byte. */
+    private final static byte NEW_LINE = (byte) '\n';
+    /** Preferred encoding. */
+    private final static String PREFERRED_ENCODING = "US-ASCII";
+
+    /*          ******** S T A N D A R D B A S E 6 4 A L P H A B E T ******** */
+
+    private final static byte WHITE_SPACE_ENC = -5; // Indicates white space in encoding
+
+    private final static byte EQUALS_SIGN_ENC = -1; // Indicates equals sign in encoding
+
+    /*          ******** U R L S A F E B A S E 6 4 A L P H A B E T ******** */
+
+    /** The 64 valid Base64 values. */
+    /* Host platform me be something funny like EBCDIC, so we hardcode these values. */
+    private final static byte[] _STANDARD_ALPHABET = {(byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E',
+            (byte) 'F', (byte) 'G', (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N',
+            (byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U', (byte) 'V', (byte) 'W',
+            (byte) 'X', (byte) 'Y', (byte) 'Z', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f',
+            (byte) 'g', (byte) 'h', (byte) 'i', (byte) 'j', (byte) 'k', (byte) 'l', (byte) 'm', (byte) 'n', (byte) 'o',
+            (byte) 'p', (byte) 'q', (byte) 'r', (byte) 's', (byte) 't', (byte) 'u', (byte) 'v', (byte) 'w', (byte) 'x',
+            (byte) 'y', (byte) 'z', (byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6',
+            (byte) '7', (byte) '8', (byte) '9', (byte) '+', (byte) '/'};
+
+    /**
+     * Translates a Base64 value to either its 6-bit reconstruction value or a negative number indicating some other
+     * meaning.
+     */
+    private final static byte[] _STANDARD_DECODABET = {-9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
+            // 0 - 8
+            -5, -5, // Whitespace: Tab and Linefeed
+            -9, -9, // Decimal 11 - 12
+            -5, // Whitespace: Carriage Return
+            -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 14 - 26
+            -9, -9, -9, -9, -9, // Decimal 27 - 31
+            -5, // Whitespace: Space
+            -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 33 - 42
+            62, // Plus sign at decimal 43
+            -9, -9, -9, // Decimal 44 - 46
+            63, // Slash at decimal 47
+            52, 53, 54, 55, 56, 57, 58, 59, 60, 61, // Numbers zero through nine
+            -9, -9, -9, // Decimal 58 - 60
+            -1, // Equals sign at decimal 61
+            -9, -9, -9, // Decimal 62 - 64
+            0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, // Letters 'A' through 'N'
+            14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, // Letters 'O' through 'Z'
+            -9, -9, -9, -9, -9, -9, // Decimal 91 - 96
+            26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, // Letters 'a' through 'm'
+            39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, // Letters 'n' through 'z'
+            -9, -9, -9, -9 // Decimal 123 - 126
+            /*
+            * ,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 127 - 139
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 140 - 152
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 153 - 165
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 166 - 178
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 179 - 191
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 192 - 204
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 205 - 217
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 218 - 230
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 231 - 243
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9 // Decimal 244 - 255
+            */
+    };
+
+    /*          ******** O R D E R E D B A S E 6 4 A L P H A B E T ******** */
+
+    /**
+     * Used in the URL- and Filename-safe dialect described in Section 4 of RFC3548: <a
+     * href="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>. Notice that the last two
+     * bytes become "hyphen" and "underscore" instead of "plus" and "slash."
+     */
+    private final static byte[] _URL_SAFE_ALPHABET = {(byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E',
+            (byte) 'F', (byte) 'G', (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N',
+            (byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U', (byte) 'V', (byte) 'W',
+            (byte) 'X', (byte) 'Y', (byte) 'Z', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f',
+            (byte) 'g', (byte) 'h', (byte) 'i', (byte) 'j', (byte) 'k', (byte) 'l', (byte) 'm', (byte) 'n', (byte) 'o',
+            (byte) 'p', (byte) 'q', (byte) 'r', (byte) 's', (byte) 't', (byte) 'u', (byte) 'v', (byte) 'w', (byte) 'x',
+            (byte) 'y', (byte) 'z', (byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6',
+            (byte) '7', (byte) '8', (byte) '9', (byte) '-', (byte) '_'};
+
+    /** Used in decoding URL- and Filename-safe dialects of Base64. */
+    private final static byte[] _URL_SAFE_DECODABET = {-9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
+            // 0 - 8
+            -5, -5, // Whitespace: Tab and Linefeed
+            -9, -9, // Decimal 11 - 12
+            -5, // Whitespace: Carriage Return
+            -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 14 - 26
+            -9, -9, -9, -9, -9, // Decimal 27 - 31
+            -5, // Whitespace: Space
+            -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 33 - 42
+            -9, // Plus sign at decimal 43
+            -9, // Decimal 44
+            62, // Minus sign at decimal 45
+            -9, // Decimal 46
+            -9, // Slash at decimal 47
+            52, 53, 54, 55, 56, 57, 58, 59, 60, 61, // Numbers zero through nine
+            -9, -9, -9, // Decimal 58 - 60
+            -1, // Equals sign at decimal 61
+            -9, -9, -9, // Decimal 62 - 64
+            0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, // Letters 'A' through 'N'
+            14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, // Letters 'O' through 'Z'
+            -9, -9, -9, -9, // Decimal 91 - 94
+            63, // Underscore at decimal 95
+            -9, // Decimal 96
+            26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, // Letters 'a' through 'm'
+            39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, // Letters 'n' through 'z'
+            -9, -9, -9, -9 // Decimal 123 - 126
+            /*
+            * ,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 127 - 139
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 140 - 152
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 153 - 165
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 166 - 178
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 179 - 191
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 192 - 204
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 205 - 217
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 218 - 230
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 231 - 243
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9 // Decimal 244 - 255
+            */
+    };
+
+    /*          ******** D E T E R M I N E W H I C H A L H A B E T ******** */
+
+    /**
+     * I don't get the point of this technique, but someone requested it, and it is described here: <a
+     * href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-1940.html</a>.
+     */
+    private final static byte[] _ORDERED_ALPHABET = {(byte) '-', (byte) '0', (byte) '1', (byte) '2', (byte) '3',
+            (byte) '4', (byte) '5', (byte) '6', (byte) '7', (byte) '8', (byte) '9', (byte) 'A', (byte) 'B', (byte) 'C',
+            (byte) 'D', (byte) 'E', (byte) 'F', (byte) 'G', (byte) 'H', (byte) 'I', (byte) 'J', (byte) 'K', (byte) 'L',
+            (byte) 'M', (byte) 'N', (byte) 'O', (byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T', (byte) 'U',
+            (byte) 'V', (byte) 'W', (byte) 'X', (byte) 'Y', (byte) 'Z', (byte) '_', (byte) 'a', (byte) 'b', (byte) 'c',
+            (byte) 'd', (byte) 'e', (byte) 'f', (byte) 'g', (byte) 'h', (byte) 'i', (byte) 'j', (byte) 'k', (byte) 'l',
+            (byte) 'm', (byte) 'n', (byte) 'o', (byte) 'p', (byte) 'q', (byte) 'r', (byte) 's', (byte) 't', (byte) 'u',
+            (byte) 'v', (byte) 'w', (byte) 'x', (byte) 'y', (byte) 'z'};
+
+    /** Used in decoding the "ordered" dialect of Base64. */
+    private final static byte[] _ORDERED_DECODABET = {-9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal
+            // 0 - 8
+            -5, -5, // Whitespace: Tab and Linefeed
+            -9, -9, // Decimal 11 - 12
+            -5, // Whitespace: Carriage Return
+            -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 14 - 26
+            -9, -9, -9, -9, -9, // Decimal 27 - 31
+            -5, // Whitespace: Space
+            -9, -9, -9, -9, -9, -9, -9, -9, -9, -9, // Decimal 33 - 42
+            -9, // Plus sign at decimal 43
+            -9, // Decimal 44
+            0, // Minus sign at decimal 45
+            -9, // Decimal 46
+            -9, // Slash at decimal 47
+            1, 2, 3, 4, 5, 6, 7, 8, 9, 10, // Numbers zero through nine
+            -9, -9, -9, // Decimal 58 - 60
+            -1, // Equals sign at decimal 61
+            -9, -9, -9, // Decimal 62 - 64
+            11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, // Letters 'A' through 'M'
+            24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, // Letters 'N' through 'Z'
+            -9, -9, -9, -9, // Decimal 91 - 94
+            37, // Underscore at decimal 95
+            -9, // Decimal 96
+            38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, // Letters 'a' through 'm'
+            51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, // Letters 'n' through 'z'
+            -9, -9, -9, -9 // Decimal 123 - 126
+            /*
+            * ,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 127 - 139
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 140 - 152
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 153 - 165
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 166 - 178
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 179 - 191
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 192 - 204
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 205 - 217
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 218 - 230
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9, // Decimal 231 - 243
+            * -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9 // Decimal 244 - 255
+            */
+    };
+
+    /**
+     * Low-level access to decoding ASCII characters in the form of a byte array. <strong>Ignores GUNZIP option, if it's
+     * set.</strong> This is not generally a recommended method, although it is used internally as part of the decoding
+     * process. Special case: if len = 0, an empty array is returned. Still, if you need more speed and reduced memory
+     * footprint (and aren't gzipping), consider this method.
+     *
+     * @param source The Base64 encoded data
+     *
+     * @return decoded data
+     *
+     * @since 2.3.1
+     */
+    public static byte[] decode(byte[] source) {
+        byte[] decoded = null;
+        try {
+            decoded = decode(source, 0, source.length, Base64.NO_OPTIONS);
+        } catch (java.io.IOException ex) {
+            assert false : "IOExceptions only come from GZipping, which is turned off: " + ex.getMessage();
+        }
+        return decoded;
+    }
+
+    /*          ******** E N C O D I N G M E T H O D S ******** */
+
+    /**
+     * Low-level access to decoding ASCII characters in the form of a byte array. <strong>Ignores GUNZIP option, if it's
+     * set.</strong> This is not generally a recommended method, although it is used internally as part of the decoding
+     * process. Special case: if len = 0, an empty array is returned. Still, if you need more speed and reduced memory
+     * footprint (and aren't gzipping), consider this method.
+     *
+     * @param source  The Base64 encoded data
+     * @param off     The offset of where to begin decoding
+     * @param len     The length of characters to decode
+     * @param options Can specify options such as alphabet type to use
+     *
+     * @return decoded data
+     *
+     * @throws java.io.IOException If bogus characters exist in source data
+     * @since 1.3
+     */
+    public static byte[] decode(byte[] source, int off, int len, int options) throws java.io.IOException {
+
+        // Lots of error checking and exception throwing
+        if (source == null)
+            throw new NullPointerException("Cannot decode null source array.");
+        if (off < 0 || off + len > source.length)
+            throw new IllegalArgumentException(String.format(
+                    "Source array with length %d cannot have offset of %d and process %d bytes.", source.length, off,
+                    len));
+
+        if (len == 0)
+            return new byte[0];
+        else if (len < 4)
+            throw new IllegalArgumentException(
+                    "Base64-encoded string must have at least four characters, but length specified was " + len);
+
+        byte[] DECODABET = getDecodabet(options);
+
+        int len34 = len * 3 / 4; // Estimate on array size
+        byte[] outBuff = new byte[len34]; // Upper limit on size of output
+        int outBuffPosn = 0; // Keep track of where we're writing
+
+        byte[] b4 = new byte[4]; // Four byte buffer from source, eliminating white space
+        int b4Posn = 0; // Keep track of four byte input buffer
+        int i = 0; // Source array counter
+        byte sbiCrop = 0; // Low seven bits (ASCII) of input
+        byte sbiDecode = 0; // Special value from DECODABET
+
+        for (i = off; i < off + len; i++) { // Loop through source
+
+            sbiCrop = (byte) (source[i] & 0x7f); // Only the low seven bits
+            sbiDecode = DECODABET[sbiCrop]; // Special value
+
+            // White space, Equals sign, or legit Base64 character
+            // Note the values such as -5 and -9 in the
+            // DECODABETs at the top of the file.
+            if (sbiDecode >= WHITE_SPACE_ENC) {
+                if (sbiDecode >= EQUALS_SIGN_ENC) {
+                    b4[b4Posn++] = sbiCrop; // Save non-whitespace
+                    if (b4Posn > 3) { // Time to decode?
+                        outBuffPosn += decode4to3(b4, 0, outBuff, outBuffPosn, options);
+                        b4Posn = 0;
+
+                        // If that was the equals sign, break out of 'for' loop
+                        if (sbiCrop == EQUALS_SIGN)
+                            break;
+                    } // end if: quartet built
+                } // end if: equals sign or better
+            } // end if: white space, equals sign or better
+            else
+                // There's a bad input character in the Base64 stream.
+                throw new java.io.IOException(String.format("Bad Base64 input character '%c' in array position %d",
+                        source[i], i));
+        } // each input character
+
+        byte[] out = new byte[outBuffPosn];
+        System.arraycopy(outBuff, 0, out, 0, outBuffPosn);
+        return out;
+    } // end decode
+
+    /**
+     * Decodes data from Base64 notation, automatically detecting gzip-compressed data and decompressing it.
+     *
+     * @param s the string to decode
+     *
+     * @return the decoded data
+     *
+     * @throws java.io.IOException If there is a problem
+     * @since 1.4
+     */
+    public static byte[] decode(String s) throws java.io.IOException {
+        return decode(s, NO_OPTIONS);
+    }
+
+    /**
+     * Decodes data from Base64 notation, automatically detecting gzip-compressed data and decompressing it.
+     *
+     * @param s       the string to decode
+     * @param options encode options such as URL_SAFE
+     *
+     * @return the decoded data
+     *
+     * @throws java.io.IOException  if there is an error
+     * @throws NullPointerException if <tt>s</tt> is null
+     * @since 1.4
+     */
+    public static byte[] decode(String s, int options) throws java.io.IOException {
+
+        if (s == null)
+            throw new NullPointerException("Input string was null.");
+
+        byte[] bytes;
+        try {
+            bytes = s.getBytes(PREFERRED_ENCODING);
+        } // end try
+        catch (java.io.UnsupportedEncodingException uee) {
+            bytes = s.getBytes();
+        } // end catch
+        // </change>
+
+        // Decode
+        bytes = decode(bytes, 0, bytes.length, options);
+
+        // Check to see if it's gzip-compressed
+        // GZIP Magic Two-Byte Number: 0x8b1f (35615)
+        if (bytes != null && bytes.length >= 4) {
+
+            int head = bytes[0] & 0xff | bytes[1] << 8 & 0xff00;
+            if (java.util.zip.GZIPInputStream.GZIP_MAGIC == head) {
+                java.io.ByteArrayInputStream bais = null;
+                java.util.zip.GZIPInputStream gzis = null;
+                java.io.ByteArrayOutputStream baos = null;
+                byte[] buffer = new byte[2048];
+                int length = 0;
+
+                try {
+                    baos = new java.io.ByteArrayOutputStream();
+                    bais = new java.io.ByteArrayInputStream(bytes);
+                    gzis = new java.util.zip.GZIPInputStream(bais);
+
+                    while ((length = gzis.read(buffer)) >= 0)
+                        baos.write(buffer, 0, length);
+
+                    // No error? Get new bytes.
+                    bytes = baos.toByteArray();
+
+                } // end try
+                catch (java.io.IOException e) {
+                    // Just return originally-decoded bytes
+                } // end catch
+                finally {
+                    try {
+                        baos.close();
+                    } catch (Exception e) {
+                    }
+                    try {
+                        gzis.close();
+                    } catch (Exception e) {
+                    }
+                    try {
+                        bais.close();
+                    } catch (Exception e) {
+                    }
+                } // end finally
+
+            } // end if: gzipped
+        } // end if: bytes.length >= 2
+
+        return bytes;
+    } // end decode
+
+    /**
+     * Reads <tt>infile</tt> and decodes it to <tt>outfile</tt>.
+     *
+     * @param infile  Input file
+     * @param outfile Output file
+     *
+     * @throws java.io.IOException if there is an error
+     * @since 2.2
+     */
+    public static void decodeFileToFile(String infile, String outfile) throws java.io.IOException {
+
+        byte[] decoded = Base64.decodeFromFile(infile);
+        java.io.OutputStream out = null;
+        try {
+            out = new java.io.BufferedOutputStream(new java.io.FileOutputStream(outfile));
+            out.write(decoded);
+        } // end try
+        catch (java.io.IOException e) {
+            throw e; // Catch and release to execute finally{}
+        } // end catch
+        finally {
+            try {
+                out.close();
+            } catch (Exception ex) {
+            }
+        } // end finally
+    } // end decodeFileToFile
+
+    /**
+     * Convenience method for reading a base64-encoded file and decoding it. <p/> <p> As of v 2.3, if there is a error,
+     * the method will throw an java.io.IOException. <b>This is new to v2.3!</b> In earlier versions, it just returned
+     * false, but in retrospect that's a pretty poor way to next it. </p>
+     *
+     * @param filename Filename for reading encoded data
+     *
+     * @return decoded byte array
+     *
+     * @throws java.io.IOException if there is an error
+     * @since 2.1
+     */
+    public static byte[] decodeFromFile(String filename) throws java.io.IOException {
+
+        byte[] decodedData = null;
+        Base64.InputStream bis = null;
+        try {
+            // Set up some useful variables
+            java.io.File file = new java.io.File(filename);
+            byte[] buffer = null;
+            int length = 0;
+            int numBytes = 0;
+
+            // Check for size of file
+            if (file.length() > Integer.MAX_VALUE)
+                throw new java.io.IOException("File is too big for this convenience method (" + file.length()
+                        + " bytes).");
+            buffer = new byte[(int) file.length()];
+
+            // Open a stream
+            bis = new Base64.InputStream(new java.io.BufferedInputStream(new java.io.FileInputStream(file)),
+                    Base64.DECODE);
+
+            // Read until done
+            while ((numBytes = bis.read(buffer, length, 4096)) >= 0)
+                length += numBytes;
+
+            // Save in a variable to return
+            decodedData = new byte[length];
+            System.arraycopy(buffer, 0, decodedData, 0, length);
+
+        } // end try
+        catch (java.io.IOException e) {
+            throw e; // Catch and release to execute finally{}
+        } // end catch: java.io.IOException
+        finally {
+            try {
+                bis.close();
+            } catch (Exception e) {
+            }
+        } // end finally
+
+        return decodedData;
+    } // end decodeFromFile
+
+    /**
+     * Convenience method for decoding data to a file. <p/> <p> As of v 2.3, if there is a error, the method will throw
+     * an java.io.IOException. <b>This is new to v2.3!</b> In earlier versions, it just returned false, but in
+     * retrospect that's a pretty poor way to next it. </p>
+     *
+     * @param dataToDecode Base64-encoded data as a string
+     * @param filename     Filename for saving decoded data
+     *
+     * @throws java.io.IOException if there is an error
+     * @since 2.1
+     */
+    public static void decodeToFile(String dataToDecode, String filename) throws java.io.IOException {
+
+        Base64.OutputStream bos = null;
+        try {
+            bos = new Base64.OutputStream(new java.io.FileOutputStream(filename), Base64.DECODE);
+            bos.write(dataToDecode.getBytes(PREFERRED_ENCODING));
+        } // end try
+        catch (java.io.IOException e) {
+            throw e; // Catch and throw to execute finally{} block
+        } // end catch: java.io.IOException
+        finally {
+            try {
+                bos.close();
+            } catch (Exception e) {
+            }
+        } // end finally
+
+    } // end decodeToFile
+
+    /**
+     * Attempts to decode Base64 data and deserialize a Java Object within. Returns <tt>null</tt> if there was an
+     * error.
+     *
+     * @param encodedObject The Base64 data to decode
+     *
+     * @return The decoded and deserialized object
+     *
+     * @throws NullPointerException   if encodedObject is null
+     * @throws java.io.IOException    if there is a general error
+     * @throws ClassNotFoundException if the decoded object is of a class that cannot be found by the JVM
+     * @since 1.5
+     */
+    public static Object decodeToObject(String encodedObject) throws java.io.IOException,
+            java.lang.ClassNotFoundException {
+
+        // Decode and gunzip if necessary
+        byte[] objBytes = decode(encodedObject);
+
+        java.io.ByteArrayInputStream bais = null;
+        java.io.ObjectInputStream ois = null;
+        Object obj = null;
+
+        try {
+            bais = new java.io.ByteArrayInputStream(objBytes);
+            ois = new java.io.ObjectInputStream(bais);
+
+            obj = ois.readObject();
+        } // end try
+        catch (java.io.IOException e) {
+            throw e; // Catch and throw in order to execute finally{}
+        } // end catch
+        catch (java.lang.ClassNotFoundException e) {
+            throw e; // Catch and throw in order to execute finally{}
+        } // end catch
+        finally {
+            try {
+                bais.close();
+            } catch (Exception e) {
+            }
+            try {
+                ois.close();
+            } catch (Exception e) {
+            }
+        } // end finally
+
+        return obj;
+    } // end decodeObject
+
+    /**
+     * Performs Base64 encoding on the <code>raw</code> ByteBuffer, writing it to the <code>encoded</code> ByteBuffer.
+     * This is an experimental feature. Currently it does not pass along any options (such as {@link #DO_BREAK_LINES} or
+     * {@link #GZIP}.
+     *
+     * @param raw     input buffer
+     * @param encoded output buffer
+     *
+     * @since 2.3
+     */
+    public static void encode(java.nio.ByteBuffer raw, java.nio.ByteBuffer encoded) {
+        byte[] raw3 = new byte[3];
+        byte[] enc4 = new byte[4];
+
+        while (raw.hasRemaining()) {
+            int rem = Math.min(3, raw.remaining());
+            raw.get(raw3, 0, rem);
+            Base64.encode3to4(enc4, raw3, rem, Base64.NO_OPTIONS);
+            encoded.put(enc4);
+        } // end input remaining
+    }
+
+    /**
+     * Performs Base64 encoding on the <code>raw</code> ByteBuffer, writing it to the <code>encoded</code> CharBuffer.
+     * This is an experimental feature. Currently it does not pass along any options (such as {@link #DO_BREAK_LINES} or
+     * {@link #GZIP}.
+     *
+     * @param raw     input buffer
+     * @param encoded output buffer
+     *
+     * @since 2.3
+     */
+    public static void encode(java.nio.ByteBuffer raw, java.nio.CharBuffer encoded) {
+        byte[] raw3 = new byte[3];
+        byte[] enc4 = new byte[4];
+
+        while (raw.hasRemaining()) {
+            int rem = Math.min(3, raw.remaining());
+            raw.get(raw3, 0, rem);
+            Base64.encode3to4(enc4, raw3, rem, Base64.NO_OPTIONS);
+            for (int i = 0; i < 4; i++)
+                encoded.put((char) (enc4[i] & 0xFF));
+        } // end input remaining
+    }
+
+    /**
+     * Encodes a byte array into Base64 notation. Does not GZip-compress data.
+     *
+     * @param source The data to convert
+     *
+     * @return The data in Base64-encoded form
+     *
+     * @throws NullPointerException if source array is null
+     * @since 1.4
+     */
+    public static String encodeBytes(byte[] source) {
+        // Since we're not going to have the GZIP encoding turned on,
+        // we're not going to have an java.io.IOException thrown, so
+        // we should not force the user to have to catch it.
+        String encoded = null;
+        try {
+            encoded = encodeBytes(source, 0, source.length, NO_OPTIONS);
+        } catch (java.io.IOException ex) {
+            assert false : ex.getMessage();
+        } // end catch
+        assert encoded != null;
+        return encoded;
+    } // end encodeBytes
+
+    /**
+     * Encodes a byte array into Base64 notation. <p> Example options: <p/>
+     * <pre>
+     *   GZIP: gzip-compresses object before encoding it.
+     *   DO_BREAK_LINES: break lines at 76 characters
+     *     &lt;i&gt;Note: Technically, this makes your encoding non-compliant.&lt;/i&gt;
+     * </pre>
+     * <p> Example: <code>encodeBytes( myData, Base64.GZIP )</code> or <p> Example: <code>encodeBytes( myData,
+     * Base64.GZIP | Base64.DO_BREAK_LINES )</code> <p/> <p/> <p> As of v 2.3, if there is an error with the GZIP
+     * stream, the method will throw an java.io.IOException. <b>This is new to v2.3!</b> In earlier versions, it just
+     * returned a null value, but in retrospect that's a pretty poor way to next it. </p>
+     *
+     * @param source  The data to convert
+     * @param options Specified options
+     *
+     * @return The Base64-encoded data as a String
+     *
+     * @throws java.io.IOException  if there is an error
+     * @throws NullPointerException if source array is null
+     * @see Base64#GZIP
+     * @see Base64#DO_BREAK_LINES
+     * @since 2.0
+     */
+    public static String encodeBytes(byte[] source, int options) throws java.io.IOException {
+        return encodeBytes(source, 0, source.length, options);
+    } // end encodeBytes
+
+    /**
+     * Encodes a byte array into Base64 notation. Does not GZip-compress data. <p/> <p> As of v 2.3, if there is an
+     * error, the method will throw an java.io.IOException. <b>This is new to v2.3!</b> In earlier versions, it just
+     * returned a null value, but in retrospect that's a pretty poor way to next it. </p>
+     *
+     * @param source The data to convert
+     * @param off    Offset in array where conversion should begin
+     * @param len    Length of data to convert
+     *
+     * @return The Base64-encoded data as a String
+     *
+     * @throws NullPointerException     if source array is null
+     * @throws IllegalArgumentException if source array, offset, or length are invalid
+     * @since 1.4
+     */
+    public static String encodeBytes(byte[] source, int off, int len) {
+        // Since we're not going to have the GZIP encoding turned on,
+        // we're not going to have an java.io.IOException thrown, so
+        // we should not force the user to have to catch it.
+        String encoded = null;
+        try {
+            encoded = encodeBytes(source, off, len, NO_OPTIONS);
+        } catch (java.io.IOException ex) {
+            assert false : ex.getMessage();
+        } // end catch
+        assert encoded != null;
+        return encoded;
+    } // end encodeBytes
+
+    /**
+     * Encodes a byte array into Base64 notation. <p> Example options: <p/>
+     * <pre>
+     *   GZIP: gzip-compresses object before encoding it.
+     *   DO_BREAK_LINES: break lines at 76 characters
+     *     &lt;i&gt;Note: Technically, this makes your encoding non-compliant.&lt;/i&gt;
+     * </pre>
+     * <p> Example: <code>encodeBytes( myData, Base64.GZIP )</code> or <p> Example: <code>encodeBytes( myData,
+     * Base64.GZIP | Base64.DO_BREAK_LINES )</code> <p/> <p/> <p> As of v 2.3, if there is an error with the GZIP
+     * stream, the method will throw an java.io.IOException. <b>This is new to v2.3!</b> In earlier versions, it just
+     * returned a null value, but in retrospect that's a pretty poor way to next it. </p>
+     *
+     * @param source  The data to convert
+     * @param off     Offset in array where conversion should begin
+     * @param len     Length of data to convert
+     * @param options Specified options
+     *
+     * @return The Base64-encoded data as a String
+     *
+     * @throws java.io.IOException      if there is an error
+     * @throws NullPointerException     if source array is null
+     * @throws IllegalArgumentException if source array, offset, or length are invalid
+     * @see Base64#GZIP
+     * @see Base64#DO_BREAK_LINES
+     * @since 2.0
+     */
+    public static String encodeBytes(byte[] source, int off, int len, int options) throws java.io.IOException {
+        byte[] encoded = encodeBytesToBytes(source, off, len, options);
+
+        // Return value according to relevant encoding.
+        try {
+            return new String(encoded, PREFERRED_ENCODING);
+        } // end try
+        catch (java.io.UnsupportedEncodingException uue) {
+            return new String(encoded);
+        } // end catch
+
+    } // end encodeBytes
+
+    /**
+     * Similar to {@link #encodeBytes(byte[])} but returns a byte array instead of instantiating a String. This is more
+     * efficient if you're working with I/O streams and have large data sets to encode.
+     *
+     * @param source The data to convert
+     *
+     * @return The Base64-encoded data as a byte[] (of ASCII characters)
+     *
+     * @throws NullPointerException if source array is null
+     * @since 2.3.1
+     */
+    public static byte[] encodeBytesToBytes(byte[] source) {
+        byte[] encoded = null;
+        try {
+            encoded = encodeBytesToBytes(source, 0, source.length, Base64.NO_OPTIONS);
+        } catch (java.io.IOException ex) {
+            assert false : "IOExceptions only come from GZipping, which is turned off: " + ex.getMessage();
+        }
+        return encoded;
+    }
+
+    /**
+     * Similar to {@link #encodeBytes(byte[], int, int, int)} but returns a byte array instead of instantiating a
+     * String. This is more efficient if you're working with I/O streams and have large data sets to encode.
+     *
+     * @param source  The data to convert
+     * @param off     Offset in array where conversion should begin
+     * @param len     Length of data to convert
+     * @param options Specified options
+     *
+     * @return The Base64-encoded data as a String
+     *
+     * @throws java.io.IOException      if there is an error
+     * @throws NullPointerException     if source array is null
+     * @throws IllegalArgumentException if source array, offset, or length are invalid
+     * @see Base64#GZIP
+     * @see Base64#DO_BREAK_LINES
+     * @since 2.3.1
+     */
+    public static byte[] encodeBytesToBytes(byte[] source, int off, int len, int options) throws java.io.IOException {
+
+        if (source == null)
+            throw new NullPointerException("Cannot serialize a null array.");
+
+        if (off < 0)
+            throw new IllegalArgumentException("Cannot have negative offset: " + off);
+
+        if (len < 0)
+            throw new IllegalArgumentException("Cannot have length offset: " + len);
+
+        if (off + len > source.length)
+            throw new IllegalArgumentException(String.format(
+                    "Cannot have offset of %d and length of %d with array of length %d", off, len, source.length));
+
+        // Compress?
+        if ((options & GZIP) > 0) {
+            java.io.ByteArrayOutputStream baos = null;
+            java.util.zip.GZIPOutputStream gzos = null;
+            Base64.OutputStream b64os = null;
+
+            try {
+                // GZip -> Base64 -> ByteArray
+                baos = new java.io.ByteArrayOutputStream();
+                b64os = new Base64.OutputStream(baos, ENCODE | options);
+                gzos = new java.util.zip.GZIPOutputStream(b64os);
+
+                gzos.write(source, off, len);
+                gzos.close();
+            } // end try
+            catch (java.io.IOException e) {
+                // Catch it and then throw it immediately so that
+                // the finally{} block is called for cleanup.
+                throw e;
+            } // end catch
+            finally {
+                try {
+                    gzos.close();
+                } catch (Exception e) {
+                }
+                try {
+                    b64os.close();
+                } catch (Exception e) {
+                }
+                try {
+                    baos.close();
+                } catch (Exception e) {
+                }
+            } // end finally
+
+            return baos.toByteArray();
+        } // end if: compress
+
+        // Else, don't compress. Better not to use streams at all then.
+        else {
+            boolean breakLines = (options & DO_BREAK_LINES) > 0;
+
+            // int len43 = len * 4 / 3;
+            // byte[] outBuff = new byte[ ( len43 ) // Main 4:3
+            // + ( (len % 3) > 0 ? 4 : 0 ) // Account for padding
+            // + (breakLines ? ( len43 / MAX_LINE_LENGTH ) : 0) ]; // New lines
+            // Try to determine more precisely how big the array needs to be.
+            // If we get it right, we don't have to do an array copy, and
+            // we save a bunch of memory.
+            int encLen = len / 3 * 4 + (len % 3 > 0 ? 4 : 0); // Bytes needed for actual encoding
+            if (breakLines)
+                encLen += encLen / MAX_LINE_LENGTH; // Plus extra newline characters
+            byte[] outBuff = new byte[encLen];
+
+            int d = 0;
+            int e = 0;
+            int len2 = len - 2;
+            int lineLength = 0;
+            for (; d < len2; d += 3, e += 4) {
+                encode3to4(source, d + off, 3, outBuff, e, options);
+
+                lineLength += 4;
+                if (breakLines && lineLength >= MAX_LINE_LENGTH) {
+                    outBuff[e + 4] = NEW_LINE;
+                    e++;
+                    lineLength = 0;
+                } // end if: end of line
+            } // en dfor: each piece of array
+
+            if (d < len) {
+                encode3to4(source, d + off, len - d, outBuff, e, options);
+                e += 4;
+            } // end if: some padding needed
+
+            // Only resize array if we didn't guess it right.
+            if (e < outBuff.length - 1) {
+                byte[] finalOut = new byte[e];
+                System.arraycopy(outBuff, 0, finalOut, 0, e);
+                // System.err.println("Having to resize array from " + outBuff.length + " to " + e
+                // );
+                return finalOut;
+            } else
+                // System.err.println("No need to resize array.");
+                return outBuff;
+
+        } // end else: don't compress
+
+    } // end encodeBytesToBytes
+
+    /**
+     * Reads <tt>infile</tt> and encodes it to <tt>outfile</tt>.
+     *
+     * @param infile  Input file
+     * @param outfile Output file
+     *
+     * @throws java.io.IOException if there is an error
+     * @since 2.2
+     */
+    public static void encodeFileToFile(String infile, String outfile) throws java.io.IOException {
+
+        String encoded = Base64.encodeFromFile(infile);
+        java.io.OutputStream out = null;
+        try {
+            out = new java.io.BufferedOutputStream(new java.io.FileOutputStream(outfile));
+            out.write(encoded.getBytes("US-ASCII")); // Strict, 7-bit output.
+        } // end try
+        catch (java.io.IOException e) {
+            throw e; // Catch and release to execute finally{}
+        } // end catch
+        finally {
+            try {
+                out.close();
+            } catch (Exception ex) {
+            }
+        } // end finally
+    } // end encodeFileToFile
+
+    /**
+     * Convenience method for reading a binary file and base64-encoding it. <p/> <p> As of v 2.3, if there is a error,
+     * the method will throw an java.io.IOException. <b>This is new to v2.3!</b> In earlier versions, it just returned
+     * false, but in retrospect that's a pretty poor way to next it. </p>
+     *
+     * @param filename Filename for reading binary data
+     *
+     * @return base64-encoded string
+     *
+     * @throws java.io.IOException if there is an error
+     * @since 2.1
+     */
+    public static String encodeFromFile(String filename) throws java.io.IOException {
+
+        String encodedData = null;
+        Base64.InputStream bis = null;
+        try {
+            // Set up some useful variables
+            java.io.File file = new java.io.File(filename);
+            byte[] buffer = new byte[Math.max((int) (file.length() * 1.4), 40)]; // Need max() for
+            // math on small
+            // files (v2.2.1)
+            int length = 0;
+            int numBytes = 0;
+
+            // Open a stream
+            bis = new Base64.InputStream(new java.io.BufferedInputStream(new java.io.FileInputStream(file)),
+                    Base64.ENCODE);
+
+            // Read until done
+            while ((numBytes = bis.read(buffer, length, 4096)) >= 0)
+                length += numBytes;
+
+            // Save in a variable to return
+            encodedData = new String(buffer, 0, length, Base64.PREFERRED_ENCODING);
+
+        } // end try
+        catch (java.io.IOException e) {
+            throw e; // Catch and release to execute finally{}
+        } // end catch: java.io.IOException
+        finally {
+            try {
+                bis.close();
+            } catch (Exception e) {
+            }
+        } // end finally
+
+        return encodedData;
+    } // end encodeFromFile
+
+    /**
+     * Serializes an object and returns the Base64-encoded version of that serialized object. <p/> <p> As of v 2.3, if
+     * the object cannot be serialized or there is another error, the method will throw an java.io.IOException. <b>This
+     * is new to v2.3!</b> In earlier versions, it just returned a null value, but in retrospect that's a pretty poor
+     * way to next it. </p>
+     * <p/>
+     * The object is not GZip-compressed before being encoded.
+     *
+     * @param serializableObject The object to encode
+     *
+     * @return The Base64-encoded object
+     *
+     * @throws java.io.IOException  if there is an error
+     * @throws NullPointerException if serializedObject is null
+     * @since 1.4
+     */
+    public static String encodeObject(java.io.Serializable serializableObject) throws java.io.IOException {
+        return encodeObject(serializableObject, NO_OPTIONS);
+    } // end encodeObject
+
+    /**
+     * Serializes an object and returns the Base64-encoded version of that serialized object. <p/> <p> As of v 2.3, if
+     * the object cannot be serialized or there is another error, the method will throw an java.io.IOException. <b>This
+     * is new to v2.3!</b> In earlier versions, it just returned a null value, but in retrospect that's a pretty poor
+     * way to next it. </p>
+     * <p/>
+     * The object is not GZip-compressed before being encoded.
+     * <p/>
+     * Example options:
+     * <p/>
+     * <pre>
+     *   GZIP: gzip-compresses object before encoding it.
+     *   DO_BREAK_LINES: break lines at 76 characters
+     * </pre>
+     * <p/>
+     * Example: <code>encodeObject( myObj, Base64.GZIP )</code> or
+     * <p/>
+     * Example: <code>encodeObject( myObj, Base64.GZIP | Base64.DO_BREAK_LINES )</code>
+     *
+     * @param serializableObject The object to encode
+     * @param options            Specified options
+     *
+     * @return The Base64-encoded object
+     *
+     * @throws java.io.IOException if there is an error
+     * @see Base64#GZIP
+     * @see Base64#DO_BREAK_LINES
+     * @since 2.0
+     */
+    public static String encodeObject(java.io.Serializable serializableObject, int options) throws java.io.IOException {
+
+        if (serializableObject == null)
+            throw new NullPointerException("Cannot serialize a null object.");
+
+        // Streams
+        java.io.ByteArrayOutputStream baos = null;
+        java.io.OutputStream b64os = null;
+        java.io.ObjectOutputStream oos = null;
+
+        try {
+            // ObjectOutputStream -> (GZIP) -> Base64 -> ByteArrayOutputStream
+            // Note that the optional GZIPping is handled by Base64.OutputStream.
+            baos = new java.io.ByteArrayOutputStream();
+            b64os = new Base64.OutputStream(baos, ENCODE | options);
+            oos = new java.io.ObjectOutputStream(b64os);
+            oos.writeObject(serializableObject);
+        } // end try
+        catch (java.io.IOException e) {
+            // Catch it and then throw it immediately so that
+            // the finally{} block is called for cleanup.
+            throw e;
+        } // end catch
+        finally {
+            try {
+                oos.close();
+            } catch (Exception e) {
+            }
+            try {
+                b64os.close();
+            } catch (Exception e) {
+            }
+            try {
+                baos.close();
+            } catch (Exception e) {
+            }
+        } // end finally
+
+        // Return value according to relevant encoding.
+        try {
+            return new String(baos.toByteArray(), PREFERRED_ENCODING);
+        } // end try
+        catch (java.io.UnsupportedEncodingException uue) {
+            // Fall back to some Java default
+            return new String(baos.toByteArray());
+        } // end catch
+
+    } // end encode
+
+    /**
+     * Convenience method for encoding data to a file. <p/> <p> As of v 2.3, if there is a error, the method will throw
+     * an java.io.IOException. <b>This is new to v2.3!</b> In earlier versions, it just returned false, but in
+     * retrospect that's a pretty poor way to next it. </p>
+     *
+     * @param dataToEncode byte array of data to encode in base64 form
+     * @param filename     Filename for saving encoded data
+     *
+     * @throws java.io.IOException  if there is an error
+     * @throws NullPointerException if dataToEncode is null
+     * @since 2.1
+     */
+    public static void encodeToFile(byte[] dataToEncode, String filename) throws java.io.IOException {
+
+        if (dataToEncode == null)
+            throw new NullPointerException("Data to encode was null.");
+
+        Base64.OutputStream bos = null;
+        try {
+            bos = new Base64.OutputStream(new java.io.FileOutputStream(filename), Base64.ENCODE);
+            bos.write(dataToEncode);
+        } // end try
+        catch (java.io.IOException e) {
+            throw e; // Catch and throw to execute finally{} block
+        } // end catch: java.io.IOException
+        finally {
+            try {
+                bos.close();
+            } catch (Exception e) {
+            }
+        } // end finally
+
+    } // end encodeToFile
+
+    /**
+     * Decodes four bytes from array <var>source</var> and writes the resulting bytes (up to three of them) to
+     * <var>destination</var>. The source and destination arrays can be manipulated anywhere along their length by
+     * specifying <var>srcOffset</var> and <var>destOffset</var>. This method does not check to make sure your arrays
+     * are large enough to accomodate <var>srcOffset</var> + 4 for the <var>source</var> array or <var>destOffset</var>
+     * + 3 for the <var>destination</var> array. This method returns the actual number of bytes that were converted from
+     * the Base64 encoding. <p> This is the lowest level of the decoding method with all possible parameters. </p>
+     *
+     * @param source      the array to convert
+     * @param srcOffset   the index where conversion begins
+     * @param destination the array to hold the conversion
+     * @param destOffset  the index where output will be put
+     * @param options     alphabet type is pulled from this (standard, url-safe, ordered)
+     *
+     * @return the number of decoded bytes converted
+     *
+     * @throws NullPointerException     if source or destination arrays are null
+     * @throws IllegalArgumentException if srcOffset or destOffset are invalid or there is not enough room in the
+     *                                  array.
+     * @since 1.3
+     */
+    private static int decode4to3(byte[] source, int srcOffset, byte[] destination, int destOffset, int options) {
+
+        // Lots of error checking and exception throwing
+        if (source == null)
+            throw new NullPointerException("Source array was null.");
+        if (destination == null)
+            throw new NullPointerException("Destination array was null.");
+        if (srcOffset < 0 || srcOffset + 3 >= source.length)
+            throw new IllegalArgumentException(String.format(
+                    "Source array with length %d cannot have offset of %d and still process four bytes.",
+                    source.length, srcOffset));
+        if (destOffset < 0 || destOffset + 2 >= destination.length)
+            throw new IllegalArgumentException(String.format(
+                    "Destination array with length %d cannot have offset of %d and still store three bytes.",
+                    destination.length, destOffset));
+
+        byte[] DECODABET = getDecodabet(options);
+
+        // Example: Dk==
+        if (source[srcOffset + 2] == EQUALS_SIGN) {
+            // Two ways to do the same thing. Don't know which way I like best.
+            // int outBuff = ( ( DECODABET[ source[ srcOffset ] ] << 24 ) >>> 6 )
+            // | ( ( DECODABET[ source[ srcOffset + 1] ] << 24 ) >>> 12 );
+            int outBuff = (DECODABET[source[srcOffset]] & 0xFF) << 18 | (DECODABET[source[srcOffset + 1]] & 0xFF) << 12;
+
+            destination[destOffset] = (byte) (outBuff >>> 16);
+            return 1;
+        }
+
+        // Example: DkL=
+        else if (source[srcOffset + 3] == EQUALS_SIGN) {
+            // Two ways to do the same thing. Don't know which way I like best.
+            // int outBuff = ( ( DECODABET[ source[ srcOffset ] ] << 24 ) >>> 6 )
+            // | ( ( DECODABET[ source[ srcOffset + 1 ] ] << 24 ) >>> 12 )
+            // | ( ( DECODABET[ source[ srcOffset + 2 ] ] << 24 ) >>> 18 );
+            int outBuff = (DECODABET[source[srcOffset]] & 0xFF) << 18 | (DECODABET[source[srcOffset + 1]] & 0xFF) << 12
+                    | (DECODABET[source[srcOffset + 2]] & 0xFF) << 6;
+
+            destination[destOffset] = (byte) (outBuff >>> 16);
+            destination[destOffset + 1] = (byte) (outBuff >>> 8);
+            return 2;
+        }
+
+        // Example: DkLE
+        else {
+            // Two ways to do the same thing. Don't know which way I like best.
+            // int outBuff = ( ( DECODABET[ source[ srcOffset ] ] << 24 ) >>> 6 )
+            // | ( ( DECODABET[ source[ srcOffset + 1 ] ] << 24 ) >>> 12 )
+            // | ( ( DECODABET[ source[ srcOffset + 2 ] ] << 24 ) >>> 18 )
+            // | ( ( DECODABET[ source[ srcOffset + 3 ] ] << 24 ) >>> 24 );
+            int outBuff = (DECODABET[source[srcOffset]] & 0xFF) << 18 | (DECODABET[source[srcOffset + 1]] & 0xFF) << 12
+                    | (DECODABET[source[srcOffset + 2]] & 0xFF) << 6 | DECODABET[source[srcOffset + 3]] & 0xFF;
+
+            destination[destOffset] = (byte) (outBuff >> 16);
+            destination[destOffset + 1] = (byte) (outBuff >> 8);
+            destination[destOffset + 2] = (byte) outBuff;
+
+            return 3;
+        }
+    } // end decodeToBytes
+
+    /**
+     * Encodes up to the first three bytes of array <var>threeBytes</var> and returns a four-byte array in Base64
+     * notation. The actual number of significant bytes in your array is given by <var>numSigBytes</var>. The array
+     * <var>threeBytes</var> needs only be as big as <var>numSigBytes</var>. Code can reuse a byte array by passing a
+     * four-byte array as <var>b4</var>.
+     *
+     * @param b4          A reusable byte array to reduce array instantiation
+     * @param threeBytes  the array to convert
+     * @param numSigBytes the number of significant bytes in your array
+     *
+     * @return four byte array in Base64 notation.
+     *
+     * @since 1.5.1
+     */
+    private static byte[] encode3to4(byte[] b4, byte[] threeBytes, int numSigBytes, int options) {
+        encode3to4(threeBytes, 0, numSigBytes, b4, 0, options);
+        return b4;
+    } // end encode3to4
+
+    /**
+     * <p> Encodes up to three bytes of the array <var>source</var> and writes the resulting four Base64 bytes to
+     * <var>destination</var>. The source and destination arrays can be manipulated anywhere along their length by
+     * specifying <var>srcOffset</var> and <var>destOffset</var>. This method does not check to make sure your arrays
+     * are large enough to accomodate <var>srcOffset</var> + 3 for the <var>source</var> array or <var>destOffset</var>
+     * + 4 for the <var>destination</var> array. The actual number of significant bytes in your array is given by
+     * <var>numSigBytes</var>. </p> <p> This is the lowest level of the encoding method with all possible parameters.
+     * </p>
+     *
+     * @param source      the array to convert
+     * @param srcOffset   the index where conversion begins
+     * @param numSigBytes the number of significant bytes in your array
+     * @param destination the array to hold the conversion
+     * @param destOffset  the index where output will be put
+     *
+     * @return the <var>destination</var> array
+     *
+     * @since 1.3
+     */
+    private static byte[] encode3to4(byte[] source, int srcOffset, int numSigBytes, byte[] destination, int destOffset,
+                                     int options) {
+
+        byte[] ALPHABET = getAlphabet(options);
+
+        // 1 2 3
+        // 01234567890123456789012345678901 Bit position
+        // --------000000001111111122222222 Array position from threeBytes
+        // --------| || || || | Six bit groups to index ALPHABET
+        // >>18 >>12 >> 6 >> 0 Right shift necessary
+        // 0x3f 0x3f 0x3f Additional AND
+
+        // Create buffer with zero-padding if there are only one or two
+        // significant bytes passed in the array.
+        // We have to shift left 24 in order to flush out the 1's that appear
+        // when Java treats a value as negative that is cast from a byte to an int.
+        int inBuff = (numSigBytes > 0 ? source[srcOffset] << 24 >>> 8 : 0)
+                | (numSigBytes > 1 ? source[srcOffset + 1] << 24 >>> 16 : 0)
+                | (numSigBytes > 2 ? source[srcOffset + 2] << 24 >>> 24 : 0);
+
+        switch (numSigBytes) {
+            case 3:
+                destination[destOffset] = ALPHABET[(inBuff >>> 18)];
+                destination[destOffset + 1] = ALPHABET[inBuff >>> 12 & 0x3f];
+                destination[destOffset + 2] = ALPHABET[inBuff >>> 6 & 0x3f];
+                destination[destOffset + 3] = ALPHABET[inBuff & 0x3f];
+                return destination;
+
+            case 2:
+                destination[destOffset] = ALPHABET[(inBuff >>> 18)];
+                destination[destOffset + 1] = ALPHABET[inBuff >>> 12 & 0x3f];
+                destination[destOffset + 2] = ALPHABET[inBuff >>> 6 & 0x3f];
+                destination[destOffset + 3] = EQUALS_SIGN;
+                return destination;
+
+            case 1:
+                destination[destOffset] = ALPHABET[(inBuff >>> 18)];
+                destination[destOffset + 1] = ALPHABET[inBuff >>> 12 & 0x3f];
+                destination[destOffset + 2] = EQUALS_SIGN;
+                destination[destOffset + 3] = EQUALS_SIGN;
+                return destination;
+
+            default:
+                return destination;
+        } // end switch
+    } // end encode3to4
+
+    /**
+     * Returns one of the _SOMETHING_ALPHABET byte arrays depending on the options specified. It's possible, though
+     * silly, to specify ORDERED <b>and</b> URLSAFE in which case one of them will be picked, though there is no
+     * guarantee as to which one will be picked.
+     */
+    private static byte[] getAlphabet(int options) {
+        if ((options & URL_SAFE) == URL_SAFE)
+            return _URL_SAFE_ALPHABET;
+        else if ((options & ORDERED) == ORDERED)
+            return _ORDERED_ALPHABET;
+        else
+            return _STANDARD_ALPHABET;
+    } // end getAlphabet
+
+    /**
+     * Returns one of the _SOMETHING_DECODABET byte arrays depending on the options specified. It's possible, though
+     * silly, to specify ORDERED and URL_SAFE in which case one of them will be picked, though there is no guarantee as
+     * to which one will be picked.
+     */
+    private static byte[] getDecodabet(int options) {
+        if ((options & URL_SAFE) == URL_SAFE)
+            return _URL_SAFE_DECODABET;
+        else if ((options & ORDERED) == ORDERED)
+            return _ORDERED_DECODABET;
+        else
+            return _STANDARD_DECODABET;
+    } // end getAlphabet
+
+    /** Defeats instantiation. */
+    private Base64() {
+    }
+
+} // end class Base64
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/common/Buffer.java b/src/main/java/net/schmizz/sshj/common/Buffer.java
new file mode 100644
index 00000000..3dfc3970
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/common/Buffer.java
@@ -0,0 +1,531 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.common;
+
+import java.io.UnsupportedEncodingException;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
+import java.security.PublicKey;
+import java.security.interfaces.DSAPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.DSAPublicKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+import java.util.Arrays;
+
+public class Buffer<T extends Buffer<T>> {
+
+    public static class BufferException extends SSHRuntimeException {
+        public BufferException(String message) {
+            super(message);
+        }
+    }
+
+    /** The default size for a {@code Buffer} (256 bytes) */
+    public static final int DEFAULT_SIZE = 256;
+
+    protected static int getNextPowerOf2(int i) {
+        int j = 1;
+        while (j < i)
+            j <<= 1;
+        return j;
+    }
+
+    protected byte[] data;
+    protected int rpos;
+    protected int wpos;
+
+    /** @see {@link #DEFAULT_SIZE} */
+    public Buffer() {
+        this(DEFAULT_SIZE);
+    }
+
+    public Buffer(Buffer<?> from) {
+        data = new byte[(wpos = from.wpos - from.rpos)];
+        System.arraycopy(from.data, from.rpos, data, 0, wpos);
+    }
+
+    public Buffer(byte[] data) {
+        this(data, true);
+    }
+
+    public Buffer(int size) {
+        this(new byte[getNextPowerOf2(size)], false);
+    }
+
+    private Buffer(byte[] data, boolean read) {
+        this.data = data;
+        rpos = 0;
+        wpos = read ? data.length : 0;
+    }
+
+    public byte[] array() {
+        return data;
+    }
+
+    public int available() {
+        return wpos - rpos;
+    }
+
+    /** Resets this buffer. The object becomes ready for reuse. */
+    public void clear() {
+        rpos = 0;
+        wpos = 0;
+    }
+
+    public int rpos() {
+        return rpos;
+    }
+
+    public void rpos(int rpos) {
+        this.rpos = rpos;
+    }
+
+    public int wpos() {
+        return wpos;
+    }
+
+    public void wpos(int wpos) {
+        ensureCapacity(wpos - this.wpos);
+        this.wpos = wpos;
+    }
+
+    protected void ensureAvailable(int a) {
+        if (available() < a)
+            throw new BufferException("Underflow");
+    }
+
+    public void ensureCapacity(int capacity) {
+        if (data.length - wpos < capacity) {
+            int cw = wpos + capacity;
+            byte[] tmp = new byte[getNextPowerOf2(cw)];
+            System.arraycopy(data, 0, tmp, 0, data.length);
+            data = tmp;
+        }
+    }
+
+    /** Compact this {@link SSHPacket} */
+    public void compact() {
+        System.err.println("COMPACTING");
+        if (available() > 0)
+            System.arraycopy(data, rpos, data, 0, wpos - rpos);
+        wpos -= rpos;
+        rpos = 0;
+    }
+
+    public byte[] getCompactData() {
+        final int len = available();
+        if (len > 0) {
+            byte[] b = new byte[len];
+            System.arraycopy(data, rpos, b, 0, len);
+            return b;
+        } else
+            return new byte[0];
+    }
+
+    /**
+     * Read an SSH boolean byte
+     *
+     * @return the {@code true} or {@code false} value read
+     */
+    public boolean readBoolean() {
+        return readByte() != 0;
+    }
+
+    /**
+     * Puts an SSH boolean value
+     *
+     * @param b the value
+     *
+     * @return this
+     */
+    public T putBoolean(boolean b) {
+        return putByte(b ? (byte) 1 : (byte) 0);
+    }
+
+    /**
+     * Read a byte from the buffer
+     *
+     * @return the byte read
+     */
+    public byte readByte() {
+        ensureAvailable(1);
+        return data[rpos++];
+    }
+
+    /**
+     * Writes a single byte into this buffer
+     *
+     * @param b
+     *
+     * @return this
+     */
+    @SuppressWarnings("unchecked")
+    public T putByte(byte b) {
+        ensureCapacity(1);
+        data[wpos++] = b;
+        return (T) this;
+    }
+
+    /**
+     * Read an SSH byte-array
+     *
+     * @return the byte-array read
+     */
+    public byte[] readBytes() {
+        int len = readInt();
+        if (len < 0 || len > 32768)
+            throw new BufferException("Bad item length: " + len);
+        byte[] b = new byte[len];
+        readRawBytes(b);
+        return b;
+    }
+
+    /**
+     * Writes Java byte-array as an SSH byte-array
+     *
+     * @param b Java byte-array
+     *
+     * @return this
+     */
+    public T putBytes(byte[] b) {
+        return putBytes(b, 0, b.length);
+    }
+
+    /**
+     * Writes Java byte-array as an SSH byte-array
+     *
+     * @param b   Java byte-array
+     * @param off offset
+     * @param len length
+     *
+     * @return this
+     */
+    public T putBytes(byte[] b, int off, int len) {
+        return putInt(len - off).putRawBytes(b, off, len);
+    }
+
+    public void readRawBytes(byte[] buf) {
+        readRawBytes(buf, 0, buf.length);
+    }
+
+    public void readRawBytes(byte[] buf, int off, int len) {
+        ensureAvailable(len);
+        System.arraycopy(data, rpos, buf, off, len);
+        rpos += len;
+    }
+
+    public T putRawBytes(byte[] d) {
+        return putRawBytes(d, 0, d.length);
+    }
+
+    @SuppressWarnings("unchecked")
+    public T putRawBytes(byte[] d, int off, int len) {
+        ensureCapacity(len);
+        System.arraycopy(d, off, data, wpos, len);
+        wpos += len;
+        return (T) this;
+    }
+
+    /**
+     * Copies the contents of provided buffer into this buffer
+     *
+     * @param buffer the {@code Buffer} to copy
+     *
+     * @return this
+     */
+    @SuppressWarnings("unchecked")
+    public T putBuffer(Buffer<? extends Buffer<?>> buffer) {
+        if (buffer != null) {
+            int r = buffer.available();
+            ensureCapacity(r);
+            System.arraycopy(buffer.data, buffer.rpos, data, wpos, r);
+            wpos += r;
+        }
+        return (T) this;
+    }
+
+    public int readInt() {
+        return (int) readLong();
+    }
+
+    public long readLong() {
+        ensureAvailable(4);
+        return data[rpos++] << 24 & 0xff000000L |
+                data[rpos++] << 16 & 0x00ff0000L |
+                data[rpos++] << 8 & 0x0000ff00L |
+                data[rpos++] & 0x000000ffL;
+    }
+
+    /**
+     * Writes a uint32 integer
+     *
+     * @param uint32
+     *
+     * @return this
+     */
+    @SuppressWarnings("unchecked")
+    public T putInt(long uint32) {
+        ensureCapacity(4);
+        if (uint32 < 0 || uint32 > 0xffffffffL)
+            throw new BufferException("Invalid value: " + uint32);
+        data[wpos++] = (byte) (uint32 >> 24);
+        data[wpos++] = (byte) (uint32 >> 16);
+        data[wpos++] = (byte) (uint32 >> 8);
+        data[wpos++] = (byte) uint32;
+        return (T) this;
+    }
+
+    /**
+     * Read an SSH multiple-precision integer
+     *
+     * @return the MP integer as a {@code BigInteger}
+     */
+    public BigInteger readMPInt() {
+        return new BigInteger(readMPIntAsBytes());
+    }
+
+    /**
+     * Writes an SSH multiple-precision integer from a {@code BigInteger}
+     *
+     * @param bi {@code BigInteger} to write
+     *
+     * @return this
+     */
+    public T putMPInt(BigInteger bi) {
+        return putMPInt(bi.toByteArray());
+    }
+
+    /**
+     * Writes an SSH multiple-precision integer from a Java byte-array
+     *
+     * @param foo byte-array
+     *
+     * @return this
+     */
+    public T putMPInt(byte[] foo) {
+        int i = foo.length;
+        if ((foo[0] & 0x80) != 0) {
+            i++;
+            putInt(i);
+            putByte((byte) 0);
+        } else
+            putInt(i);
+        return putRawBytes(foo);
+    }
+
+    public byte[] readMPIntAsBytes() {
+        return readBytes();
+    }
+
+    public long readUINT64() {
+        long uint64 = (readLong() << 32) + (readLong() & 0xffffffffL);
+        if (uint64 < 0)
+            throw new BufferException("Cannot handle values > Long.MAX_VALUE");
+        return uint64;
+    }
+
+    @SuppressWarnings("unchecked")
+    public T putUINT64(long uint64) {
+        if (uint64 < 0)
+            throw new BufferException("Invalid value: " + uint64);
+        data[wpos++] = (byte) (uint64 >> 56);
+        data[wpos++] = (byte) (uint64 >> 48);
+        data[wpos++] = (byte) (uint64 >> 40);
+        data[wpos++] = (byte) (uint64 >> 32);
+        data[wpos++] = (byte) (uint64 >> 24);
+        data[wpos++] = (byte) (uint64 >> 16);
+        data[wpos++] = (byte) (uint64 >> 8);
+        data[wpos++] = (byte) uint64;
+        return (T) this;
+    }
+
+    /**
+     * Reads an SSH string
+     *
+     * @return the string as a Java {@code String}
+     */
+    public String readString() {
+        int len = readInt();
+        if (len < 0 || len > 32768)
+            throw new BufferException("Bad item length: " + len);
+        ensureAvailable(len);
+        String s;
+        try {
+            s = new String(data, rpos, len, "UTF-8");
+        } catch (UnsupportedEncodingException e) {
+            throw new SSHRuntimeException(e);
+        }
+        rpos += len;
+        return s;
+    }
+
+    /**
+     * Reads an SSH string
+     *
+     * @return the string as a byte-array
+     */
+    public byte[] readStringAsBytes() {
+        return readBytes();
+    }
+
+    public T putString(byte[] str) {
+        return putBytes(str);
+    }
+
+    public T putString(byte[] str, int offset, int len) {
+        return putBytes(str, offset, len);
+    }
+
+    public T putString(String string) {
+        try {
+            return putString(string.getBytes("UTF-8"));
+        } catch (UnsupportedEncodingException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+    /**
+     * Writes a char-array as an SSH string and then blanks it out.
+     * <p/>
+     * This is useful when a plaintext password needs to be sent. If {@code passwd} is {@code null}, an empty string is
+     * written.
+     *
+     * @param passwd (null-ok) the password as a character array
+     *
+     * @return this
+     */
+    @SuppressWarnings("unchecked")
+    public T putPassword(char[] passwd) {
+        if (passwd == null)
+            return putString("");
+        putInt(passwd.length);
+        ensureCapacity(passwd.length);
+        for (char c : passwd)
+            data[wpos++] = (byte) c;
+        Arrays.fill(passwd, ' ');
+        return (T) this;
+    }
+
+    public PublicKey readPublicKey() {
+        PublicKey key = null;
+        try {
+            switch (KeyType.fromString(readString())) {
+                case RSA: {
+                    BigInteger e = readMPInt();
+                    BigInteger n = readMPInt();
+                    KeyFactory keyFactory = SecurityUtils.getKeyFactory("RSA");
+                    key = keyFactory.generatePublic(new RSAPublicKeySpec(n, e));
+                    break;
+                }
+                case DSA: {
+                    BigInteger p = readMPInt();
+                    BigInteger q = readMPInt();
+                    BigInteger g = readMPInt();
+                    BigInteger y = readMPInt();
+                    KeyFactory keyFactory = SecurityUtils.getKeyFactory("DSA");
+                    key = keyFactory.generatePublic(new DSAPublicKeySpec(y, p, q, g));
+                    break;
+                }
+                default:
+                    assert false;
+            }
+        } catch (GeneralSecurityException e) {
+            throw new SSHRuntimeException(e);
+        }
+        return key;
+    }
+
+    @SuppressWarnings("unchecked")
+    public T putPublicKey(PublicKey key) {
+        KeyType type = KeyType.fromKey(key);
+        switch (type) {
+            case RSA:
+                putString(type.toString()) // ssh-rsa
+                        .putMPInt(((RSAPublicKey) key).getPublicExponent()) // e
+                        .putMPInt(((RSAPublicKey) key).getModulus()); // n
+                break;
+            case DSA:
+                putString(type.toString()) // ssh-dss
+                        .putMPInt(((DSAPublicKey) key).getParams().getP()) // p
+                        .putMPInt(((DSAPublicKey) key).getParams().getQ()) // q
+                        .putMPInt(((DSAPublicKey) key).getParams().getG()) // g
+                        .putMPInt(((DSAPublicKey) key).getY()); // y
+                break;
+            default:
+                assert false;
+        }
+        return (T) this;
+    }
+
+    public T putSignature(String sigFormat, byte[] sigData) {
+        return putString(new PlainBuffer().putString(sigFormat).putBytes(sigData).getCompactData());
+    }
+
+    /**
+     * Gives a readable snapshot of the buffer in hex. This is useful for debugging.
+     *
+     * @return snapshot of the buffer as a hex string with each octet delimited by a space
+     */
+    public String printHex() {
+        return ByteArrayUtils.printHex(array(), rpos(), available());
+    }
+
+    @Override
+    public String toString() {
+        return "Buffer [rpos=" + rpos + ", wpos=" + wpos + ", size=" + data.length + "]";
+    }
+
+    public static class PlainBuffer extends Buffer<PlainBuffer> {
+
+        public PlainBuffer() {
+            super();
+        }
+
+        public PlainBuffer(Buffer<?> from) {
+            super(from);
+        }
+
+        public PlainBuffer(byte[] b) {
+            super(b);
+        }
+
+        public PlainBuffer(int size) {
+            super(size);
+        }
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/common/ByteArrayUtils.java b/src/main/java/net/schmizz/sshj/common/ByteArrayUtils.java
new file mode 100644
index 00000000..caac6886
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/common/ByteArrayUtils.java
@@ -0,0 +1,146 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.common;
+
+import java.util.Arrays;
+
+/** Utility functions for byte arrays. */
+public class ByteArrayUtils {
+
+    final static char[] digits = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
+
+    /**
+     * Check whether two byte arrays are the equal.
+     *
+     * @param a1
+     * @param a2
+     *
+     * @return <code>true</code> or <code>false</code>
+     */
+    public static boolean equals(byte[] a1, byte[] a2) {
+        return (a1.length != a2.length && equals(a1, 0, a2, 0, a1.length));
+    }
+
+    /**
+     * Check whether some part or whole of two byte arrays is equal, for <code>length</code> bytes starting at some
+     * offset.
+     *
+     * @param a1
+     * @param a1Offset
+     * @param a2
+     * @param a2Offset
+     * @param length
+     *
+     * @return <code>true</code> or <code>false</code>
+     */
+    public static boolean equals(byte[] a1, int a1Offset, byte[] a2, int a2Offset, int length) {
+        if (a1.length < a1Offset + length || a2.length < a2Offset + length)
+            return false;
+        while (length-- > 0)
+            if (a1[a1Offset++] != a2[a2Offset++])
+                return false;
+        return true;
+    }
+
+    /**
+     * Get a hexadecimal representation of <code>array</code>, with each octet separated by a space.
+     *
+     * @param array
+     *
+     * @return hex string, each octet delimited by a space
+     */
+    public static String printHex(byte[] array) {
+        return printHex(array, 0, array.length);
+    }
+
+    /**
+     * Get a hexadecimal representation of a byte array starting at <code>offset</code> index for <code>len</code>
+     * bytes, with each octet separated by a space.
+     *
+     * @param array
+     * @param offset
+     * @param len
+     *
+     * @return hex string, each octet delimited by a space
+     */
+    public static String printHex(byte[] array, int offset, int len) {
+        StringBuilder sb = new StringBuilder();
+        for (int i = 0; i < len; i++) {
+            byte b = array[offset + i];
+            if (sb.length() > 0)
+                sb.append(' ');
+            sb.append(digits[b >> 4 & 0x0F]);
+            sb.append(digits[b & 0x0F]);
+        }
+        return sb.toString();
+    }
+
+    /**
+     * Get the hexadecimal representation of a byte array.
+     *
+     * @param array
+     *
+     * @return hex string
+     */
+    public static String toHex(byte[] array) {
+        return toHex(array, 0, array.length);
+    }
+
+    /**
+     * Get the hexadecimal representation of a byte array starting at <code>offset</code> index for <code>len</code>
+     * bytes.
+     *
+     * @param array
+     * @param offset
+     * @param len
+     *
+     * @return hex string
+     */
+    public static String toHex(byte[] array, int offset, int len) {
+        StringBuilder sb = new StringBuilder();
+        for (int i = 0; i < len; i++) {
+            byte b = array[offset + i];
+            sb.append(digits[b >> 4 & 0x0F]);
+            sb.append(digits[b & 0x0F]);
+        }
+        return sb.toString();
+    }
+
+    public static byte[] copyOf(byte[] array) {
+        return Arrays.copyOf(array, array.length);
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/common/DisconnectReason.java b/src/main/java/net/schmizz/sshj/common/DisconnectReason.java
new file mode 100644
index 00000000..5712f4fe
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/common/DisconnectReason.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.common;
+
+/** Disconnect error codes */
+public enum DisconnectReason {
+
+    UNKNOWN(0),
+    HOST_NOT_ALLOWED_TO_CONNECT(1),
+    PROTOCOL_ERROR(2),
+    KEY_EXCHANGE_FAILED(3),
+    HOST_AUTHENTICATION_FAILED(4),
+    RESERVED(4),
+    MAC_ERROR(5),
+    COMPRESSION_ERROR(6),
+    SERVICE_NOT_AVAILABLE(7),
+    PROTOCOL_VERSION_NOT_SUPPORTED(8),
+    HOST_KEY_NOT_VERIFIABLE(9),
+    CONNECTION_LOST(10),
+    BY_APPLICATION(11),
+    TOO_MANY_CONNECTIONS(12),
+    AUTH_CANCELLED_BY_USER(13),
+    NO_MORE_AUTH_METHODS_AVAILABLE(14),
+    ILLEGAL_USER_NAME(15);
+
+    public static DisconnectReason fromInt(int code) {
+        for (DisconnectReason dc : values())
+            if (dc.code == code)
+                return dc;
+        return UNKNOWN;
+    }
+
+    private final int code;
+
+    private DisconnectReason(int code) {
+        this.code = code;
+    }
+
+    public int toInt() {
+        return code;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/common/ErrorNotifiable.java b/src/main/java/net/schmizz/sshj/common/ErrorNotifiable.java
new file mode 100644
index 00000000..b30ecf18
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/common/ErrorNotifiable.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.common;
+
+import java.util.Collection;
+
+/** API for classes that are capable of being notified on an error so they can cleanup. */
+public interface ErrorNotifiable {
+
+    /** Utility functions. */
+    class Util {
+        /** Notify all {@code notifiables} of given {@code error}. */
+        public static void alertAll(SSHException error, ErrorNotifiable... notifiables) {
+            for (ErrorNotifiable notifiable : notifiables)
+                notifiable.notifyError(error);
+        }
+
+        /** Notify all {@code notifiables} of given {@code error}. */
+        public static void alertAll(SSHException error, Collection<? extends ErrorNotifiable> notifiables) {
+            for (ErrorNotifiable notifiable : notifiables)
+                notifiable.notifyError(error);
+        }
+    }
+
+    /** Notifies this object of an {@code error}. */
+    void notifyError(SSHException error);
+
+}
diff --git a/src/main/java/net/schmizz/sshj/common/Factory.java b/src/main/java/net/schmizz/sshj/common/Factory.java
new file mode 100644
index 00000000..566b6449
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/common/Factory.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.common;
+
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ * A basic factory interface.
+ *
+ * @param <T> the type of object created by this factory
+ */
+public interface Factory<T> {
+
+    /**
+     * Inteface for a named factory. Named factories are simply factories that are identified by a name. Such names are
+     * used mainly in SSH algorithm negotiation.
+     *
+     * @param <T> type of object created by this factory
+     */
+    interface Named<T> extends Factory<T> {
+
+        /** Utility functions */
+        public static class Util {
+
+            /**
+             * Creates an object by picking a factory from {@code factories} that is identified by {@code name} from a
+             * list of named {@code factories}. Uses the first match.
+             *
+             * @param factories list of available factories
+             * @param name      name of the desired factory
+             * @param <T>       type of the {@code factories}
+             *
+             * @return a newly created instance of {@code T} or {@code null} if there was no match
+             */
+            public static <T> T create(List<Named<T>> factories, String name) {
+                if (factories != null)
+                    for (Named<T> f : factories)
+                        if (f.getName().equals(name))
+                            return f.create();
+                return null;
+            }
+
+            /**
+             * Retrieve a particular factory as identified by {@code name} from a list of named {@code factories}.
+             * Returns the first match.
+             *
+             * @param factories list of factories
+             * @param name      the name of the factory to retrieve
+             * @param <T>       type of the {@code factories}
+             *
+             * @return a factory or {@code null} if there was no match
+             */
+            public static <T> Named<T> get(List<Named<T>> factories, String name) {
+                for (Named<T> f : factories)
+                    if (f.getName().equals(name))
+                        return f;
+                return null;
+            }
+
+            /**
+             * Get a comma-delimited string containing the factory names from the given list of {@code factories}.
+             *
+             * @param factories list of available factories
+             * @param <T>       type of the {@code factories}
+             *
+             * @return a comma separated list of factory names
+             */
+            public static <T> List<String> getNames(List<Named<T>> factories) {
+                List<String> list = new LinkedList<String>();
+                for (Named<T> f : factories)
+                    list.add(f.getName());
+                return list;
+            }
+
+        }
+
+        /** @return the name of this factory. */
+        String getName();
+
+    }
+
+    /** @return a new object created using this factory. */
+    T create();
+
+}
diff --git a/src/main/java/net/schmizz/sshj/common/IOUtils.java b/src/main/java/net/schmizz/sshj/common/IOUtils.java
new file mode 100644
index 00000000..e4d0f372
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/common/IOUtils.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.common;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.Closeable;
+import java.io.IOException;
+
+public class IOUtils {
+
+    private static final Logger LOG = LoggerFactory.getLogger(IOUtils.class);
+
+    public static void closeQuietly(Closeable... closeables) {
+        for (Closeable c : closeables)
+            try {
+                if (c != null)
+                    c.close();
+            } catch (IOException logged) {
+                LOG.warn("Error closing {} - {}", c, logged);
+            }
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/common/KeyType.java b/src/main/java/net/schmizz/sshj/common/KeyType.java
new file mode 100644
index 00000000..08c1b355
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/common/KeyType.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.common;
+
+import java.security.Key;
+import java.security.interfaces.DSAPrivateKey;
+import java.security.interfaces.DSAPublicKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+
+public enum KeyType {
+
+    /** SSH identifier for RSA keys */
+    RSA("ssh-rsa", new KeyChecker() {
+        public boolean isMyType(Key key) {
+            return (key instanceof RSAPublicKey || key instanceof RSAPrivateKey);
+        }
+    }),
+
+    /** SSH identifier for DSA keys */
+    DSA("ssh-dss", new KeyChecker() {
+        public boolean isMyType(Key key) {
+            return (key instanceof DSAPublicKey || key instanceof DSAPrivateKey);
+        }
+    }),
+
+    /** Unrecognized */
+    UNKNOWN("unknown", null);
+
+    private static interface KeyChecker {
+        boolean isMyType(Key key);
+    }
+
+    private final String sType;
+    private final KeyChecker checker;
+
+    private KeyType(String type, KeyChecker checker) {
+        this.sType = type;
+        this.checker = checker;
+    }
+
+    public static KeyType fromKey(Key key) {
+        for (KeyType kt : values())
+            if (kt.checker != null && kt.checker.isMyType((key)))
+                return kt;
+        return UNKNOWN;
+    }
+
+    public static KeyType fromString(String sType) {
+        for (KeyType kt : values())
+            if (kt.sType.equals(sType))
+                return kt;
+        return UNKNOWN;
+    }
+
+    @Override
+    public String toString() {
+        return sType;
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/common/Message.java b/src/main/java/net/schmizz/sshj/common/Message.java
new file mode 100644
index 00000000..e9b59fe1
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/common/Message.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.common;
+
+/** SSH message identifiers */
+public enum Message {
+
+    DISCONNECT(1),
+    IGNORE(2),
+    UNIMPLEMENTED(3),
+    DEBUG(4),
+    SERVICE_REQUEST(5),
+    SERVICE_ACCEPT(6),
+    KEXINIT(20),
+    NEWKEYS(21),
+
+    KEXDH_INIT(30),
+
+    /** { KEXDH_REPLY, KEXDH_GEX_GROUP } */
+    KEXDH_31(31),
+
+    KEX_DH_GEX_INIT(32),
+    KEX_DH_GEX_REPLY(33),
+    KEX_DH_GEX_REQUEST(34),
+
+    USERAUTH_REQUEST(50),
+    USERAUTH_FAILURE(51),
+    USERAUTH_SUCCESS(52),
+    USERAUTH_BANNER(53),
+
+    /** { USERAUTH_PASSWD_CHANGREQ, USERAUTH_PK_OK, USERAUTH_INFO_REQUEST } */
+    USERAUTH_60(60),
+    USERAUTH_INFO_RESPONSE(61),
+
+    GLOBAL_REQUEST(80),
+    REQUEST_SUCCESS(81),
+    REQUEST_FAILURE(82),
+
+    CHANNEL_OPEN(90),
+    CHANNEL_OPEN_CONFIRMATION(91),
+    CHANNEL_OPEN_FAILURE(92),
+    CHANNEL_WINDOW_ADJUST(93),
+    CHANNEL_DATA(94),
+    CHANNEL_EXTENDED_DATA(95),
+    CHANNEL_EOF(96),
+    CHANNEL_CLOSE(97),
+    CHANNEL_REQUEST(98),
+    CHANNEL_SUCCESS(99),
+    CHANNEL_FAILURE(100);
+
+    private final byte b;
+
+    private static final Message[] commands = new Message[256];
+
+    static {
+        for (Message c : Message.values())
+            if (commands[c.toByte()] == null)
+                commands[c.toByte()] = c;
+    }
+
+    public static Message fromByte(byte b) {
+        return commands[b];
+    }
+
+    Message(int b) {
+        this.b = (byte) b;
+    }
+
+    public boolean geq(int num) {
+        return b >= num;
+    }
+
+    public boolean gt(int num) {
+        return b > num;
+    }
+
+    public boolean in(int x, int y) {
+        return b >= x && b <= y;
+    }
+
+    public boolean leq(int num) {
+        return b <= num;
+    }
+
+    public boolean lt(int num) {
+        return b < num;
+    }
+
+    public byte toByte() {
+        return b;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/common/SSHException.java b/src/main/java/net/schmizz/sshj/common/SSHException.java
new file mode 100644
index 00000000..87fc18bf
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/common/SSHException.java
@@ -0,0 +1,122 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.common;
+
+import net.schmizz.concurrent.ExceptionChainer;
+
+import java.io.IOException;
+
+/**
+ * Most exceptions in {@code org.apache.commons.net.ssh} are instances of this class. An {@link SSHException} is itself
+ * an {@link IOException} and can be caught like that if this level of granularity is not desired.
+ */
+public class SSHException extends IOException {
+
+    public static final ExceptionChainer<SSHException> chainer = new ExceptionChainer<SSHException>() {
+
+        public SSHException chain(Throwable t) {
+            if (t instanceof SSHException)
+                return (SSHException) t;
+            else
+                return new SSHException(t);
+        }
+
+    };
+
+    private final DisconnectReason reason;
+
+    public SSHException() {
+        this(DisconnectReason.UNKNOWN, null, null);
+    }
+
+    public SSHException(DisconnectReason code) {
+        this(code, null, null);
+    }
+
+    public SSHException(DisconnectReason code, String message) {
+        this(code, message, null);
+    }
+
+    public SSHException(DisconnectReason code, String message, Throwable cause) {
+        super(message);
+        this.reason = code;
+        if (cause != null)
+            initCause(cause);
+    }
+
+    public SSHException(DisconnectReason code, Throwable cause) {
+        this(code, null, cause);
+    }
+
+    public SSHException(String message) {
+        this(DisconnectReason.UNKNOWN, message, null);
+    }
+
+    public SSHException(String message, Throwable cause) {
+        this(DisconnectReason.UNKNOWN, message, cause);
+    }
+
+    public SSHException(Throwable cause) {
+        this(DisconnectReason.UNKNOWN, null, cause);
+    }
+
+    public int getDisconnectCode() {
+        return reason.toInt();
+    }
+
+    public DisconnectReason getDisconnectReason() {
+        return reason;
+    }
+
+    @Override
+    public String getMessage() {
+        if (super.getMessage() != null)
+            return super.getMessage();
+        else if (getCause() != null && getCause().getMessage() != null)
+            return getCause().getMessage();
+        else
+            return null;
+    }
+
+    @Override
+    public String toString() {
+        final String cls = getClass().getName();
+        final String code = reason != DisconnectReason.UNKNOWN ? "[" + reason + "] " : "";
+        final String msg = getMessage() != null ? getMessage() : "";
+        return cls + (code.equals("") && msg.equals("") ? "" : ": ") + code + msg;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/common/SSHPacket.java b/src/main/java/net/schmizz/sshj/common/SSHPacket.java
new file mode 100644
index 00000000..4cc0fb9d
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/common/SSHPacket.java
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.common;
+
+import java.util.Arrays;
+
+public class SSHPacket extends Buffer<SSHPacket> {
+
+    public SSHPacket() {
+        super();
+    }
+
+    public SSHPacket(int size) {
+        super(size);
+    }
+
+    public SSHPacket(byte[] data) {
+        super(data);
+    }
+
+    /**
+     * Constructs new buffer for the specified SSH packet and reserves the needed space (5 bytes) for the packet
+     * header.
+     *
+     * @param msg the SSH command
+     */
+    public SSHPacket(Message msg) {
+        super();
+        rpos = wpos = 5;
+        putMessageID(msg);
+    }
+
+    public SSHPacket(SSHPacket p) {
+        this.data = Arrays.copyOf(p.data, p.wpos);
+        this.rpos = p.rpos;
+        this.wpos = p.wpos;
+    }
+
+    /**
+     * Reads an SSH byte and returns it as {@link Message}
+     *
+     * @return the message identifier
+     */
+    public Message readMessageID() {
+        byte b = readByte();
+        Message cmd = Message.fromByte(b);
+        if (cmd == null)
+            throw new BufferException("Unknown message ID: " + b);
+        return cmd;
+    }
+
+    /**
+     * Writes a byte indicating the SSH message identifier
+     *
+     * @param msg the identifier as a {@link Message} type
+     *
+     * @return this
+     */
+    public SSHPacket putMessageID(Message msg) {
+        return putByte(msg.toByte());
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/common/SSHPacketHandler.java b/src/main/java/net/schmizz/sshj/common/SSHPacketHandler.java
new file mode 100644
index 00000000..e8913703
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/common/SSHPacketHandler.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.common;
+
+/**
+ * An interface for classes to which packet handling may be delegated. Chains of such delegations may be used, e.g.
+ * {@code packet decoder -> (SSHPacketHandler) transport layer -> (SSHPacketHandler) connection layer ->
+ * (SSHPacketHandler) channel}.
+ */
+public interface SSHPacketHandler {
+
+    /**
+     * Delegate handling of some SSH packet to this object.
+     *
+     * @param msg the SSH {@link Message message identifier}
+     * @param buf {@link SSHPacket} containing rest of the request
+     *
+     * @throws SSHException if there is a non-recoverable error
+     */
+    void handle(Message msg, SSHPacket buf) throws SSHException;
+
+}
diff --git a/src/main/java/net/schmizz/sshj/common/SSHRuntimeException.java b/src/main/java/net/schmizz/sshj/common/SSHRuntimeException.java
new file mode 100644
index 00000000..92843343
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/common/SSHRuntimeException.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.common;
+
+/** Represents unrecoverable exceptions in the {@code org.apache.commons.net.ssh} package. */
+public class SSHRuntimeException extends RuntimeException {
+
+    public SSHRuntimeException() {
+        this(null, null);
+    }
+
+    public SSHRuntimeException(String message) {
+        this(message, null);
+    }
+
+    public SSHRuntimeException(String message, Throwable cause) {
+        super(message);
+        if (cause != null)
+            initCause(cause);
+    }
+
+    public SSHRuntimeException(Throwable cause) {
+        this(null, cause);
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/common/SecurityUtils.java b/src/main/java/net/schmizz/sshj/common/SecurityUtils.java
new file mode 100644
index 00000000..0b37374c
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/common/SecurityUtils.java
@@ -0,0 +1,277 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.common;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyAgreement;
+import javax.crypto.Mac;
+import javax.crypto.NoSuchPaddingException;
+import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
+import java.security.KeyPairGenerator;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.Signature;
+
+/** Static utility method relating to security facilities. */
+public class SecurityUtils {
+
+    private static class BouncyCastleRegistration {
+        public void run() throws Exception {
+            if (java.security.Security.getProvider(BOUNCY_CASTLE) == null) {
+                LOG.info("Trying to register BouncyCastle as a JCE provider");
+                java.security.Security.addProvider(new BouncyCastleProvider());
+                MessageDigest.getInstance("MD5", BOUNCY_CASTLE);
+                KeyAgreement.getInstance("DH", BOUNCY_CASTLE);
+                LOG.info("Registration succeeded");
+            } else
+                LOG.info("BouncyCastle already registered as a JCE provider");
+            securityProvider = BOUNCY_CASTLE;
+        }
+    }
+
+    private static final Logger LOG = LoggerFactory.getLogger(SecurityUtils.class);
+
+    /** Identifier for the BouncyCastle JCE provider */
+    public static final String BOUNCY_CASTLE = "BC";
+
+    /*
+    * Security provider identifier. null = default JCE
+    */
+    private static String securityProvider = null;
+
+    // relate to BC registration
+    private static Boolean registerBouncyCastle;
+    private static boolean registrationDone;
+
+    public static synchronized Cipher getCipher(String transformation) throws NoSuchAlgorithmException,
+            NoSuchPaddingException, NoSuchProviderException {
+        register();
+        if (getSecurityProvider() == null)
+            return Cipher.getInstance(transformation);
+        else
+            return Cipher.getInstance(transformation, getSecurityProvider());
+    }
+
+    /**
+     * Computes the fingerprint for a public key, in the standard SSH format, e.g. "4b:69:6c:72:6f:79:20:77:61:73:20:68:65:72:65:21"
+     *
+     * @param key the public key
+     *
+     * @return the fingerprint
+     *
+     * @see <a href="http://tools.ietf.org/html/draft-friedl-secsh-fingerprint-00">specification</a>
+     */
+    public static String getFingerprint(PublicKey key) {
+        MessageDigest md5;
+        try {
+            md5 = getMessageDigest("MD5");
+        } catch (GeneralSecurityException e) {
+            throw new SSHRuntimeException(e);
+        }
+        md5.update(new Buffer.PlainBuffer().putPublicKey(key).getCompactData());
+        final String undelimited = ByteArrayUtils.toHex(md5.digest());
+        assert undelimited.length() == 32 : "md5 contract";
+        StringBuilder fp = new StringBuilder(undelimited.substring(0, 2));
+        for (int i = 2; i <= undelimited.length() - 2; i += 2)
+            fp.append(":").append(undelimited.substring(i, i + 2));
+        return fp.toString();
+    }
+
+    /**
+     * Creates a new instance of {@link KeyAgreement} with the given algorithm.
+     *
+     * @param algorithm key agreement algorithm
+     *
+     * @return new instance
+     *
+     * @throws NoSuchAlgorithmException
+     * @throws NoSuchProviderException
+     */
+    public static synchronized KeyAgreement getKeyAgreement(String algorithm) throws NoSuchAlgorithmException,
+            NoSuchProviderException {
+        register();
+        if (getSecurityProvider() == null)
+            return KeyAgreement.getInstance(algorithm);
+        else
+            return KeyAgreement.getInstance(algorithm, getSecurityProvider());
+    }
+
+    /**
+     * Creates a new instance of {@link KeyFactory} with the given algorithm.
+     *
+     * @param algorithm key factory algorithm e.g. RSA, DSA
+     *
+     * @return new instance
+     *
+     * @throws NoSuchAlgorithmException
+     * @throws NoSuchProviderException
+     */
+    public static synchronized KeyFactory getKeyFactory(String algorithm) throws NoSuchAlgorithmException,
+            NoSuchProviderException {
+        register();
+        if (getSecurityProvider() == null)
+            return KeyFactory.getInstance(algorithm);
+        else
+            return KeyFactory.getInstance(algorithm, getSecurityProvider());
+    }
+
+    /**
+     * Creates a new instance of {@link KeyPairGenerator} with the given algorithm.
+     *
+     * @param algorithm key pair generator algorithm
+     *
+     * @return new instance
+     *
+     * @throws NoSuchAlgorithmException
+     * @throws NoSuchProviderException
+     */
+    public static synchronized KeyPairGenerator getKeyPairGenerator(String algorithm) throws NoSuchAlgorithmException,
+            NoSuchProviderException {
+        register();
+        if (getSecurityProvider() == null)
+            return KeyPairGenerator.getInstance(algorithm);
+        else
+            return KeyPairGenerator.getInstance(algorithm, getSecurityProvider());
+    }
+
+    /**
+     * Create a new instance of {@link Mac} with the given algorithm.
+     *
+     * @param algorithm MAC algorithm
+     *
+     * @return new instance
+     *
+     * @throws NoSuchAlgorithmException
+     * @throws NoSuchProviderException
+     */
+    public static synchronized Mac getMAC(String algorithm) throws NoSuchAlgorithmException, NoSuchProviderException {
+        register();
+        if (getSecurityProvider() == null)
+            return Mac.getInstance(algorithm);
+        else
+            return Mac.getInstance(algorithm, getSecurityProvider());
+    }
+
+    /**
+     * Create a new instance of {@link MessageDigest} with the given algorithm.
+     *
+     * @param algorithm MessageDigest algorithm name
+     *
+     * @return
+     *
+     * @throws NoSuchAlgorithmException
+     * @throws NoSuchProviderException
+     */
+    public static synchronized MessageDigest getMessageDigest(String algorithm) throws NoSuchAlgorithmException,
+            NoSuchProviderException {
+        register();
+        if (getSecurityProvider() == null)
+            return MessageDigest.getInstance(algorithm);
+        else
+            return MessageDigest.getInstance(algorithm, getSecurityProvider());
+    }
+
+    /**
+     * Get the identifier for the registered security provider.
+     *
+     * @return JCE provider identifier
+     */
+    public static synchronized String getSecurityProvider() {
+        register();
+        return securityProvider;
+    }
+
+    public static synchronized Signature getSignature(String algorithm) throws NoSuchAlgorithmException,
+            NoSuchProviderException {
+        register();
+        if (getSecurityProvider() == null)
+            return Signature.getInstance(algorithm);
+        else
+            return Signature.getInstance(algorithm, getSecurityProvider());
+    }
+
+    /**
+     * Attempts registering BouncyCastle as security provider if it has not been previously attempted and returns
+     * whether the registration succeeded.
+     *
+     * @return whether BC registered
+     */
+    public static synchronized boolean isBouncyCastleRegistered() {
+        register();
+        return BOUNCY_CASTLE.equals(securityProvider);
+    }
+
+    public static synchronized void setRegisterBouncyCastle(boolean registerBouncyCastle) {
+        SecurityUtils.registerBouncyCastle = registerBouncyCastle;
+        registrationDone = false;
+    }
+
+    /**
+     * Specifies the JCE security provider that should be used.
+     *
+     * @param securityProvider identifier for the security provider
+     */
+    public static synchronized void setSecurityProvider(String securityProvider) {
+        SecurityUtils.securityProvider = securityProvider;
+        registrationDone = false;
+    }
+
+    private static void register() {
+        if (!registrationDone) {
+            if (securityProvider == null && (registerBouncyCastle == null || registerBouncyCastle))
+                // Use an inner class to avoid a strong dependency on BouncyCastle
+                try {
+                    new BouncyCastleRegistration().run();
+                } catch (Throwable t) {
+                    if (registerBouncyCastle == null)
+                        LOG.info("BouncyCastle not registered, using the default JCE provider");
+                    else {
+                        LOG.error("Failed to register BouncyCastle as the defaut JCE provider");
+                        throw new SSHRuntimeException("Failed to register BouncyCastle as the defaut JCE provider", t);
+                    }
+                }
+            registrationDone = true;
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/common/StreamCopier.java b/src/main/java/net/schmizz/sshj/common/StreamCopier.java
new file mode 100644
index 00000000..d4da021e
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/common/StreamCopier.java
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.common;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.Closeable;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.Arrays;
+
+public class StreamCopier extends Thread {
+
+    private static final Logger LOG = LoggerFactory.getLogger(StreamCopier.class);
+
+    public interface ErrorCallback {
+        void onError(IOException ioe);
+    }
+
+    public static ErrorCallback closeOnErrorCallback(final Closeable... toClose) {
+        final Closeable[] closeables = Arrays.copyOf(toClose, toClose.length);
+        return new ErrorCallback() {
+            public void onError(IOException ioe) {
+                IOUtils.closeQuietly(closeables);
+            }
+        };
+    }
+
+    public static long copy(InputStream in, OutputStream out, int bufSize, boolean keepFlushing) throws IOException {
+        long count = 0;
+
+        final long startTime = System.currentTimeMillis();
+
+        final byte[] buf = new byte[bufSize];
+        int read;
+        while ((read = in.read(buf)) != -1) {
+            out.write(buf, 0, read);
+            count += read;
+            if (keepFlushing)
+                out.flush();
+        }
+        if (!keepFlushing)
+            out.flush();
+
+        final double sizeKiB = count / 1024.0;
+        final double timeSeconds = (System.currentTimeMillis() - startTime) / 1000.0;
+        LOG.info(sizeKiB + " KiB transferred  in {} seconds ({} KiB/s)", timeSeconds, (sizeKiB / timeSeconds));
+
+        return count;
+    }
+
+    public static String copyStreamToString(InputStream stream) throws IOException {
+        final StringBuilder sb = new StringBuilder();
+        int read;
+        while ((read = stream.read()) != -1)
+            sb.append((char) read);
+        return sb.toString();
+    }
+
+    private final Logger log;
+
+    private final InputStream in;
+    private final OutputStream out;
+
+    private int bufSize = 1;
+    private boolean keepFlushing = true;
+
+    private ErrorCallback errCB = new ErrorCallback() {
+        public void onError(IOException ioe) {
+        }
+    }; // Default null cb
+
+    public StreamCopier(String name, InputStream in, OutputStream out) {
+        this.in = in;
+        this.out = out;
+
+        setName("streamCopier");
+        log = LoggerFactory.getLogger(name);
+    }
+
+    public StreamCopier bufSize(int size) {
+        bufSize = size;
+        return this;
+    }
+
+    public StreamCopier keepFlushing(boolean choice) {
+        keepFlushing = choice;
+        return this;
+    }
+
+    public StreamCopier daemon(boolean choice) {
+        setDaemon(choice);
+        return this;
+    }
+
+    public StreamCopier errorCallback(ErrorCallback errCB) {
+        this.errCB = errCB;
+        return this;
+    }
+
+    @Override
+    public void run() {
+        try {
+            log.debug("Wil pipe from {} to {}", in, out);
+            copy(in, out, bufSize, keepFlushing);
+            log.debug("EOF on {}", in);
+        } catch (IOException ioe) {
+            log.error("In pipe from {} to {}: " + ioe.toString(), in, out);
+            errCB.onError(ioe);
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/connection/Connection.java b/src/main/java/net/schmizz/sshj/connection/Connection.java
new file mode 100644
index 00000000..5906a16a
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/Connection.java
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.connection;
+
+import net.schmizz.concurrent.Future;
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.connection.channel.Channel;
+import net.schmizz.sshj.connection.channel.OpenFailException;
+import net.schmizz.sshj.connection.channel.forwarded.ForwardedChannelOpener;
+import net.schmizz.sshj.transport.Transport;
+import net.schmizz.sshj.transport.TransportException;
+
+/**
+ * Connection layer of the SSH protocol.
+ *
+ * @see rfc4254
+ */
+public interface Connection {
+
+    /**
+     * Attach a {@link net.schmizz.sshj.connection.channel.Channel} to this connection. A channel must be attached to
+     * the connection if it is to receive any channel-specific data that is received.
+     */
+    void attach(Channel chan);
+
+    /**
+     * Attach a {@link net.schmizz.sshj.connection.channel.forwarded.ForwardedChannelOpener} to this connection, which
+     * will be delegated opening of any {@code CHANNEL_OPEN} packets {@link net.schmizz.sshj.connection.channel.forwarded.ForwardedChannelOpener#getChannelType()
+     * for which it is responsible}.
+     */
+    void attach(ForwardedChannelOpener opener);
+
+    /** Forget an attached {@link Channel}. */
+    void forget(Channel chan);
+
+    /** Forget an attached {@link net.schmizz.sshj.connection.channel.forwarded.ForwardedChannelOpener}. */
+    void forget(ForwardedChannelOpener handler);
+
+    /** Returns an attached {@link Channel} of specified channel-id, or {@code null} if no such channel was attached */
+    Channel get(int id);
+
+    /** Wait for the situation that no channels are attached (e.g., got closed). */
+    void join() throws InterruptedException;
+
+    /**
+     * Returns an attached {@link net.schmizz.sshj.connection.channel.forwarded.ForwardedChannelOpener} of specified
+     * channel-type, or {@code null} if no such channel was attached
+     */
+    ForwardedChannelOpener get(String chanType);
+
+    /** Returns an available ID a {@link net.schmizz.sshj.connection.channel.Channel} can rightfully claim. */
+    int nextID();
+
+    /**
+     * Send an SSH global request.
+     *
+     * @param name      request name
+     * @param wantReply whether a reply is requested
+     * @param specifics {@link net.schmizz.sshj.common.SSHPacket} containing fields specific to the request
+     *
+     * @return a {@link net.schmizz.concurrent.Future} for the reply data (in case {@code wantReply} is true) which
+     *         allows waiting on the reply, or {@code null} if a reply is not requested.
+     *
+     * @throws TransportException if there is an error sending the request
+     */
+    public Future<SSHPacket, ConnectionException> sendGlobalRequest(String name, boolean wantReply,
+                                                                    Buffer.PlainBuffer specifics) throws TransportException;
+
+    /**
+     * Send a {@code SSH_MSG_OPEN_FAILURE} for specified {@code Reason} and {@code message}.
+     *
+     * @param recipient
+     * @param reason
+     * @param message
+     *
+     * @throws TransportException
+     */
+    void sendOpenFailure(int recipient, OpenFailException.Reason reason, String message) throws TransportException;
+
+    /**
+     * Get the maximum packet size for the local window this connection recommends to any {@link Channel}'s that ask for
+     * it.
+     */
+    int getMaxPacketSize();
+
+    /**
+     * Set the maximum packet size for the local window this connection recommends to any {@link Channel}'s that ask for
+     * it.
+     */
+    void setMaxPacketSize(int maxPacketSize);
+
+    /**
+     * Get the size for the local window this connection recommends to any {@link net.schmizz.sshj.connection.channel.Channel}'s
+     * that ask for it.
+     */
+    int getWindowSize();
+
+    /** Set the size for the local window this connection recommends to any {@link Channel}'s that ask for it. */
+    void setWindowSize(int windowSize);
+
+    /** Get the associated {@link Transport}. */
+    Transport getTransport();
+
+    /**
+     * Get the {@code timeout} this connection uses for blocking operations and recommends to any {@link Channel other}
+     * {@link net.schmizz.sshj.connection.channel.forwarded.ForwardedChannelOpener classes} that ask for it.
+     */
+    int getTimeout();
+
+    /**
+     * Set the {@code timeout} this connection uses for blocking operations and recommends to any {@link
+     * net.schmizz.sshj.connection.channel.Channel other} {@link net.schmizz.sshj.connection.channel.forwarded.ForwardedChannelOpener
+     * classes} that ask for it.
+     */
+    void setTimeout(int timeout);
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/connection/ConnectionException.java b/src/main/java/net/schmizz/sshj/connection/ConnectionException.java
new file mode 100644
index 00000000..b3e1afd3
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/ConnectionException.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.connection;
+
+import net.schmizz.concurrent.ExceptionChainer;
+import net.schmizz.sshj.common.DisconnectReason;
+import net.schmizz.sshj.common.SSHException;
+
+/** Connection-layer exception. */
+public class ConnectionException extends SSHException {
+
+    public static final ExceptionChainer<ConnectionException> chainer = new ExceptionChainer<ConnectionException>() {
+        public ConnectionException chain(Throwable t) {
+            if (t instanceof ConnectionException)
+                return (ConnectionException) t;
+            else
+                return new ConnectionException(t);
+        }
+    };
+
+    public ConnectionException() {
+        super();
+    }
+
+    public ConnectionException(DisconnectReason code) {
+        super(code);
+    }
+
+    public ConnectionException(DisconnectReason code, String message) {
+        super(code, message);
+    }
+
+    public ConnectionException(DisconnectReason code, String message, Throwable cause) {
+        super(code, message, cause);
+    }
+
+    public ConnectionException(DisconnectReason code, Throwable cause) {
+        super(code, cause);
+    }
+
+    public ConnectionException(String message) {
+        super(message);
+    }
+
+    public ConnectionException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public ConnectionException(Throwable cause) {
+        super(cause);
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/connection/ConnectionProtocol.java b/src/main/java/net/schmizz/sshj/connection/ConnectionProtocol.java
new file mode 100644
index 00000000..1daccef1
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/ConnectionProtocol.java
@@ -0,0 +1,234 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.connection;
+
+import net.schmizz.concurrent.Future;
+import net.schmizz.concurrent.FutureUtils;
+import net.schmizz.sshj.AbstractService;
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.DisconnectReason;
+import net.schmizz.sshj.common.ErrorNotifiable;
+import net.schmizz.sshj.common.Message;
+import net.schmizz.sshj.common.SSHException;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.connection.channel.Channel;
+import net.schmizz.sshj.connection.channel.OpenFailException;
+import net.schmizz.sshj.connection.channel.OpenFailException.Reason;
+import net.schmizz.sshj.connection.channel.forwarded.ForwardedChannelOpener;
+import net.schmizz.sshj.transport.Transport;
+import net.schmizz.sshj.transport.TransportException;
+
+import java.util.LinkedList;
+import java.util.Map;
+import java.util.Queue;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.atomic.AtomicInteger;
+
+/** {@link Connection} implementation. */
+public class ConnectionProtocol extends AbstractService implements Connection {
+
+    private final Object internalSynchronizer = new Object();
+
+    private final AtomicInteger nextID = new AtomicInteger();
+
+    private final Map<Integer, Channel> channels = new ConcurrentHashMap<Integer, Channel>();
+
+    private final Map<String, ForwardedChannelOpener> openers = new ConcurrentHashMap<String, ForwardedChannelOpener>();
+
+    private final Queue<Future<SSHPacket, ConnectionException>> globalReqFutures = new LinkedList<Future<SSHPacket, ConnectionException>>();
+
+    private int windowSize = 2048 * 1024;
+    private int maxPacketSize = 32 * 1024;
+
+    /**
+     * Create with an associated {@link Transport}.
+     *
+     * @param trans transport layer
+     */
+    public ConnectionProtocol(Transport trans) {
+        super("ssh-connection", trans);
+    }
+
+    public void attach(Channel chan) {
+        log.info("Attaching `{}` channel (#{})", chan.getType(), chan.getID());
+        channels.put(chan.getID(), chan);
+    }
+
+    public Channel get(int id) {
+        return channels.get(id);
+    }
+
+    public ForwardedChannelOpener get(String chanType) {
+        return openers.get(chanType);
+    }
+
+    public void forget(Channel chan) {
+        log.info("Forgetting `{}` channel (#{})", chan.getType(), chan.getID());
+        channels.remove(chan.getID());
+        synchronized (internalSynchronizer) {
+            if (channels.isEmpty())
+                internalSynchronizer.notifyAll();
+        }
+    }
+
+    public void forget(ForwardedChannelOpener opener) {
+        log.info("Forgetting opener for `{}` channels: {}", opener.getChannelType(), opener);
+        openers.remove(opener.getChannelType());
+    }
+
+    public void attach(ForwardedChannelOpener opener) {
+        log.info("Attaching opener for `{}` channels: {}", opener.getChannelType(), opener);
+        openers.put(opener.getChannelType(), opener);
+    }
+
+    private Channel getChannel(SSHPacket buffer) throws ConnectionException {
+        int recipient = buffer.readInt();
+        Channel channel = get(recipient);
+        if (channel != null)
+            return channel;
+        else {
+            buffer.rpos(buffer.rpos() - 5);
+            throw new ConnectionException(DisconnectReason.PROTOCOL_ERROR, "Received " + buffer.readMessageID()
+                    + " on unknown channel #" + recipient);
+        }
+    }
+
+    @Override
+    public void handle(Message msg, SSHPacket buf) throws SSHException {
+        if (msg.in(91, 100))
+            getChannel(buf).handle(msg, buf);
+
+        else if (msg.in(80, 90))
+            switch (msg) {
+                case REQUEST_SUCCESS:
+                    gotGlobalReqResponse(buf);
+                    break;
+                case REQUEST_FAILURE:
+                    gotGlobalReqResponse(null);
+                    break;
+                case CHANNEL_OPEN:
+                    gotChannelOpen(buf);
+                    break;
+                default:
+                    super.handle(msg, buf);
+            }
+
+        else
+            super.handle(msg, buf);
+    }
+
+    @Override
+    public void notifyError(SSHException error) {
+        super.notifyError(error);
+
+        synchronized (globalReqFutures) {
+            FutureUtils.alertAll(error, globalReqFutures);
+            globalReqFutures.clear();
+        }
+
+        ErrorNotifiable.Util.alertAll(error, channels.values());
+        channels.clear();
+    }
+
+    public int getMaxPacketSize() {
+        return maxPacketSize;
+    }
+
+    public Transport getTransport() {
+        return trans;
+    }
+
+    public void setMaxPacketSize(int maxPacketSize) {
+        this.maxPacketSize = maxPacketSize;
+    }
+
+    public int getWindowSize() {
+        return windowSize;
+    }
+
+    public void setWindowSize(int windowSize) {
+        this.windowSize = windowSize;
+    }
+
+    public void join() throws InterruptedException {
+        synchronized (internalSynchronizer) {
+            while (!channels.isEmpty())
+                internalSynchronizer.wait();
+        }
+    }
+
+    public int nextID() {
+        return nextID.getAndIncrement();
+    }
+
+    public Future<SSHPacket, ConnectionException> sendGlobalRequest(String name, boolean wantReply,
+                                                                    Buffer.PlainBuffer specifics) throws TransportException {
+        synchronized (globalReqFutures) {
+            log.info("Making global request for `{}`", name);
+            trans.write(new SSHPacket(Message.GLOBAL_REQUEST) //
+                    .putString(name) //
+                    .putBoolean(wantReply) //
+                    .putBuffer(specifics)); //
+
+            Future<SSHPacket, ConnectionException> future = null;
+            if (wantReply) {
+                future = new Future<SSHPacket, ConnectionException>("global req for " + name, ConnectionException.chainer);
+                globalReqFutures.add(future);
+            }
+            return future;
+        }
+    }
+
+    private void gotGlobalReqResponse(SSHPacket response) throws ConnectionException {
+        synchronized (globalReqFutures) {
+            Future<SSHPacket, ConnectionException> gr = globalReqFutures.poll();
+            if (gr == null)
+                throw new ConnectionException(DisconnectReason.PROTOCOL_ERROR,
+                        "Got a global request response when none was requested");
+            else if (response == null)
+                gr.error(new ConnectionException("Global request [" + gr + "] failed"));
+            else
+                gr.set(response);
+        }
+    }
+
+    private void gotChannelOpen(SSHPacket buf) throws ConnectionException, TransportException {
+        final String type = buf.readString();
+        log.debug("Received CHANNEL_OPEN for `{}` channel", type);
+        if (openers.containsKey(type))
+            openers.get(type).handleOpen(buf);
+        else {
+            log.warn("No opener found for `{}` CHANNEL_OPEN request -- rejecting", type);
+            sendOpenFailure(buf.readInt(), OpenFailException.Reason.UNKNOWN_CHANNEL_TYPE, "");
+        }
+    }
+
+    public void sendOpenFailure(int recipient, Reason reason, String message) throws TransportException {
+        trans.write(new SSHPacket(Message.CHANNEL_OPEN_FAILURE) //
+                .putInt(recipient) //
+                .putInt(reason.getCode()) //
+                .putString(message));
+    }
+
+    @Override
+    public void notifyDisconnect() throws SSHException {
+        super.notifyDisconnect();
+        // wh'about them futures?
+        for (Channel chan : channels.values())
+            chan.close();
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/AbstractChannel.java b/src/main/java/net/schmizz/sshj/connection/channel/AbstractChannel.java
new file mode 100644
index 00000000..f0d2094d
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/AbstractChannel.java
@@ -0,0 +1,382 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.connection.channel;
+
+import net.schmizz.concurrent.Event;
+import net.schmizz.concurrent.FutureUtils;
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.ByteArrayUtils;
+import net.schmizz.sshj.common.DisconnectReason;
+import net.schmizz.sshj.common.IOUtils;
+import net.schmizz.sshj.common.Message;
+import net.schmizz.sshj.common.SSHException;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.connection.Connection;
+import net.schmizz.sshj.connection.ConnectionException;
+import net.schmizz.sshj.transport.Transport;
+import net.schmizz.sshj.transport.TransportException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.LinkedList;
+import java.util.Queue;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.locks.ReentrantLock;
+
+public abstract class AbstractChannel implements Channel {
+
+    /** Logger */
+    protected final Logger log;
+
+    /** Transport layer */
+    protected final Transport trans;
+    /** Connection layer */
+    protected final Connection conn;
+
+    /** Channel type */
+    private final String type;
+    /** Channel ID */
+    private final int id;
+    /** Remote recipient ID */
+    private int recipient;
+
+    private final Queue<Event<ConnectionException>> chanReqResponseEvents = new LinkedList<Event<ConnectionException>>();
+
+    /* The lock used by #newEvent to create open & close events */
+    private final ReentrantLock lock = new ReentrantLock();
+    /** Channel open event */
+    protected final Event<ConnectionException> open;
+    /** Channel close event */
+    private final Event<ConnectionException> close;
+
+    /* Access to these fields should be synchronized using this object */
+    private boolean eofSent;
+    private boolean eofGot;
+    private boolean closeRequested;
+
+    /** Local window */
+    protected final Window.Local lwin;
+    /** stdout stream */
+    private final ChannelInputStream in;
+
+    /** Remote window */
+    protected Window.Remote rwin;
+    /** stdin stream */
+    private ChannelOutputStream out;
+
+    private volatile boolean autoExpand = false;
+
+    protected AbstractChannel(String type, Connection conn) {
+        this.type = type;
+        this.conn = conn;
+        this.trans = conn.getTransport();
+
+        id = conn.nextID();
+
+        log = LoggerFactory.getLogger("chan#" + id);
+
+        lwin = new Window.Local(id, conn.getWindowSize(), conn.getMaxPacketSize());
+        in = new ChannelInputStream(this, trans, lwin);
+
+        open = new Event<ConnectionException>("chan#" + id + " / " + "open", ConnectionException.chainer, lock);
+        close = new Event<ConnectionException>("chan#" + id + " / " + "close", ConnectionException.chainer, lock);
+    }
+
+    protected void init(int recipient, int remoteWinSize, int remoteMaxPacketSize) {
+        this.recipient = recipient;
+        rwin = new Window.Remote(id, remoteWinSize, remoteMaxPacketSize);
+        out = new ChannelOutputStream(this, trans, rwin);
+        log.info("Initialized - {}", this);
+    }
+
+    public boolean getAutoExpand() {
+        return autoExpand;
+    }
+
+    public int getID() {
+        return id;
+    }
+
+    public InputStream getInputStream() {
+        return in;
+    }
+
+    public int getLocalMaxPacketSize() {
+        return lwin.getMaxPacketSize();
+    }
+
+    public int getLocalWinSize() {
+        return lwin.getSize();
+    }
+
+    public OutputStream getOutputStream() {
+        return out;
+    }
+
+    public int getRecipient() {
+        return recipient;
+    }
+
+    public int getRemoteMaxPacketSize() {
+        return rwin.getMaxPacketSize();
+    }
+
+    public int getRemoteWinSize() {
+        return rwin.getSize();
+    }
+
+    public String getType() {
+        return type;
+    }
+
+    public void handle(Message msg, SSHPacket buf) throws ConnectionException, TransportException {
+        switch (msg) {
+
+            case CHANNEL_DATA:
+                receiveInto(in, buf);
+                break;
+
+            case CHANNEL_EXTENDED_DATA:
+                gotExtendedData(buf.readInt(), buf);
+                break;
+
+            case CHANNEL_WINDOW_ADJUST:
+                gotWindowAdjustment(buf.readInt());
+                break;
+
+            case CHANNEL_REQUEST:
+                gotChannelRequest(buf);
+                break;
+
+            case CHANNEL_SUCCESS:
+                gotResponse(true);
+                break;
+
+            case CHANNEL_FAILURE:
+                gotResponse(false);
+                break;
+
+            case CHANNEL_EOF:
+                gotEOF();
+                break;
+
+            case CHANNEL_CLOSE:
+                gotClose();
+                break;
+
+            default:
+                gotUnknown(msg, buf);
+
+        }
+    }
+
+    private void gotClose() throws TransportException {
+        log.info("Got close");
+        try {
+            closeAllStreams();
+            sendClose();
+        } finally {
+            finishOff();
+        }
+    }
+
+    /** Called when all I/O streams should be closed. Subclasses can override but must call super. */
+    protected void closeAllStreams() {
+        IOUtils.closeQuietly(in, out);
+    }
+
+    public void notifyError(SSHException error) {
+        log.debug("Channel #{} got notified of {}", getID(), error.toString());
+
+        FutureUtils.alertAll(error, open, close);
+        FutureUtils.alertAll(error, chanReqResponseEvents);
+
+        in.notifyError(error);
+        out.notifyError(error);
+
+        finishOff();
+    }
+
+    public void setAutoExpand(boolean autoExpand) {
+        this.autoExpand = autoExpand;
+    }
+
+    public void close() throws ConnectionException, TransportException {
+        lock.lock();
+        try {
+            try {
+                sendClose();
+            } catch (TransportException e) {
+                if (!close.hasError())
+                    throw e;
+            }
+            close.await(conn.getTimeout(), TimeUnit.SECONDS);
+        } finally {
+            lock.unlock();
+        }
+    }
+
+    protected synchronized void sendClose() throws TransportException {
+        try {
+            if (!closeRequested) {
+                log.info("Sending close");
+                trans.write(newBuffer(Message.CHANNEL_CLOSE));
+            }
+        } finally {
+            closeRequested = true;
+        }
+    }
+
+    public synchronized boolean isOpen() {
+        lock.lock();
+        try {
+            return open.isSet() && !close.isSet() && !closeRequested;
+        } finally {
+            lock.unlock();
+        }
+    }
+
+    private void gotChannelRequest(SSHPacket buf) throws ConnectionException, TransportException {
+        final String reqType = buf.readString();
+        buf.readBoolean(); // We don't care about the 'want-reply' value
+        log.info("Got chan request for `{}`", reqType);
+        handleRequest(reqType, buf);
+    }
+
+    private void gotWindowAdjustment(int howMuch) {
+        log.info("Received window adjustment for {} bytes", howMuch);
+        rwin.expand(howMuch);
+    }
+
+    /** Called when this channel's end-of-life has been reached. Subclasses may override but must call super. */
+    protected void finishOff() {
+        conn.forget(this);
+        close.set();
+    }
+
+    protected void gotExtendedData(int dataTypeCode, SSHPacket buf) throws ConnectionException, TransportException {
+        throw new ConnectionException(DisconnectReason.PROTOCOL_ERROR, "Extended data not supported on " + type
+                + " channel");
+    }
+
+    protected void gotUnknown(Message msg, SSHPacket buf) throws ConnectionException, TransportException {
+    }
+
+    protected void handleRequest(String reqType, SSHPacket buf) throws ConnectionException, TransportException {
+        trans.write(newBuffer(Message.CHANNEL_FAILURE));
+    }
+
+    protected SSHPacket newBuffer(Message cmd) {
+        return new SSHPacket(cmd).putInt(recipient);
+    }
+
+    protected void receiveInto(ChannelInputStream stream, SSHPacket buf) throws ConnectionException, TransportException {
+        final int len = buf.readInt();
+        if (len < 0 || len > getLocalMaxPacketSize() || len != buf.available())
+            throw new ConnectionException(DisconnectReason.PROTOCOL_ERROR, "Bad item length: " + len);
+        if (log.isTraceEnabled())
+            log.trace("IN #{}: {}", id, ByteArrayUtils.printHex(buf.array(), buf.rpos(), len));
+        stream.receive(buf.array(), buf.rpos(), len);
+    }
+
+    protected synchronized Event<ConnectionException> sendChannelRequest(String reqType, boolean wantReply,
+                                                                         Buffer.PlainBuffer reqSpecific) throws TransportException {
+        log.info("Sending channel request for `{}`", reqType);
+        trans.write(
+                newBuffer(Message.CHANNEL_REQUEST)
+                        .putString(reqType)
+                        .putBoolean(wantReply)
+                        .putBuffer(reqSpecific)
+        );
+
+        Event<ConnectionException> responseEvent = null;
+        if (wantReply) {
+            responseEvent = new Event<ConnectionException>("chan#" + id + " / " + "chanreq for " + reqType, ConnectionException.chainer, lock);
+            chanReqResponseEvents.add(responseEvent);
+        }
+        return responseEvent;
+    }
+
+    private synchronized void gotResponse(boolean success) throws ConnectionException {
+        final Event<ConnectionException> responseEvent = chanReqResponseEvents.poll();
+        if (responseEvent != null) {
+            if (success)
+                responseEvent.set();
+            else
+                responseEvent.error(new ConnectionException("Request failed"));
+        } else
+            throw new ConnectionException(
+                    DisconnectReason.PROTOCOL_ERROR,
+                    "Received response to channel request when none was requested");
+    }
+
+    private synchronized void gotEOF() throws TransportException {
+        log.info("Got EOF");
+        eofGot = true;
+        eofInputStreams();
+        if (eofSent)
+            sendClose();
+    }
+
+    /** Called when EOF has been received. Subclasses can override but must call super. */
+    protected void eofInputStreams() {
+        in.eof();
+    }
+
+    public synchronized void sendEOF() throws TransportException {
+        try {
+            if (!closeRequested && !eofSent) {
+                log.info("Sending EOF");
+                trans.write(newBuffer(Message.CHANNEL_EOF));
+                if (eofGot)
+                    sendClose();
+            }
+        } finally {
+            eofSent = true;
+            out.setClosed();
+        }
+    }
+
+    @Override
+    public String toString() {
+        return "< " + type + " channel: id=" + id + ", recipient=" + recipient + ", localWin=" + lwin + ", remoteWin="
+                + rwin + " >";
+    }
+
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/Channel.java b/src/main/java/net/schmizz/sshj/connection/channel/Channel.java
new file mode 100644
index 00000000..87621510
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/Channel.java
@@ -0,0 +1,148 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.connection.channel;
+
+import net.schmizz.sshj.common.ErrorNotifiable;
+import net.schmizz.sshj.common.SSHPacketHandler;
+import net.schmizz.sshj.connection.ConnectionException;
+import net.schmizz.sshj.transport.TransportException;
+
+import java.io.Closeable;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+/** A channel is the basic medium for application-layer data on top of an SSH transport. */
+public interface Channel extends Closeable, SSHPacketHandler, ErrorNotifiable {
+
+    /** Direct channels are those that are initiated by us. */
+    interface Direct extends Channel {
+        /**
+         * Request opening this channel from remote end.
+         *
+         * @throws OpenFailException  in case the channel open request was rejected
+         * @throws net.schmizz.sshj.connection.ConnectionException
+         *                            other connection-layer error
+         * @throws TransportException error writing packets etc.
+         */
+        void open() throws OpenFailException, ConnectionException, TransportException;
+
+    }
+
+    /** Forwarded channels are those that are initiated by the server. */
+    interface Forwarded extends Channel {
+
+        /**
+         * Confirm {@code CHANNEL_OPEN} request.
+         *
+         * @throws TransportException error sending confirmation packet
+         */
+        void confirm() throws TransportException;
+
+        /** Returns the IP of where the forwarded connection originates. */
+        String getOriginatorIP();
+
+        /** Returns port from which the forwarded connection originates. */
+        int getOriginatorPort();
+
+        /**
+         * Indicate rejection to remote end.
+         *
+         * @param reason  indicate {@link OpenFailException.Reason reason} for rejection of the request
+         * @param message indicate a message for why the request is rejected
+         *
+         * @throws TransportException error sending rejection packet
+         */
+        void reject(OpenFailException.Reason reason, String message) throws TransportException;
+
+    }
+
+
+    /** Close this channel. */
+    void close() throws TransportException, ConnectionException;
+
+    /**
+     * Returns whether auto-expansion of local window is set.
+     *
+     * @see #setAutoExpand(boolean)
+     */
+    boolean getAutoExpand();
+
+    /** Returns the channel ID */
+    int getID();
+
+    /** Returns the {@code InputStream} for this channel. */
+    InputStream getInputStream();
+
+    /** Returns the maximum packet size that we have specified. */
+    int getLocalMaxPacketSize();
+
+    /** Returns the current local window size. */
+    int getLocalWinSize();
+
+    /** Returns an {@code OutputStream} for this channel. */
+    OutputStream getOutputStream();
+
+    /** Returns the channel ID at the remote end. */
+    int getRecipient();
+
+    /** Returns the maximum packet size as specified by the remote end. */
+    int getRemoteMaxPacketSize();
+
+    /** Returns the current remote window size. */
+    int getRemoteWinSize();
+
+    /** Returns the channel type identifier. */
+    String getType();
+
+    /** Returns whether the channel is open. */
+    boolean isOpen();
+
+    /**
+     * Sends an EOF message to the server for this channel; indicating that no more data will be sent by us. The {@code
+     * OutputStream} for this channel will be closed and no longer usable.
+     */
+    void sendEOF() throws TransportException;
+
+    /**
+     * Set whether local window should automatically expand when data is received, irrespective of whether data has been
+     * read from that stream. This is useful e.g. when a remote command produces a lot of output that would fill the
+     * local window but you are not interested in reading from its {@code InputStream}.
+     *
+     * @param autoExpand
+     */
+    void setAutoExpand(boolean autoExpand);
+
+}
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/ChannelInputStream.java b/src/main/java/net/schmizz/sshj/connection/channel/ChannelInputStream.java
new file mode 100644
index 00000000..572ef769
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/ChannelInputStream.java
@@ -0,0 +1,171 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+
+package net.schmizz.sshj.connection.channel;
+
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.ErrorNotifiable;
+import net.schmizz.sshj.common.Message;
+import net.schmizz.sshj.common.SSHException;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.connection.ConnectionException;
+import net.schmizz.sshj.transport.Transport;
+import net.schmizz.sshj.transport.TransportException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InterruptedIOException;
+
+/**
+ * {@link InputStream} for channels. Can {@link #receive(byte[], int, int) receive} data into its buffer for serving to
+ * readers.
+ */
+public final class ChannelInputStream extends InputStream implements ErrorNotifiable {
+
+    private final Logger log;
+
+    private final Channel chan;
+    private final Transport trans;
+    private final Window.Local win;
+    private final Buffer.PlainBuffer buf;
+    private final byte[] b = new byte[1];
+
+    private boolean eof;
+    private SSHException error;
+
+    public ChannelInputStream(Channel chan, Transport trans, Window.Local win) {
+        log = LoggerFactory.getLogger("<< chan#" + chan.getID() + " / input stream >>");
+
+        this.chan = chan;
+        this.trans = trans;
+        this.win = win;
+        buf = new Buffer.PlainBuffer(chan.getLocalMaxPacketSize());
+    }
+
+    @Override
+    public int available() {
+        synchronized (buf) {
+            return buf.available();
+        }
+    }
+
+    @Override
+    public void close() {
+        eof();
+    }
+
+    public void eof() {
+        synchronized (buf) {
+            if (!eof) {
+                eof = true;
+                buf.notifyAll();
+            }
+        }
+    }
+
+    public synchronized void notifyError(SSHException error) {
+        this.error = error;
+        eof();
+    }
+
+    @Override
+    public int read() throws IOException {
+        synchronized (b) {
+            return read(b, 0, 1) == -1 ? -1 : b[0];
+        }
+    }
+
+    @Override
+    public int read(byte[] b, int off, int len) throws IOException {
+        synchronized (buf) {
+            for (; ;) {
+                if (buf.available() > 0)
+                    break;
+                if (eof)
+                    if (error != null)
+                        throw error;
+                    else
+                        return -1;
+                try {
+                    buf.wait();
+                } catch (InterruptedException e) {
+                    throw (IOException) new InterruptedIOException().initCause(e);
+                }
+            }
+            if (len > buf.available())
+                len = buf.available();
+            buf.readRawBytes(b, off, len);
+            if (buf.rpos() > win.getMaxPacketSize() && buf.available() == 0)
+                buf.clear();
+        }
+
+        if (!chan.getAutoExpand())
+            checkWindow();
+
+        return len;
+    }
+
+    public void receive(byte[] data, int offset, int len) throws ConnectionException, TransportException {
+        if (eof)
+            throw new ConnectionException("Getting data on EOF'ed stream");
+        synchronized (buf) {
+            buf.putRawBytes(data, offset, len);
+            buf.notifyAll();
+        }
+        win.consume(len);
+        if (chan.getAutoExpand())
+            checkWindow();
+    }
+
+    private void checkWindow() throws TransportException {
+        synchronized (win) {
+            final int adjustment = win.neededAdjustment();
+            if (adjustment > 0) {
+                log.info("Sending SSH_MSG_CHANNEL_WINDOW_ADJUST to #{} for {} bytes", chan.getRecipient(), adjustment);
+                trans.write(new SSHPacket(Message.CHANNEL_WINDOW_ADJUST).putInt(chan.getRecipient()).putInt(adjustment));
+                win.expand(adjustment);
+            }
+        }
+    }
+
+    @Override
+    public String toString() {
+        return "< ChannelInputStream for Channel #" + chan.getID() + " >";
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/ChannelOutputStream.java b/src/main/java/net/schmizz/sshj/connection/channel/ChannelOutputStream.java
new file mode 100644
index 00000000..dce78d40
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/ChannelOutputStream.java
@@ -0,0 +1,158 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.connection.channel;
+
+import net.schmizz.sshj.common.ErrorNotifiable;
+import net.schmizz.sshj.common.Message;
+import net.schmizz.sshj.common.SSHException;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.connection.ConnectionException;
+import net.schmizz.sshj.transport.Transport;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+/**
+ * {@link OutputStream} for channels. Buffers data upto the remote window's maximum packet size. Data can also be
+ * flushed via {@link #flush()} and is also flushed on {@link #close()}.
+ */
+public final class ChannelOutputStream extends OutputStream implements ErrorNotifiable {
+
+    private final Channel chan;
+    private Transport trans;
+    private final Window.Remote win;
+    private final SSHPacket buffer = new SSHPacket();
+    private final byte[] b = new byte[1];
+    private int bufferLength;
+    private boolean closed;
+    private SSHException error;
+
+    public ChannelOutputStream(Channel chan, Transport trans, Window.Remote win) {
+        this.chan = chan;
+        this.trans = trans;
+        this.win = win;
+        prepBuffer();
+    }
+
+    private void prepBuffer() {
+        bufferLength = 0;
+        buffer.rpos(5);
+        buffer.wpos(5);
+        buffer.putMessageID(Message.CHANNEL_DATA);
+        buffer.putInt(0); // meant to be recipient
+        buffer.putInt(0); // meant to be data length
+    }
+
+    @Override
+    public synchronized void write(int w) throws IOException {
+        b[0] = (byte) w;
+        write(b, 0, 1);
+    }
+
+    @Override
+    public synchronized void write(byte[] data, int off, int len) throws IOException {
+        checkClose();
+        while (len > 0) {
+            final int x = Math.min(len, win.getMaxPacketSize() - bufferLength);
+            if (x <= 0) {
+                flush();
+                continue;
+            }
+            buffer.putRawBytes(data, off, x);
+            bufferLength += x;
+            off += x;
+            len -= x;
+        }
+    }
+
+    public synchronized void notifyError(SSHException error) {
+        this.error = error;
+    }
+
+    private synchronized void checkClose() throws SSHException {
+        if (closed)
+            if (error != null)
+                throw error;
+            else
+                throw new ConnectionException("Stream closed");
+    }
+
+    @Override
+    public synchronized void close() throws IOException {
+        if (!closed)
+            try {
+                flush();
+                chan.sendEOF();
+            } finally {
+                setClosed();
+            }
+    }
+
+    public synchronized void setClosed() {
+        closed = true;
+    }
+
+    @Override
+    public synchronized void flush() throws IOException {
+        checkClose();
+
+        if (bufferLength <= 0) // No data to send
+            return;
+
+        putRecipientAndLength();
+
+        try {
+            win.waitAndConsume(bufferLength);
+            trans.write(buffer);
+        } finally {
+            prepBuffer();
+        }
+    }
+
+    private void putRecipientAndLength() {
+        final int origPos = buffer.wpos();
+        buffer.wpos(6);
+        buffer.putInt(chan.getRecipient());
+        buffer.putInt(bufferLength);
+        buffer.wpos(origPos);
+    }
+
+    @Override
+    public String toString() {
+        return "< ChannelOutputStream for Channel #" + chan.getID() + " >";
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/OpenFailException.java b/src/main/java/net/schmizz/sshj/connection/channel/OpenFailException.java
new file mode 100644
index 00000000..496116ec
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/OpenFailException.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.connection.channel;
+
+import net.schmizz.sshj.connection.ConnectionException;
+
+public class OpenFailException extends ConnectionException {
+
+    public enum Reason {
+        UNKNOWN(0), ADMINISTRATIVELY_PROHIBITED(1), CONNECT_FAILED(2), UNKNOWN_CHANNEL_TYPE(3), RESOURCE_SHORTAGE(4);
+
+        public static Reason fromInt(int code) {
+            for (Reason rc : Reason.values())
+                if (rc.code == code)
+                    return rc;
+            return UNKNOWN;
+        }
+
+        private final int code;
+
+        private Reason(int rc) {
+            this.code = rc;
+        }
+
+        public int getCode() {
+            return code;
+        }
+
+    }
+
+    private final String channelType;
+    private final Reason reason;
+    private final String message;
+
+    public OpenFailException(String channelType, int reasonCode, String message) {
+        super(message);
+        this.channelType = channelType;
+        this.reason = Reason.fromInt(reasonCode);
+        this.message = message;
+    }
+
+    public OpenFailException(String channelType, Reason reason, String message) {
+        super(message);
+        this.channelType = channelType;
+        this.reason = reason;
+        this.message = message;
+    }
+
+    public String getChannelType() {
+        return channelType;
+    }
+
+    @Override
+    public String getMessage() {
+        return message;
+    }
+
+    public Reason getReason() {
+        return reason;
+    }
+
+    @Override
+    public String toString() {
+        return "Opening `" + channelType + "` channel failed: " + getMessage();
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/Window.java b/src/main/java/net/schmizz/sshj/connection/channel/Window.java
new file mode 100644
index 00000000..1d5e665e
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/Window.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.connection.channel;
+
+import net.schmizz.sshj.common.SSHRuntimeException;
+import net.schmizz.sshj.connection.ConnectionException;
+import net.schmizz.sshj.transport.TransportException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public abstract class Window {
+
+    protected final Logger log;
+
+    protected final Object lock = new Object();
+
+    protected final int maxPacketSize;
+
+    protected int size;
+
+    public Window(int chanID, String kindOfWindow, int initialWinSize, int maxPacketSize) {
+        log = LoggerFactory.getLogger("<< chan#" + chanID + " / " + kindOfWindow + " >>");
+        size = initialWinSize;
+        this.maxPacketSize = maxPacketSize;
+    }
+
+    public void expand(int inc) {
+        synchronized (lock) {
+            log.debug("Increasing by {} up to {}", inc, size);
+            size += inc;
+            lock.notifyAll();
+        }
+    }
+
+    public int getMaxPacketSize() {
+        return maxPacketSize;
+    }
+
+    public int getSize() {
+        return size;
+    }
+
+    public void consume(int dec) {
+        synchronized (lock) {
+            log.debug("Consuming by " + dec + " down to " + size);
+            size -= dec;
+            if (size < 0)
+                throw new SSHRuntimeException("Window consumed to below 0");
+        }
+    }
+
+    @Override
+    public String toString() {
+        return "[winSize=" + size + "]";
+    }
+
+    /** Controls how much data we can send before an adjustment notification from remote end is required. */
+    public static final class Remote extends Window {
+
+        public Remote(int chanID, int initialWinSize, int maxPacketSize) {
+            super(chanID, "remote win", initialWinSize, maxPacketSize);
+        }
+
+        public void waitAndConsume(int howMuch) throws ConnectionException {
+            synchronized (lock) {
+                while (size < howMuch) {
+                    log.debug("Waiting, need window space for {} bytes", howMuch);
+                    try {
+                        lock.wait();
+                    } catch (InterruptedException ie) {
+                        throw new ConnectionException(ie);
+                    }
+                }
+                consume(howMuch);
+            }
+        }
+
+    }
+
+    /** Controls how much data remote end can send before an adjustment notification from us is required. */
+    public static final class Local extends Window {
+
+        private final int initialSize;
+        private final int threshold;
+
+        public Local(int chanID, int initialWinSize, int maxPacketSize) {
+            super(chanID, "local win", initialWinSize, maxPacketSize);
+            this.initialSize = initialWinSize;
+            threshold = Math.min(maxPacketSize * 20, initialSize / 4);
+        }
+
+        public int neededAdjustment() throws TransportException {
+            synchronized (lock) {
+                return (size - threshold <= 0) ? (initialSize - size) : 0;
+            }
+        }
+
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/direct/AbstractDirectChannel.java b/src/main/java/net/schmizz/sshj/connection/channel/direct/AbstractDirectChannel.java
new file mode 100644
index 00000000..85be1872
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/direct/AbstractDirectChannel.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.connection.channel.direct;
+
+import net.schmizz.sshj.common.Message;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.connection.Connection;
+import net.schmizz.sshj.connection.ConnectionException;
+import net.schmizz.sshj.connection.channel.AbstractChannel;
+import net.schmizz.sshj.connection.channel.Channel;
+import net.schmizz.sshj.connection.channel.OpenFailException;
+import net.schmizz.sshj.transport.TransportException;
+
+import java.util.concurrent.TimeUnit;
+
+/** Base class for direct channels whose open is initated by the client. */
+public abstract class AbstractDirectChannel extends AbstractChannel implements Channel.Direct {
+
+    protected AbstractDirectChannel(String name, Connection conn) {
+        super(name, conn);
+
+        /*
+        * We expect to receive channel open confirmation/rejection and want to be able to next this packet.
+        */
+        conn.attach(this);
+    }
+
+    public void open() throws ConnectionException, TransportException {
+        trans.write(buildOpenReq());
+        open.await(conn.getTimeout(), TimeUnit.SECONDS);
+    }
+
+    private void gotOpenConfirmation(SSHPacket buf) {
+        init(buf.readInt(), buf.readInt(), buf.readInt());
+        open.set();
+    }
+
+    private void gotOpenFailure(SSHPacket buf) {
+        open.error(new OpenFailException(getType(), buf.readInt(), buf.readString()));
+        finishOff();
+    }
+
+    protected SSHPacket buildOpenReq() {
+        return new SSHPacket(Message.CHANNEL_OPEN)
+                .putString(getType())
+                .putInt(getID())
+                .putInt(getLocalWinSize())
+                .putInt(getLocalMaxPacketSize());
+    }
+
+    @Override
+    protected void gotUnknown(Message cmd, SSHPacket buf) throws ConnectionException, TransportException {
+        switch (cmd) {
+
+            case CHANNEL_OPEN_CONFIRMATION:
+                gotOpenConfirmation(buf);
+                break;
+
+            case CHANNEL_OPEN_FAILURE:
+                gotOpenFailure(buf);
+                break;
+
+            default:
+                super.gotUnknown(cmd, buf);
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/direct/LocalPortForwarder.java b/src/main/java/net/schmizz/sshj/connection/channel/direct/LocalPortForwarder.java
new file mode 100644
index 00000000..a4744714
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/direct/LocalPortForwarder.java
@@ -0,0 +1,147 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.connection.channel.direct;
+
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.common.StreamCopier;
+import net.schmizz.sshj.common.StreamCopier.ErrorCallback;
+import net.schmizz.sshj.connection.Connection;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.net.ServerSocketFactory;
+import java.io.Closeable;
+import java.io.IOException;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.SocketAddress;
+
+public class LocalPortForwarder {
+
+    private class DirectTCPIPChannel extends AbstractDirectChannel {
+
+        private final Socket sock;
+
+        private DirectTCPIPChannel(Connection conn, Socket sock) {
+            super("direct-tcpip", conn);
+            this.sock = sock;
+        }
+
+        private void start() throws IOException {
+            sock.setSendBufferSize(getLocalMaxPacketSize());
+            sock.setReceiveBufferSize(getRemoteMaxPacketSize());
+
+            final ErrorCallback closer = StreamCopier.closeOnErrorCallback(this,
+                    new Closeable() {
+                        public void close() throws IOException {
+                            sock.close();
+                        }
+                    });
+
+            new StreamCopier("chan2soc", getInputStream(), sock.getOutputStream()) //
+                    .bufSize(getLocalMaxPacketSize()) //
+                    .errorCallback(closer) //
+                    .daemon(true) //
+                    .start();
+
+            new StreamCopier("soc2chan", sock.getInputStream(), getOutputStream()) //
+                    .bufSize(getRemoteMaxPacketSize()) //
+                    .errorCallback(closer) //
+                    .daemon(true) //
+                    .start();
+        }
+
+        @Override
+        protected SSHPacket buildOpenReq() {
+            return super.buildOpenReq() //
+                    .putString(host) //
+                    .putInt(port) //
+                    .putString(ss.getInetAddress().getHostAddress()) //
+                    .putInt(ss.getLocalPort());
+        }
+
+    }
+
+    private final Logger log = LoggerFactory.getLogger(getClass());
+
+    private final Connection conn;
+    private final ServerSocket ss;
+    private final String host;
+    private final int port;
+
+    public LocalPortForwarder(Connection conn, SocketAddress listeningAddr, String host, int port) throws IOException {
+        this(ServerSocketFactory.getDefault(), conn, listeningAddr, host, port);
+    }
+
+    /**
+     * Create a local port forwarder with specified binding ({@code listeningAddr}. It does not, however, start
+     * listening unless {@link #listen() explicitly told to}.
+     *
+     * @param conn          {@link Connection} implementation
+     * @param listeningAddr {@link SocketAddress} this forwarder will listen on, if {@code null} then an ephemeral port
+     *                      and valid local address will be picked to bind the server socket
+     * @param host          what host the SSH server will further forward to
+     * @param port          port on {@code toHost}
+     *
+     * @throws IOException if there is an error binding on specified {@code listeningAddr}
+     */
+    public LocalPortForwarder(ServerSocketFactory ssf, Connection conn, SocketAddress listeningAddr, String host, int port) throws IOException {
+        this.conn = conn;
+        this.host = host;
+        this.port = port;
+        this.ss = ssf.createServerSocket();
+        ss.setReceiveBufferSize(conn.getMaxPacketSize());
+        ss.bind(listeningAddr);
+    }
+
+    public SocketAddress getListeningAddress() {
+        return ss.getLocalSocketAddress();
+    }
+
+    /** Start listening for incoming connections and forward to remote host as a channel. */
+    public void listen() throws IOException {
+        log.info("Listening on {}", ss.getLocalSocketAddress());
+        Socket sock;
+        while (true) {
+            sock = ss.accept();
+            log.info("Got connection from {}", sock.getRemoteSocketAddress());
+            DirectTCPIPChannel chan = new DirectTCPIPChannel(conn, sock);
+            chan.open();
+            chan.start();
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/direct/PTYMode.java b/src/main/java/net/schmizz/sshj/connection/channel/direct/PTYMode.java
new file mode 100644
index 00000000..8d0d01cb
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/direct/PTYMode.java
@@ -0,0 +1,179 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.connection.channel.direct;
+
+import net.schmizz.sshj.common.Buffer;
+
+import java.util.Map;
+import java.util.Map.Entry;
+
+/** Various modes for a psuedo-terminal. They are meant to have integer parameters. */
+public enum PTYMode {
+    /**
+     * Interrupt character; 255 if none. Similarly for the other characters. Not all of these characters are supported
+     * on all systems.
+     */
+    VINTR(1),
+    /** The quit character (sends SIGQUIT signal on POSIX systems). */
+    VQUIT(2),
+    /** Erase the character to left of the cursor. */
+    VERASE(3),
+    /** Kill the current input line. */
+    VKILL(4),
+    /** End-of-file character (sends EOF from the terminal). */
+    VEOF(5),
+    /** End-of-line character in addition to carriage return and/or linefeed. */
+    VEOL(6),
+    /** Additional end-of-line character. */
+    VEOL2(7),
+    /** Continues paused output (normally control-Q). */
+    VSTART(8),
+    /** Pauses output (normally control-S). */
+    VSTOP(9),
+    /** Suspends the current program. */
+    VSUSP(10),
+    /** Another suspend character. */
+    VDSUSP(11),
+    /** Reprints the current input line. */
+    VREPRINT(12),
+    /** Erases a word left of cursor. */
+    VWERASE(13),
+    /** Enter the next character typed literally, even if it is a special character. */
+    VLNEXT(14),
+    /** Character to flush output. */
+    VFLUSH(15),
+    /** Switch to a different shell layer. */
+    VSWTCH(16),
+    /** Prints system status line (load, command, pid, etc). */
+    VSTATUS(17),
+    /** Toggles the flushing of terminal output. */
+    VDISCARD(18),
+    /** The ignore parity flag. The parameter SHOULD be 0 if this flag is FALSE, and 1 if it is TRUE. */
+    IGNPAR(30),
+    /** Mark parity and framing errors. */
+    PARMRK(31),
+    /** Enable checking of parity errors. */
+    INPCK(32),
+    /** Strip 8th bit off characters. */
+    ISTRIP(33),
+    /** Map NL into CR on input. */
+    INLCR(34),
+    /** Ignore CR on input. */
+    IGNCR(35),
+    /** Map CR to NL on input. */
+    ICRNL(36),
+    /** Translate uppercase characters to lowercase. */
+    IUCLC(37),
+    /** Enable output flow control. */
+    IXON(38),
+    /** Any char will restart after stop. */
+    IXANY(39),
+    /** Enable input flow control. */
+    IXOFF(40),
+    /** Ring bell on input queue full. */
+    IMAXBEL(41),
+    /** Enable signals INTR, QUIT, [D]SUSP. */
+    ISIG(50),
+    /** Canonicalize input lines. */
+    ICANON(51),
+    /** Enable input and output of uppercase characters by preceding their lowercase equivalents with &quot;\&quot;. */
+    XCASE(52),
+    /** Enable echoing. */
+    ECHO(53),
+    /** Visually erase chars. */
+    ECHOE(54),
+    /** Kill character discards current line. */
+    ECHOK(55),
+    /** Echo NL even if ECHO is off. */
+    ECHONL(56),
+    /** Don't flush after interrupt. */
+    NOFLSH(57),
+    /** Stop background jobs from output. */
+    TOSTOP(58),
+    /** Enable extensions. */
+    IEXTEN(59),
+    /** Echo control characters as &circ;(Char). */
+    ECHOCTL(60),
+    /** Visual erase for line kill. */
+    ECHOKE(61),
+    /** Retype pending input. */
+    PENDIN(62),
+    /** Enable output processing. */
+    OPOST(70),
+    /** Convert lowercase to uppercase. */
+    OLCUC(71),
+    /** Map NL to CR-NL. */
+    ONLCR(72),
+    /** Translate carriage return to newline (output). */
+    OCRNL(73),
+    /** Translate newline to carriage return-newline (output). */
+    ONOCR(74),
+    /** Newline performs a carriage return (output). */
+    ONLRET(75),
+    /** 7 bit mode. */
+    CS7(90),
+    /** 8 bit mode. */
+    CS8(91),
+    /** Parity enable. */
+    PARENB(92),
+    /** Odd parity, else even. */
+    PARODD(93),
+    /** Specifies the input baud rate in bits per second. */
+    TTY_OP_ISPEED(128),
+    /** Specifies the output baud rate in bits per second. */
+    TTY_OP_OSPEED(129);
+
+    public static byte[] encode(Map<PTYMode, Integer> modes) {
+        Buffer.PlainBuffer buf = new Buffer.PlainBuffer();
+        for (Entry<PTYMode, Integer> entry : modes.entrySet()) {
+            buf.putByte(entry.getKey().getOpcode());
+            buf.putInt(entry.getValue());
+        }
+        buf.putByte((byte) 0);
+        return buf.getCompactData();
+    }
+
+    private final byte opcode;
+
+    private PTYMode(int opcode) {
+        this.opcode = (byte) opcode;
+    }
+
+    public byte getOpcode() {
+        return opcode;
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/direct/Session.java b/src/main/java/net/schmizz/sshj/connection/channel/direct/Session.java
new file mode 100644
index 00000000..c60f001d
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/direct/Session.java
@@ -0,0 +1,248 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.connection.channel.direct;
+
+import net.schmizz.sshj.connection.ConnectionException;
+import net.schmizz.sshj.connection.channel.Channel;
+import net.schmizz.sshj.transport.TransportException;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map;
+
+/**
+ * A {@code session} channel provides for execution of a remote {@link Command command}, {@link Shell shell} or {@link
+ * Subsystem subsystem}. Before this requests like starting X11 forwarding, setting environment variables, allocating a
+ * PTY etc. can be made.
+ * <p/>
+ * It is not legal to reuse a {@code session} channel for more than one of command, shell, or subsystem. Once one of
+ * these has been started this instance's API is invalid and that of the {@link Command specific} {@link Shell targets}
+ * {@link Subsystem returned} should be used.
+ *
+ * @see Command
+ * @see Shell
+ * @see Subsystem
+ */
+public interface Session extends Channel {
+
+    /** Command API. */
+    interface Command extends Channel {
+
+        /**
+         * Read from the command's {@code stderr} stream into a string (blocking).
+         *
+         * @return the commands {@code stderr} output as a string
+         *
+         * @throws IOException if error reading from the stream
+         */
+        String getErrorAsString() throws IOException;
+
+        /** Returns the command's {@code stderr} stream. */
+        InputStream getErrorStream();
+
+        /**
+         * If the command exit violently {@link #getExitSignal() with a signal}, an error message would have been
+         * received and can be retrieved via this method. Otherwise, this method will return {@code null}.
+         */
+        String getExitErrorMessage();
+
+        /**
+         * Returns the {@link Signal signal} if the command exit violently, or {@code null} if this information was not
+         * received.
+         */
+        Signal getExitSignal();
+
+        /**
+         * Returns the exit status of the command if it was received, or {@code null} if this information was not
+         * received.
+         */
+        Integer getExitStatus();
+
+        /**
+         * If the command exit violently {@link #getExitSignal() with a signal}, information about whether a core dump
+         * took place would have been received and can be retrieved via this method. Otherwise, this method will return
+         * {@code null}.
+         */
+        Boolean getExitWasCoreDumped();
+
+        /**
+         * Read from the command's {@code stdout} stream into a string (blocking).
+         *
+         * @return the command's {@code stdout} output as a string
+         *
+         * @throws IOException if error reading from the stream
+         */
+        String getOutputAsString() throws IOException;
+
+        /**
+         * Send a signal to the remote command.
+         *
+         * @param signal the signal
+         *
+         * @throws TransportException if error sending the signal
+         */
+        void signal(Signal signal) throws TransportException;
+
+    }
+
+    /** Shell API. */
+    interface Shell extends Channel {
+
+        /**
+         * Whether the client can do local flow control using {@code control-S} and {@code control-Q}.
+         *
+         * @return boolean value indicating whether 'client can do', or {@code null} if no such information was
+         *         received
+         */
+        Boolean canDoFlowControl();
+
+        /**
+         * Sends a window dimension change message.
+         *
+         * @param cols   terminal width, columns
+         * @param rows   terminal height, rows
+         * @param width  terminal width, pixels
+         * @param height terminal height, pixels
+         *
+         * @throws TransportException
+         */
+        void changeWindowDimensions(int cols, int rows, int width, int height) throws TransportException;
+
+        /** Returns the shell's {@code stderr} stream. */
+        InputStream getErrorStream();
+
+        /**
+         * Send a signal.
+         *
+         * @param signal the signal
+         *
+         * @throws TransportException if error sending the signal
+         */
+        void signal(Signal signal) throws TransportException;
+
+    }
+
+    /** Subsystem API. */
+    interface Subsystem extends Channel {
+        Integer getExitStatus();
+    }
+
+    /**
+     * Allocates a default PTY. The default PTY is {@code "vt100"} with the echo modes disabled.
+     *
+     * @throws net.schmizz.sshj.connection.ConnectionException
+     *
+     * @throws TransportException
+     */
+    void allocateDefaultPTY() throws ConnectionException, TransportException;
+
+    /**
+     * Allocate a psuedo-terminal for this session.
+     * <p/>
+     * {@code 0} dimension parameters will be ignored by the server.
+     *
+     * @param term   {@code TERM} environment variable value (e.g., {@code vt100})
+     * @param cols   terminal width, cols (e.g., 80)
+     * @param rows   terminal height, rows (e.g., 24)
+     * @param width  terminal width, pixels (e.g., 640)
+     * @param height terminal height, pixels (e.g., 480)
+     * @param modes
+     *
+     * @throws ConnectionException
+     * @throws TransportException
+     */
+    void allocatePTY(String term, int cols, int rows, int width, int height, Map<PTYMode, Integer> modes)
+            throws ConnectionException, TransportException;
+
+    /**
+     * Execute a remote command.
+     *
+     * @param command
+     *
+     * @return {@link Command} instance which should now be used
+     *
+     * @throws ConnectionException if the request to execute the command failed
+     * @throws TransportException  if there is an error sending the request
+     */
+    Command exec(String command) throws ConnectionException, TransportException;
+
+    /**
+     * Request X11 forwarding.
+     *
+     * @param authProto  X11 authentication protocol name
+     * @param authCookie X11 authentication cookie
+     * @param screen     X11 screen number
+     *
+     * @throws ConnectionException if the request failed
+     * @throws TransportException  if there was an error sending the request
+     */
+    void reqX11Forwarding(String authProto, String authCookie, int screen) throws ConnectionException,
+            TransportException;
+
+    /**
+     * Set an enviornment variable.
+     *
+     * @param name  name of the variable
+     * @param value value to set
+     *
+     * @throws ConnectionException if the request failed
+     * @throws TransportException  if there was an error sending the request
+     */
+    void setEnvVar(String name, String value) throws ConnectionException, TransportException;
+
+    /**
+     * Request a shell.
+     *
+     * @return {@link Shell} instance which should now be used
+     *
+     * @throws ConnectionException if the request failed
+     * @throws TransportException  if there was an error sending the request
+     */
+    Shell startShell() throws ConnectionException, TransportException;
+
+    /**
+     * Request a subsystem.
+     *
+     * @param name subsystem name
+     *
+     * @return {@link Subsystem} instance which should now be used
+     *
+     * @throws ConnectionException if the request failed
+     * @throws TransportException  if there was an error sending the request
+     */
+    Subsystem startSubsystem(String name) throws ConnectionException, TransportException;
+
+}
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/direct/SessionChannel.java b/src/main/java/net/schmizz/sshj/connection/channel/direct/SessionChannel.java
new file mode 100644
index 00000000..20d1b536
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/direct/SessionChannel.java
@@ -0,0 +1,219 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.connection.channel.direct;
+
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.IOUtils;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.common.StreamCopier;
+import net.schmizz.sshj.connection.Connection;
+import net.schmizz.sshj.connection.ConnectionException;
+import net.schmizz.sshj.connection.channel.ChannelInputStream;
+import net.schmizz.sshj.transport.TransportException;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+/** {@link Session} implementation. */
+public class
+        SessionChannel extends AbstractDirectChannel implements Session, Session.Command, Session.Shell,
+        Session.Subsystem {
+
+    private Integer exitStatus;
+
+    private Signal exitSignal;
+    private Boolean wasCoreDumped;
+    private String exitErrMsg;
+
+    private Boolean canDoFlowControl;
+
+    private ChannelInputStream err = new ChannelInputStream(this, trans, lwin);
+
+    public SessionChannel(Connection conn) {
+        super("session", conn);
+    }
+
+    public void allocateDefaultPTY() throws ConnectionException, TransportException {
+        // TODO FIXME (maybe?): These modes were originally copied from what SSHD was doing;
+        // and then the echo modes were set to 0 to better serve the PTY example.
+        // Not sure what default PTY modes should be.
+        final Map<PTYMode, Integer> modes = new HashMap<PTYMode, Integer>();
+        modes.put(PTYMode.ISIG, 1);
+        modes.put(PTYMode.ICANON, 1);
+        modes.put(PTYMode.ECHO, 0);
+        modes.put(PTYMode.ECHOE, 0);
+        modes.put(PTYMode.ECHOK, 0);
+        modes.put(PTYMode.ECHONL, 0);
+        modes.put(PTYMode.NOFLSH, 0);
+        allocatePTY("vt100", 0, 0, 0, 0, modes);
+    }
+
+    public void allocatePTY(String term, int cols, int rows, int width, int height, Map<PTYMode, Integer> modes)
+            throws ConnectionException, TransportException {
+        sendChannelRequest(
+                "pty-req",
+                true,
+                new Buffer.PlainBuffer()
+                        .putString(term)
+                        .putInt(cols)
+                        .putInt(rows)
+                        .putInt(width)
+                        .putInt(height)
+                        .putBytes(PTYMode.encode(modes))
+        ).await(conn.getTimeout(), TimeUnit.SECONDS);
+    }
+
+    public Boolean canDoFlowControl() {
+        return canDoFlowControl;
+    }
+
+    public void changeWindowDimensions(int cols, int rows, int width, int height) throws TransportException {
+        sendChannelRequest(
+                "pty-req",
+                false,
+                new Buffer.PlainBuffer()
+                        .putInt(cols)
+                        .putInt(rows)
+                        .putInt(width)
+                        .putInt(height)
+        );
+    }
+
+    public Command exec(String command) throws ConnectionException, TransportException {
+        log.info("Will request to exec `{}`", command);
+        sendChannelRequest("exec", true, new Buffer.PlainBuffer().putString(command)).await(conn.getTimeout(), TimeUnit.SECONDS);
+        return this;
+    }
+
+    public String getErrorAsString() throws IOException {
+        return StreamCopier.copyStreamToString(err);
+    }
+
+    public InputStream getErrorStream() {
+        return err;
+    }
+
+    public String getExitErrorMessage() {
+        return exitErrMsg;
+    }
+
+    public Signal getExitSignal() {
+        return exitSignal;
+    }
+
+    public Integer getExitStatus() {
+        return exitStatus;
+    }
+
+    public String getOutputAsString() throws IOException {
+        return StreamCopier.copyStreamToString(getInputStream());
+    }
+
+    @Override
+    public void handleRequest(String req, SSHPacket buf) throws ConnectionException, TransportException {
+        if ("xon-xoff".equals(req))
+            canDoFlowControl = buf.readBoolean();
+        else if ("exit-status".equals(req))
+            exitStatus = buf.readInt();
+        else if ("exit-signal".equals(req)) {
+            exitSignal = Signal.fromString(buf.readString());
+            wasCoreDumped = buf.readBoolean(); // core dumped
+            exitErrMsg = buf.readString();
+            sendClose();
+        } else
+            super.handleRequest(req, buf);
+    }
+
+    public void reqX11Forwarding(String authProto, String authCookie, int screen) throws ConnectionException,
+            TransportException {
+        sendChannelRequest(
+                "x11-req",
+                true,
+                new Buffer.PlainBuffer()
+                        .putBoolean(false)
+                        .putString(authProto)
+                        .putString(authCookie)
+                        .putInt(screen)
+        ).await(conn.getTimeout(), TimeUnit.SECONDS);
+    }
+
+    public void setEnvVar(String name, String value) throws ConnectionException, TransportException {
+        sendChannelRequest("env", true, new Buffer.PlainBuffer().putString(name).putString(value)).await(conn.getTimeout(), TimeUnit.SECONDS);
+    }
+
+    public void signal(Signal sig) throws TransportException {
+        sendChannelRequest("signal", false, new Buffer.PlainBuffer().putString(sig.toString()));
+    }
+
+    public Shell startShell() throws ConnectionException, TransportException {
+        sendChannelRequest("shell", true, null).await(conn.getTimeout(), TimeUnit.SECONDS);
+        return this;
+    }
+
+    public Subsystem startSubsystem(String name) throws ConnectionException, TransportException {
+        log.info("Will request `{}` subsystem", name);
+        sendChannelRequest("subsystem", true, new Buffer.PlainBuffer().putString(name)).await(conn.getTimeout(), TimeUnit.SECONDS);
+        return this;
+    }
+
+    public Boolean getExitWasCoreDumped() {
+        return wasCoreDumped;
+    }
+
+    @Override
+    protected void closeAllStreams() {
+        IOUtils.closeQuietly(err);
+        super.closeAllStreams();
+    }
+
+    @Override
+    protected void eofInputStreams() {
+        err.eof(); // also close the stderr stream
+        super.eofInputStreams();
+    }
+
+    @Override
+    protected void gotExtendedData(int dataTypeCode, SSHPacket buf) throws ConnectionException, TransportException {
+        if (dataTypeCode == 1)
+            receiveInto(err, buf);
+        else
+            super.gotExtendedData(dataTypeCode, buf);
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/direct/SessionFactory.java b/src/main/java/net/schmizz/sshj/connection/channel/direct/SessionFactory.java
new file mode 100644
index 00000000..46a80018
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/direct/SessionFactory.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.connection.channel.direct;
+
+import net.schmizz.sshj.common.SSHException;
+
+/** A factory interface for creating SSH {@link Session session channels}. */
+public interface SessionFactory {
+    /**
+     * Opens a {@code session} channel. The returned {@link Session} instance allows {@link Session#exec(String)
+     * executing a remote command}, {@link Session#startSubsystem(String) starting a subsystem}, or {@link
+     * Session#startShell() starting a shell}.
+     *
+     * @return the opened {@code session} channel
+     *
+     * @throws SSHException
+     * @see {@link Session}
+     */
+    Session startSession() throws SSHException;
+
+}
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/direct/Signal.java b/src/main/java/net/schmizz/sshj/connection/channel/direct/Signal.java
new file mode 100644
index 00000000..a3590a47
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/direct/Signal.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+
+package net.schmizz.sshj.connection.channel.direct;
+
+/** Various signals that may be sent or received. The signals are from POSIX and simply miss the {@code "SIG_"} prefix. */
+public enum Signal {
+
+    ABRT("ABRT"), ALRM("ALRM"), FPE("FPE"), HUP("HUP"), ILL("ILL"), INT("INT"), KILL("KILL"), PIPE("PIPE"), QUIT(
+            "QUIT"), SEGV("SEGV"), TERM("TERM"), USR1("USR1"), USR2("USR2"), UNKNOWN("UNKNOWN");
+
+    /**
+     * Create from the string representation used when the signal is received as part of an SSH packet.
+     *
+     * @param name name of the signal as received
+     *
+     * @return the enum constant inferred
+     */
+    public static Signal fromString(String name) {
+        for (Signal sig : Signal.values())
+            if (sig.name.equals(name))
+                return sig;
+        return UNKNOWN;
+    }
+
+    private final String name;
+
+    private Signal(String name) {
+        this.name = name;
+    }
+
+    @Override
+    public String toString() {
+        return name;
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/forwarded/AbstractForwardedChannel.java b/src/main/java/net/schmizz/sshj/connection/channel/forwarded/AbstractForwardedChannel.java
new file mode 100644
index 00000000..a4f69912
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/forwarded/AbstractForwardedChannel.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.connection.channel.forwarded;
+
+import net.schmizz.sshj.common.Message;
+import net.schmizz.sshj.connection.Connection;
+import net.schmizz.sshj.connection.channel.AbstractChannel;
+import net.schmizz.sshj.connection.channel.Channel;
+import net.schmizz.sshj.connection.channel.OpenFailException.Reason;
+import net.schmizz.sshj.transport.TransportException;
+
+/** Base class for forwarded channels whose open is initiated by the server. */
+public abstract class AbstractForwardedChannel extends AbstractChannel implements Channel.Forwarded {
+
+    protected final String origIP;
+    protected final int origPort;
+
+    /*
+    * First 2 args are standard; the others can be parsed from a CHANNEL_OPEN packet.
+    */
+
+    protected AbstractForwardedChannel(String type, Connection conn, int recipient, int remoteWinSize,
+                                       int remoteMaxPacketSize, String origIP, int origPort) {
+        super(type, conn);
+        this.origIP = origIP;
+        this.origPort = origPort;
+        init(recipient, remoteWinSize, remoteMaxPacketSize);
+    }
+
+    public void confirm() throws TransportException {
+        log.info("Confirming `{}` channel #{}", getType(), getID());
+        // Must ensure channel is attached before confirming, data could start coming in immediately!
+        conn.attach(this);
+        trans.write(newBuffer(Message.CHANNEL_OPEN_CONFIRMATION)
+                .putInt(getID())
+                .putInt(getLocalWinSize())
+                .putInt(getLocalMaxPacketSize()));
+        open.set();
+    }
+
+    public void reject(Reason reason, String message) throws TransportException {
+        log.info("Rejecting `{}` channel: {}", getType(), message);
+        conn.sendOpenFailure(getRecipient(), reason, message);
+    }
+
+    public String getOriginatorIP() {
+        return origIP;
+    }
+
+    public int getOriginatorPort() {
+        return origPort;
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/forwarded/AbstractForwardedChannelOpener.java b/src/main/java/net/schmizz/sshj/connection/channel/forwarded/AbstractForwardedChannelOpener.java
new file mode 100644
index 00000000..75436855
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/forwarded/AbstractForwardedChannelOpener.java
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+
+package net.schmizz.sshj.connection.channel.forwarded;
+
+import net.schmizz.sshj.common.IOUtils;
+import net.schmizz.sshj.connection.Connection;
+import net.schmizz.sshj.connection.channel.Channel;
+import net.schmizz.sshj.connection.channel.OpenFailException;
+import net.schmizz.sshj.transport.TransportException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+
+/** Base class for {@link net.schmizz.sshj.connection.channel.forwarded.ForwardedChannelOpener}'s. */
+public abstract class AbstractForwardedChannelOpener implements ForwardedChannelOpener {
+
+    protected final Logger log = LoggerFactory.getLogger(getClass());
+
+    protected final String chanType;
+    protected final Connection conn;
+
+    protected AbstractForwardedChannelOpener(String chanType, Connection conn) {
+        this.chanType = chanType;
+        this.conn = conn;
+    }
+
+    public String getChannelType() {
+        return chanType;
+    }
+
+    /*
+    * Calls the listener with the new channel in a separate thread.
+    */
+
+    protected void callListener(final ConnectListener listener, final Channel.Forwarded chan) {
+        new Thread() {
+
+            {
+                setName("ConnectListener");
+            }
+
+            @Override
+            public void run() {
+                try {
+                    listener.gotConnect(chan);
+                } catch (IOException logged) {
+                    log.warn("In callback to {}: {}", listener, logged);
+                    if (chan.isOpen())
+                        IOUtils.closeQuietly(chan);
+                    else
+                        try {
+                            chan.reject(OpenFailException.Reason.CONNECT_FAILED, "");
+                        } catch (TransportException cantdonthn) {
+                            log.warn("Error rejecting {}: {}", chan, cantdonthn);
+                        }
+                }
+            }
+
+        }.start();
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/forwarded/ConnectListener.java b/src/main/java/net/schmizz/sshj/connection/channel/forwarded/ConnectListener.java
new file mode 100644
index 00000000..d3c39498
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/forwarded/ConnectListener.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.connection.channel.forwarded;
+
+import net.schmizz.sshj.connection.channel.Channel;
+
+import java.io.IOException;
+
+/** A connect listener is just that: it listens for new forwarded channels and can be delegated charge of them. */
+public interface ConnectListener {
+
+    /**
+     * Notify this listener of a new forwarded channel. An implementation should firstly {@link
+     * net.schmizz.sshj.connection.channel.Channel.Forwarded#confirm() confirm} or {@link
+     * net.schmizz.sshj.connection.channel.Channel.Forwarded#reject() reject} that channel.
+     *
+     * @param chan the {@link net.schmizz.sshj.connection.channel.Channel.Forwarded forwarded channel}
+     *
+     * @throws java.io.IOException
+     */
+    void gotConnect(Channel.Forwarded chan) throws IOException;
+
+}
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/forwarded/ForwardedChannelOpener.java b/src/main/java/net/schmizz/sshj/connection/channel/forwarded/ForwardedChannelOpener.java
new file mode 100644
index 00000000..b200c168
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/forwarded/ForwardedChannelOpener.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.connection.channel.forwarded;
+
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.connection.ConnectionException;
+import net.schmizz.sshj.transport.TransportException;
+
+/** Takes care of handling {@code SSH_MSG_CHANNEL_OPEN} requests for forwarded channels of a specific type. */
+public interface ForwardedChannelOpener {
+
+    /** Returns the name of the channel type this opener can next. */
+    String getChannelType();
+
+    /**
+     * Delegates a {@code SSH_MSG_CHANNEL_OPEN} request for the channel type claimed by this opener.
+     *
+     * @param buf {@link net.schmizz.sshj.common.SSHPacket} containg the request except for the message identifier and
+     *            channel type field
+     */
+    void handleOpen(SSHPacket buf) throws ConnectionException, TransportException;
+
+}
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/forwarded/RemotePortForwarder.java b/src/main/java/net/schmizz/sshj/connection/channel/forwarded/RemotePortForwarder.java
new file mode 100644
index 00000000..79c2f186
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/forwarded/RemotePortForwarder.java
@@ -0,0 +1,236 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.connection.channel.forwarded;
+
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.connection.Connection;
+import net.schmizz.sshj.connection.ConnectionException;
+import net.schmizz.sshj.connection.channel.OpenFailException;
+import net.schmizz.sshj.transport.TransportException;
+
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.TimeUnit;
+
+/** Handles remote port forwarding. */
+public class RemotePortForwarder extends AbstractForwardedChannelOpener {
+
+    /**
+     * Represents a particular forwarding. From RFC 4254, s. 7.1
+     * <p/>
+     * <pre>
+     *    The 'address to bind' and 'port number to bind' specify the IP
+     *    address (or domain name) and port on which connections for forwarding
+     *    are to be accepted.  Some strings used for 'address to bind' have
+     *    special-case semantics.
+     * <p/>
+     *    o  &quot;&quot; means that connections are to be accepted on all protocol
+     *       families supported by the SSH implementation.
+     * <p/>
+     *    o  &quot;0.0.0.0&quot; means to listen on all IPv4 addresses.
+     * <p/>
+     *    o  &quot;::&quot; means to listen on all IPv6 addresses.
+     * <p/>
+     *    o  &quot;localhost&quot; means to listen on all protocol families supported by
+     *       the SSH implementation on loopback addresses only ([RFC3330] and
+     *       [RFC3513]).
+     * <p/>
+     *    o  &quot;127.0.0.1&quot; and &quot;::1&quot; indicate listening on the loopback
+     *       interfaces for IPv4 and IPv6, respectively.
+     * </pre>
+     */
+    public static final class Forward {
+
+        private final String address;
+        private int port;
+
+        /**
+         * Creates this forward with address as {@code ""} and specified {@code port}.
+         *
+         * @param port
+         */
+        public Forward(int port) {
+            this("", port);
+        }
+
+        /**
+         * Creates this forward with specified {@code address} and port as {@code 0}.
+         *
+         * @param address
+         */
+        public Forward(String address) {
+            this(address, 0);
+        }
+
+        /**
+         * Creates this forward with specified {@code address} and {@code port} number.
+         *
+         * @param address address to bind
+         * @param port    port number
+         */
+        public Forward(String address, int port) {
+            this.address = address;
+            this.port = port;
+        }
+
+        @Override
+        public boolean equals(Object obj) {
+            if (obj == null || getClass() != obj.getClass())
+                return false;
+            Forward other = (Forward) obj;
+            return address.equals(other.address) && port == other.port;
+        }
+
+        /** Returns the address represented by this forward. */
+        public String getAddress() {
+            return address;
+        }
+
+        /** Returns the port represented by this forward. */
+        public int getPort() {
+            return port;
+        }
+
+        @Override
+        public int hashCode() {
+            return toString().hashCode();
+        }
+
+        @Override
+        public String toString() {
+            return address + ":" + port;
+        }
+
+    }
+
+    /** A {@code forwarded-tcpip} channel. */
+    public static class ForwardedTCPIPChannel extends AbstractForwardedChannel {
+
+        public static final String TYPE = "forwarded-tcpip";
+
+        private final Forward fwd;
+
+        public ForwardedTCPIPChannel(Connection conn, int recipient, int remoteWinSize, int remoteMaxPacketSize,
+                                     Forward fwd, String origIP, int origPort) throws TransportException {
+            super(TYPE, conn, recipient, remoteWinSize, remoteMaxPacketSize, origIP, origPort);
+            this.fwd = fwd;
+        }
+
+        /** Returns the forwarding from which this channel originates. */
+        public Forward getParentForward() {
+            return fwd;
+        }
+
+    }
+
+    protected static final String PF_REQ = "tcpip-forward";
+    protected static final String PF_CANCEL = "cancel-tcpip-forward";
+
+    protected final Map<Forward, ConnectListener> listeners = new ConcurrentHashMap<Forward, ConnectListener>();
+
+    public RemotePortForwarder(Connection conn) {
+        super(ForwardedTCPIPChannel.TYPE, conn);
+    }
+
+    /**
+     * Request forwarding from the remote host on the specified {@link Forward}. Forwarded connections will be handled
+     * by supplied {@code listener}.
+     * <p/>
+     * If {@code forward} specifies as 0, the returned forward will have the correct port number as informed by remote
+     * host.
+     *
+     * @param forward  the {@link Forward} to put in place on remote host
+     * @param listener the listener which will next forwarded connection
+     *
+     * @return the {@link Forward} which was put into place on the remote host
+     *
+     * @throws net.schmizz.sshj.connection.ConnectionException
+     *          if there is an error requesting the forwarding
+     */
+    public Forward bind(Forward forward, ConnectListener listener) throws ConnectionException, TransportException {
+        SSHPacket reply = req(PF_REQ, forward);
+        if (forward.port == 0)
+            forward.port = reply.readInt();
+        log.info("Remote end listening on {}", forward);
+        listeners.put(forward, listener);
+        return forward;
+    }
+
+    /**
+     * Request cancellation of some forwarding.
+     *
+     * @param forward the forward which is being cancelled
+     *
+     * @throws ConnectionException if there is an error with the cancellation request
+     */
+    public void cancel(Forward forward) throws ConnectionException, TransportException {
+        try {
+            req(PF_CANCEL, forward);
+        } finally {
+            listeners.remove(forward);
+        }
+    }
+
+    protected SSHPacket req(String reqName, Forward forward) throws ConnectionException, TransportException {
+        return conn.sendGlobalRequest(PF_REQ, true, new Buffer.PlainBuffer() //
+                .putString(forward.address) //
+                .putInt(forward.port)) //
+                .get(conn.getTimeout(), TimeUnit.SECONDS);
+    }
+
+    /** Returns the active forwards. */
+    public Set<Forward> getActiveForwards() {
+        return listeners.keySet();
+    }
+
+    /**
+     * Internal API. Creates a {@link ForwardedTCPIPChannel} from the {@code CHANNEL_OPEN} request and calls associated
+     * {@code ConnectListener} for that forward in a separate thread.
+     */
+    public void handleOpen(SSHPacket buf) throws ConnectionException, TransportException {
+        ForwardedTCPIPChannel chan = new ForwardedTCPIPChannel(conn, buf.readInt(), buf.readInt(), buf.readInt(), //
+                new Forward(buf.readString(), buf.readInt()), //
+                buf.readString(), buf.readInt());
+        if (listeners.containsKey(chan.getParentForward()))
+            callListener(listeners.get(chan.getParentForward()), chan);
+        else
+            chan.reject(OpenFailException.Reason.ADMINISTRATIVELY_PROHIBITED, "Forwarding was not requested on `"
+                    + chan.getParentForward() + "`");
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/forwarded/SocketForwardingConnectListener.java b/src/main/java/net/schmizz/sshj/connection/channel/forwarded/SocketForwardingConnectListener.java
new file mode 100644
index 00000000..d3ec0ef3
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/forwarded/SocketForwardingConnectListener.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.connection.channel.forwarded;
+
+import net.schmizz.sshj.common.StreamCopier;
+import net.schmizz.sshj.common.StreamCopier.ErrorCallback;
+import net.schmizz.sshj.connection.channel.Channel;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.Closeable;
+import java.io.IOException;
+import java.net.Socket;
+import java.net.SocketAddress;
+
+/**
+ * A {@link net.schmizz.sshj.connection.channel.forwarded.ConnectListener} that forwards what is received over the
+ * channel to a socket and vice-versa.
+ */
+public class SocketForwardingConnectListener implements ConnectListener {
+
+    protected final Logger log = LoggerFactory.getLogger(getClass());
+
+    protected final SocketAddress addr;
+
+    /** Create with a {@link SocketAddress} this listener will forward to. */
+    public SocketForwardingConnectListener(SocketAddress addr) {
+        this.addr = addr;
+    }
+
+    /** On connect, confirm the channel and start forwarding. */
+    public void gotConnect(Channel.Forwarded chan) throws IOException {
+        log.info("New connection from " + chan.getOriginatorIP() + ":" + chan.getOriginatorPort());
+
+        final Socket sock = new Socket();
+        sock.setSendBufferSize(chan.getLocalMaxPacketSize());
+        sock.setReceiveBufferSize(chan.getRemoteMaxPacketSize());
+
+        sock.connect(addr);
+
+        // ok so far -- could connect, let's confirm the channel
+        chan.confirm();
+
+        final ErrorCallback closer = StreamCopier.closeOnErrorCallback(chan, new Closeable() {
+            public void close() throws IOException {
+                sock.close();
+            }
+        });
+
+        new StreamCopier("soc2chan", sock.getInputStream(), chan.getOutputStream())
+                .bufSize(chan.getRemoteMaxPacketSize())
+                .errorCallback(closer)
+                .daemon(true)
+                .start();
+
+        new StreamCopier("chan2soc", chan.getInputStream(), sock.getOutputStream())
+                .bufSize(chan.getLocalMaxPacketSize())
+                .errorCallback(closer)
+                .daemon(true)
+                .start();
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/connection/channel/forwarded/X11Forwarder.java b/src/main/java/net/schmizz/sshj/connection/channel/forwarded/X11Forwarder.java
new file mode 100644
index 00000000..19e4dbfb
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/connection/channel/forwarded/X11Forwarder.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.connection.channel.forwarded;
+
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.connection.Connection;
+import net.schmizz.sshj.connection.ConnectionException;
+import net.schmizz.sshj.transport.TransportException;
+
+/**
+ * Handles forwarded {@code x11} channels. The actual request to forward X11 should be made from the specific {@link
+ * net.schmizz.sshj.connection.channel.direct.Session}.
+ */
+public class X11Forwarder extends AbstractForwardedChannelOpener {
+
+    /** An {@code x11} forwarded channel. */
+    public static class X11Channel extends AbstractForwardedChannel {
+
+        public static final String TYPE = "x11";
+
+        public X11Channel(Connection conn, int recipient, int remoteWinSize, int remoteMaxPacketSize, String origIP,
+                          int origPort) {
+            super(TYPE, conn, recipient, remoteWinSize, remoteMaxPacketSize, origIP, origPort);
+        }
+
+    }
+
+    private final ConnectListener listener;
+
+    /**
+     * Creates and registers itself with {@code conn}.
+     *
+     * @param conn     connection layer
+     * @param listener listener which will be delegated {@link X11Channel}'s to next
+     */
+    public X11Forwarder(Connection conn, ConnectListener listener) {
+        super(X11Channel.TYPE, conn);
+        this.listener = listener;
+    }
+
+    /** Internal API */
+    public void handleOpen(SSHPacket buf) throws ConnectionException, TransportException {
+        callListener(listener, new X11Channel(conn, buf.readInt(), buf.readInt(), buf.readInt(), buf.readString(), buf
+                .readInt()));
+    }
+
+    /** Stop handling {@code x11} channel open requests. De-registers itself with connection layer. */
+    public void stop() {
+        conn.forget(this);
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/sftp/FileAttributes.java b/src/main/java/net/schmizz/sshj/sftp/FileAttributes.java
new file mode 100644
index 00000000..3211ba63
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/FileAttributes.java
@@ -0,0 +1,229 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.xfer.FilePermission;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+
+public final class FileAttributes {
+
+    public static enum Flag {
+
+        SIZE(0x00000001), UIDGID(0x00000002), MODE(0x00000004), ACMODTIME(0x00000008), EXTENDED(0x80000000);
+
+        private final int flag;
+
+        private Flag(int flag) {
+            this.flag = flag;
+        }
+
+        public boolean isSet(int mask) {
+            return (mask & flag) == flag;
+        }
+
+        public int get() {
+            return flag;
+        }
+
+    }
+
+    private final FileMode mode;
+    private final int mask;
+    private final long size;
+    private final int uid;
+    private final int gid;
+    private final long atime;
+    private final long mtime;
+    private final Map<String, String> ext = new HashMap<String, String>();
+
+    public FileAttributes() {
+        size = atime = mtime = uid = gid = mask = 0;
+        mode = new FileMode(0);
+    }
+
+    public FileAttributes(int mask, long size, int uid, int gid, FileMode mode, long atime, long mtime,
+                          Map<String, String> ext) {
+        this.mask = mask;
+        this.size = size;
+        this.uid = uid;
+        this.gid = gid;
+        this.mode = mode;
+        this.atime = atime;
+        this.mtime = mtime;
+        this.ext.putAll(ext);
+    }
+
+    public boolean has(Flag flag) {
+        return flag.isSet(mask);
+    }
+
+    public long getSize() {
+        return size;
+    }
+
+    public int getUID() {
+        return uid;
+    }
+
+    public int getGID() {
+        return gid;
+    }
+
+    public FileMode getMode() {
+        return mode;
+    }
+
+    public Set<FilePermission> getPermissions() {
+        return mode.getPermissions();
+    }
+
+    public FileMode.Type getType() {
+        return mode.getType();
+    }
+
+    public long getAtime() {
+        return atime;
+    }
+
+    public long getMtime() {
+        return mtime;
+    }
+
+    public String getExtended(String type) {
+        return ext.get(type);
+    }
+
+    public byte[] toBytes() {
+        Buffer.PlainBuffer buf = new Buffer.PlainBuffer();
+        buf.putInt(mask);
+
+        if (has(Flag.SIZE))
+            buf.putUINT64(size);
+
+        if (has(Flag.UIDGID)) {
+            buf.putInt(uid);
+            buf.putInt(gid);
+        }
+
+        if (has(Flag.MODE))
+            buf.putInt(mode.getMask());
+
+        if (has(Flag.ACMODTIME)) {
+            buf.putInt(atime);
+            buf.putInt(mtime);
+        }
+
+        if (has(Flag.EXTENDED)) {
+            buf.putInt(ext.size());
+            for (Entry<String, String> entry : ext.entrySet()) {
+                buf.putString(entry.getKey());
+                buf.putString(entry.getValue());
+            }
+        }
+        return buf.getCompactData();
+    }
+
+    public static class Builder {
+
+        private int mask;
+        private long size;
+        private long atime;
+        private long mtime;
+        private FileMode mode = new FileMode(0);
+        private int uid;
+        private int gid;
+        private final Map<String, String> ext = new HashMap<String, String>();
+
+        public Builder withSize(long size) {
+            mask |= Flag.SIZE.get();
+            this.size = size;
+            return this;
+        }
+
+        public Builder withAtimeMtime(long atime, long mtime) {
+            mask |= Flag.ACMODTIME.get();
+            this.atime = atime;
+            this.mtime = mtime;
+            return this;
+        }
+
+        public Builder withUIDGID(int uid, int gid) {
+            mask |= Flag.UIDGID.get();
+            this.uid = uid;
+            this.gid = gid;
+            return this;
+        }
+
+        public Builder withPermissions(Set<FilePermission> perms) {
+            mask |= Flag.MODE.get();
+            this.mode = new FileMode(FilePermission.toMask(perms));
+            return this;
+        }
+
+        public Builder withPermissions(int perms) {
+            mask |= Flag.MODE.get();
+            this.mode = new FileMode(perms);
+            return this;
+        }
+
+        public Builder withExtended(String type, String data) {
+            mask |= Flag.EXTENDED.get();
+            ext.put(type, data);
+            return this;
+        }
+
+        public Builder withExtended(Map<String, String> ext) {
+            mask |= Flag.EXTENDED.get();
+            this.ext.putAll(ext);
+            return this;
+        }
+
+        public FileAttributes build() {
+            return new FileAttributes(mask, size, uid, gid, mode, atime, mtime, ext);
+        }
+
+    }
+
+    @Override
+    public String toString() {
+        StringBuilder sb = new StringBuilder("[");
+
+        if (has(Flag.SIZE))
+            sb.append("size=").append(size).append(";");
+
+        if (has(Flag.UIDGID))
+            sb.append("uid=").append(size).append(",gid=").append(gid).append(";");
+
+        if (has(Flag.MODE))
+            sb.append("mode=").append(mode.toString()).append(";");
+
+        if (has(Flag.ACMODTIME))
+            sb.append("atime=").append(atime).append(",mtime=").append(mtime).append(";");
+
+        if (has(Flag.EXTENDED))
+            sb.append("ext=").append(ext);
+
+        sb.append("]");
+
+        return sb.toString();
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/FileMode.java b/src/main/java/net/schmizz/sshj/sftp/FileMode.java
new file mode 100644
index 00000000..eee1db9e
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/FileMode.java
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import net.schmizz.sshj.xfer.FilePermission;
+
+import java.util.Collections;
+import java.util.Set;
+
+public class FileMode {
+
+    public static enum Type {
+        /** block special */
+        BLOCK_SPECIAL(0060000),
+        /** character special */
+        CHAR_SPECIAL(0020000),
+        /** FIFO special */
+        FIFO_SPECIAL(0010000),
+        /** socket special */
+        SOCKET_SPECIAL(0140000),
+        /** regular */
+        REGULAR(0100000),
+        /** directory */
+        DIRECTORY(0040000),
+        /** symbolic link */
+        SYMKLINK(0120000),
+        /** unknown */
+        UNKNOWN(0);
+
+        private final int val;
+
+        private Type(int val) {
+            this.val = val;
+        }
+
+        public static Type fromMask(int mask) {
+            for (Type t : Type.values())
+                if (t.val == mask)
+                    return t;
+            return UNKNOWN;
+        }
+
+        public static int toMask(Type t) {
+            return t.val;
+        }
+
+    }
+
+    private final int mask;
+    private final Type type;
+    private final Set<FilePermission> perms;
+
+    public FileMode(int mask) {
+        this.mask = mask;
+        this.type = Type.fromMask(getTypeMask());
+        this.perms = FilePermission.fromMask(getPermissionsMask());
+    }
+
+    public int getMask() {
+        return mask;
+    }
+
+    public int getTypeMask() {
+        return mask & 0770000;
+    }
+
+    public int getPermissionsMask() {
+        return mask & 07777;
+    }
+
+    public Type getType() {
+        return type;
+    }
+
+    public Set<FilePermission> getPermissions() {
+        return Collections.unmodifiableSet(perms);
+    }
+
+    @Override
+    public String toString() {
+        return "[mask=" + Integer.toOctalString(mask) + "]";
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/OpenMode.java b/src/main/java/net/schmizz/sshj/sftp/OpenMode.java
new file mode 100644
index 00000000..cf1cccdf
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/OpenMode.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import java.util.Set;
+
+public enum OpenMode {
+
+    /** Open the file for reading. */
+    READ(0x00000001),
+    /**
+     * Open the file for writing. If both this and {@link OpenMode#READ} are specified, the file is opened for both
+     * reading and writing.
+     */
+    WRITE(0x00000002),
+    /** Force all writes to append data at the end of the file. */
+    APPEND(0x00000004),
+    /**
+     * If this flag is specified, then a new file will be created if one does not already exist (if {@link
+     * OpenMode#TRUNC} is specified, the new file will be truncated to zero length if it previously exists).
+     */
+    CREAT(0x00000008),
+    /**
+     * Forces an existing file with the same name to be truncated to zero length when creating a file by specifying
+     * {@link OpenMode#CREAT}. {@link OpenMode#CREAT} MUST also be specified if this flag is used.
+     */
+    TRUNC(0x00000010),
+    /**
+     * Causes the request to fail if the named file already exists. {@link OpenMode#CREAT} MUST also be specified if
+     * this flag is used.
+     */
+    EXCL(0x00000020);
+
+    private final int pflag;
+
+    private OpenMode(int pflag) {
+        this.pflag = pflag;
+    }
+
+    public static int toMask(Set<OpenMode> modes) {
+        int mask = 0;
+        for (OpenMode m : modes)
+            mask |= m.pflag;
+        return mask;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/PacketReader.java b/src/main/java/net/schmizz/sshj/sftp/PacketReader.java
new file mode 100644
index 00000000..056d403d
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/PacketReader.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import net.schmizz.concurrent.Future;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+public class PacketReader extends Thread {
+
+    /** Logger */
+    private final Logger log = LoggerFactory.getLogger(getClass());
+
+    private final InputStream in;
+    private final Map<Long, Future<Response, SFTPException>> futures = new ConcurrentHashMap<Long, Future<Response, SFTPException>>();
+    private final SFTPPacket<Response> packet = new SFTPPacket<Response>();
+    private final byte[] lenBuf = new byte[4];
+
+    public PacketReader(InputStream in) {
+        this.in = in;
+        setName("sftp reader");
+    }
+
+    private void readIntoBuffer(byte[] buf, int off, int len) throws IOException {
+        int count = 0;
+        int read = 0;
+        while (count < len && ((read = in.read(buf, off + count, len - count)) != -1))
+            count += read;
+        if (read == -1)
+            throw new SFTPException("EOF while reading packet");
+    }
+
+    private int getPacketLength() throws IOException {
+        readIntoBuffer(lenBuf, 0, lenBuf.length);
+
+        return (int) (lenBuf[0] << 24 & 0xff000000L
+                | lenBuf[1] << 16 & 0x00ff0000L
+                | lenBuf[2] << 8 & 0x0000ff00L
+                | lenBuf[3] & 0x000000ffL
+        );
+    }
+
+    public SFTPPacket<Response> readPacket() throws IOException {
+        int len = getPacketLength();
+
+        packet.rpos(0);
+        packet.wpos(0);
+
+        packet.ensureCapacity(len);
+        readIntoBuffer(packet.array(), 0, len);
+
+        packet.wpos(len);
+
+        return packet;
+    }
+
+    @Override
+    public void run() {
+        try {
+            while (true) {
+                readPacket();
+                handle();
+            }
+        } catch (IOException e) {
+            for (Future<Response, SFTPException> future : futures.values())
+                future.error(e);
+        }
+    }
+
+    public void handle() throws SFTPException {
+        Response resp = new Response(packet);
+        Future<Response, SFTPException> future = futures.remove(resp.getRequestID());
+        log.debug("Received {} packet", resp.getType());
+        if (future == null)
+            throw new SFTPException("Received [" + resp.readType() + "] response for request-id " + resp.getRequestID()
+                    + ", no such request was made");
+        else
+            future.set(resp);
+    }
+
+    public void expectResponseTo(Request req) {
+        futures.put(req.getRequestID(), req.getResponseFuture());
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/PacketType.java b/src/main/java/net/schmizz/sshj/sftp/PacketType.java
new file mode 100644
index 00000000..98a404a6
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/PacketType.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+public enum PacketType {
+
+    UNKNOWN(0),
+    INIT(1),
+    VERSION(2),
+    OPEN(3),
+    CLOSE(4),
+    READ(5),
+    WRITE(6),
+    LSTAT(7),
+    FSTAT(8),
+    SETSTAT(9),
+    FSETSTAT(10),
+    OPENDIR(11),
+    READDIR(12),
+    REMOVE(13),
+    MKDIR(14),
+    RMDIR(15),
+    REALPATH(16),
+    STAT(17),
+    RENAME(18),
+    READLINK(19),
+    SYMLINK(20),
+    STATUS(101),
+    HANDLE(102),
+    DATA(103),
+    NAME(104),
+    ATTRS(105),
+    EXTENDED(200),
+    EXTENDED_REPLY(201);
+
+    private final byte b;
+
+    private static final PacketType[] cache = new PacketType[256];
+
+    static {
+        for (PacketType t : PacketType.values())
+            if (cache[t.toByte() & 0xff] == null)
+                cache[t.toByte() & 0xff] = t;
+    }
+
+    private PacketType(int b) {
+        this.b = (byte) b;
+    }
+
+    public static PacketType fromByte(byte b) {
+        return cache[b & 0xff];
+    }
+
+    public byte toByte() {
+        return b;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/PathComponents.java b/src/main/java/net/schmizz/sshj/sftp/PathComponents.java
new file mode 100644
index 00000000..0e72f019
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/PathComponents.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+class PathComponents {
+
+    public static String adjustForParent(String parent, String path) {
+        return (path.startsWith("/")) ? path // Absolute path, nothing to adjust
+                : (parent + (parent.endsWith("/") ? "" : "/") + path); // Relative path
+    }
+
+    private static String trimFinalSlash(String path) {
+        return path.endsWith("/") ? path.substring(0, path.length() - 1) : path;
+    }
+
+    private final String parent;
+    private final String name;
+    private final String path;
+
+    public PathComponents(String parent, String name) {
+        this.parent = parent;
+        this.name = name;
+        this.path = adjustForParent(parent, name);
+    }
+
+    public String getParent() {
+        return parent;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public String getPath() {
+        return path;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (o instanceof PathComponents) {
+            final PathComponents that = (PathComponents) o;
+            return (trimFinalSlash(path).equals(trimFinalSlash(that.path)));
+        }
+
+        return false;
+    }
+
+    @Override
+    public int hashCode() {
+        return trimFinalSlash(path).hashCode();
+    }
+
+    @Override
+    public String toString() {
+        return "[parent=" + parent + "; name=" + name + "; path=" + path + "]";
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/sftp/PathHelper.java b/src/main/java/net/schmizz/sshj/sftp/PathHelper.java
new file mode 100644
index 00000000..2636bd18
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/PathHelper.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import java.io.IOException;
+
+class PathHelper {
+
+    private final SFTPEngine sftp;
+    private String dotDir;
+
+    public PathHelper(SFTPEngine sftp) {
+        this.sftp = sftp;
+    }
+
+    public PathComponents getComponents(String path) throws IOException {
+        if (path.isEmpty() || path.equals("."))
+            return getComponents(getDotDir());
+
+        final int lastSlash = path.lastIndexOf("/");
+
+        if (lastSlash == -1)
+            if (path.equals(".."))
+                return getComponents(canon(path));
+            else
+                return new PathComponents(getDotDir(), path);
+
+        final String name = path.substring(lastSlash + 1);
+
+        if (name.equals(".") || name.equals(".."))
+            return getComponents(canon(path));
+        else {
+            final String parent = path.substring(0, lastSlash);
+            return new PathComponents(parent, name);
+        }
+    }
+
+    private String getDotDir() throws IOException {
+        return (dotDir != null) ? dotDir : (dotDir = canon("."));
+    }
+
+    private String canon(String path) throws IOException {
+        return sftp.canonicalize(path);
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/sftp/RandomAccessRemoteFile.java b/src/main/java/net/schmizz/sshj/sftp/RandomAccessRemoteFile.java
new file mode 100644
index 00000000..a3331e40
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/RandomAccessRemoteFile.java
@@ -0,0 +1,272 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import java.io.DataInput;
+import java.io.DataInputStream;
+import java.io.DataOutput;
+import java.io.DataOutputStream;
+import java.io.EOFException;
+import java.io.IOException;
+
+public class RandomAccessRemoteFile implements DataInput, DataOutput {
+
+
+    private final byte[] singleByte = new byte[1];
+
+    private final RemoteFile rf;
+
+    private long fp;
+
+    public RandomAccessRemoteFile(RemoteFile rf) {
+        this.rf = rf;
+    }
+
+    public long getFilePointer() {
+        return fp;
+    }
+
+    public void seek(long fp) {
+        this.fp = fp;
+    }
+
+    public int read() throws IOException {
+        return read(singleByte, 0, 1) == -1 ? -1 : singleByte[0];
+    }
+
+    public int read(byte[] b) throws IOException {
+        return read(b, 0, b.length);
+    }
+
+    public int read(byte[] b, int off, int len) throws IOException {
+        final int count = rf.read(fp, b, off, len);
+        fp += count;
+        return count;
+    }
+
+    public boolean readBoolean() throws IOException {
+        final int ch = read();
+        if (ch < 0)
+            throw new EOFException();
+        return (ch != 0);
+    }
+
+    public byte readByte() throws IOException {
+        final int ch = this.read();
+        if (ch < 0)
+            throw new EOFException();
+        return (byte) (ch);
+    }
+
+    public char readChar() throws IOException {
+        final int ch1 = this.read();
+        final int ch2 = this.read();
+        if ((ch1 | ch2) < 0)
+            throw new EOFException();
+        return (char) ((ch1 << 8) + ch2);
+    }
+
+    public double readDouble() throws IOException {
+        return Double.longBitsToDouble(readLong());
+    }
+
+    public float readFloat() throws IOException {
+        return Float.intBitsToFloat(readInt());
+    }
+
+    public void readFully(byte[] b) throws IOException {
+        readFully(b, 0, b.length);
+    }
+
+    public void readFully(byte[] b, int off, int len) throws IOException {
+        int n = 0;
+        do {
+            int count = read(b, off + n, len - n);
+            if (count < 0)
+                throw new EOFException();
+            n += count;
+        } while (n < len);
+    }
+
+    public int readInt() throws IOException {
+        final int ch1 = read();
+        final int ch2 = read();
+        final int ch3 = read();
+        final int ch4 = read();
+        if ((ch1 | ch2 | ch3 | ch4) < 0)
+            throw new EOFException();
+        return ((ch1 << 24) + (ch2 << 16) + (ch3 << 8) + ch4);
+    }
+
+    public String readLine() throws IOException {
+        StringBuffer input = new StringBuffer();
+        int c = -1;
+        boolean eol = false;
+
+        while (!eol)
+            switch (c = read()) {
+                case -1:
+                case '\n':
+                    eol = true;
+                    break;
+                case '\r':
+                    eol = true;
+                    long cur = getFilePointer();
+                    if ((read()) != '\n')
+                        seek(cur);
+                    break;
+                default:
+                    input.append((char) c);
+                    break;
+            }
+
+        if ((c == -1) && (input.length() == 0))
+            return null;
+        return input.toString();
+    }
+
+    public long readLong() throws IOException {
+        return ((long) (readInt()) << 32) + (readInt() & 0xFFFFFFFFL);
+    }
+
+    public short readShort() throws IOException {
+        final int ch1 = this.read();
+        final int ch2 = this.read();
+        if ((ch1 | ch2) < 0)
+            throw new EOFException();
+        return (short) ((ch1 << 8) + ch2);
+    }
+
+    public String readUTF() throws IOException {
+        return DataInputStream.readUTF(this);
+    }
+
+    public int readUnsignedByte() throws IOException {
+        final int ch = this.read();
+        if (ch < 0)
+            throw new EOFException();
+        return ch;
+    }
+
+    public int readUnsignedShort() throws IOException {
+        final int ch1 = this.read();
+        final int ch2 = this.read();
+        if ((ch1 | ch2) < 0)
+            throw new EOFException();
+        return (ch1 << 8) + ch2;
+    }
+
+    public int skipBytes(int n) throws IOException {
+        if (n <= 0)
+            return 0;
+        final long pos = getFilePointer();
+        final long len = rf.length();
+        long newpos = pos + n;
+        if (newpos > len)
+            newpos = len;
+        seek(newpos);
+
+        /* return the actual number of bytes skipped */
+        return (int) (newpos - pos);
+    }
+
+    public void write(int i) throws IOException {
+        singleByte[0] = (byte) i;
+        write(singleByte);
+    }
+
+    public void write(byte[] b) throws IOException {
+        write(b, 0, b.length);
+    }
+
+    public void write(byte[] b, int off, int len) throws IOException {
+        rf.write(fp, b, off, len);
+        fp += (len - off);
+    }
+
+    public void writeBoolean(boolean v) throws IOException {
+        write(v ? 1 : 0);
+    }
+
+    public void writeByte(int v) throws IOException {
+        write(v);
+    }
+
+    public void writeBytes(String s) throws IOException {
+        final byte[] b = s.getBytes();
+        write(b, 0, b.length);
+    }
+
+    public void writeChar(int v) throws IOException {
+        write((v >>> 8) & 0xFF);
+        write(v & 0xFF);
+    }
+
+    public void writeChars(String s) throws IOException {
+        final int clen = s.length();
+        final int blen = 2 * clen;
+        final byte[] b = new byte[blen];
+        final char[] c = new char[clen];
+        s.getChars(0, clen, c, 0);
+        for (int i = 0, j = 0; i < clen; i++) {
+            b[j++] = (byte) (c[i] >>> 8);
+            b[j++] = (byte) c[i];
+        }
+        write(b, 0, blen);
+    }
+
+    public void writeDouble(double v) throws IOException {
+        writeLong(Double.doubleToLongBits(v));
+    }
+
+    public void writeFloat(float v) throws IOException {
+        writeInt(Float.floatToIntBits(v));
+    }
+
+    public void writeInt(int v) throws IOException {
+        write((v >>> 24) & 0xFF);
+        write((v >>> 16) & 0xFF);
+        write((v >>> 8) & 0xFF);
+        write(v & 0xFF);
+    }
+
+    public void writeLong(long v) throws IOException {
+        write((int) (v >>> 56) & 0xFF);
+        write((int) (v >>> 48) & 0xFF);
+        write((int) (v >>> 40) & 0xFF);
+        write((int) (v >>> 32) & 0xFF);
+        write((int) (v >>> 24) & 0xFF);
+        write((int) (v >>> 16) & 0xFF);
+        write((int) (v >>> 8) & 0xFF);
+        write((int) v & 0xFF);
+    }
+
+    public void writeShort(int v) throws IOException {
+        write((v >>> 8) & 0xFF);
+        write(v & 0xFF);
+    }
+
+    public void writeUTF(String str) throws IOException {
+        final DataOutputStream dos = new DataOutputStream(rf.new RemoteFileOutputStream(fp));
+        try {
+            dos.writeUTF(str);
+        } finally {
+            dos.close();
+        }
+        fp += dos.size();
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/RemoteDirectory.java b/src/main/java/net/schmizz/sshj/sftp/RemoteDirectory.java
new file mode 100644
index 00000000..04cc3742
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/RemoteDirectory.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import net.schmizz.sshj.sftp.Response.StatusCode;
+
+import java.io.IOException;
+import java.util.LinkedList;
+import java.util.List;
+
+public class RemoteDirectory extends RemoteResource {
+
+    public RemoteDirectory(Requester requester, String path, String handle) {
+        super(requester, path, handle);
+    }
+
+    public List<RemoteResourceInfo> scan(RemoteResourceFilter filter) throws IOException {
+        List<RemoteResourceInfo> rri = new LinkedList<RemoteResourceInfo>();
+        loop:
+        for (; ;) {
+            Response res = requester.doRequest(newRequest(PacketType.READDIR));
+            switch (res.getType()) {
+
+                case NAME:
+                    final int count = res.readInt();
+                    for (int i = 0; i < count; i++) {
+                        final String name = res.readString();
+                        res.readString(); // long name - IGNORED - shdve never been in the protocol
+                        final FileAttributes attrs = res.readFileAttributes();
+                        RemoteResourceInfo inf = new RemoteResourceInfo(path, name, attrs);
+                        if (!(name.equals(".") || name.equals("..")) && (filter == null || filter.accept(inf)))
+                            rri.add(inf);
+                    }
+                    break loop;
+
+                case STATUS:
+                    res.ensureStatusIs(StatusCode.EOF);
+                    break loop;
+
+                default:
+                    throw new SFTPException("Unexpected packet: " + res.getType());
+            }
+        }
+        return rri;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/RemoteFile.java b/src/main/java/net/schmizz/sshj/sftp/RemoteFile.java
new file mode 100644
index 00000000..e798eb6c
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/RemoteFile.java
@@ -0,0 +1,175 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import net.schmizz.sshj.sftp.Response.StatusCode;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+public class RemoteFile extends RemoteResource {
+
+    public RemoteFile(Requester requester, String path, String handle) {
+        super(requester, path, handle);
+    }
+
+    public RemoteFileInputStream getInputStream() {
+        return new RemoteFileInputStream();
+    }
+
+    public RemoteFileOutputStream getOutputStream() {
+        return new RemoteFileOutputStream();
+    }
+
+    public FileAttributes fetchAttributes() throws IOException {
+        return requester.doRequest(newRequest(PacketType.FSTAT)) //
+                .ensurePacketTypeIs(PacketType.ATTRS) //
+                .readFileAttributes();
+    }
+
+    public long length() throws IOException {
+        return fetchAttributes().getSize();
+    }
+
+    public void setLength(long len) throws IOException {
+        setAttributes(new FileAttributes.Builder().withSize(len).build());
+    }
+
+    public int read(long fileOffset, byte[] to, int offset, int len) throws IOException {
+        Response res = requester.doRequest(newRequest(PacketType.READ).putUINT64(fileOffset).putInt(len));
+        switch (res.getType()) {
+            case DATA:
+                int recvLen = res.readInt();
+                System.arraycopy(res.array(), res.rpos(), to, offset, recvLen);
+                return recvLen;
+
+            case STATUS:
+                res.ensureStatusIs(StatusCode.EOF);
+                return -1;
+
+            default:
+                throw new SFTPException("Unexpected packet: " + res.getType());
+        }
+    }
+
+    public void write(long fileOffset, byte[] data, int off, int len) throws IOException {
+        requester.doRequest( //
+                newRequest(PacketType.WRITE) //
+                        .putUINT64(fileOffset) //
+                        .putInt(len - off) //
+                        .putRawBytes(data, off, len) //
+        ).ensureStatusPacketIsOK();
+    }
+
+    public void setAttributes(FileAttributes attrs) throws IOException {
+        requester.doRequest(newRequest(PacketType.FSETSTAT).putFileAttributes(attrs)).ensureStatusPacketIsOK();
+    }
+
+    public int getOutgoingPacketOverhead() {
+        return 1 + // packet type
+                4 + // request id
+                4 + // next length
+                handle.length() + // next
+                8 + // file offset
+                4 + // data length
+                4; // packet length
+    }
+
+    public class RemoteFileOutputStream extends OutputStream {
+
+
+        private final byte[] b = new byte[1];
+
+        private long fileOffset;
+
+        public RemoteFileOutputStream() {
+            this(0);
+        }
+
+        public RemoteFileOutputStream(long fileOffset) {
+            this.fileOffset = fileOffset;
+        }
+
+        @Override
+        public void write(int w) throws IOException {
+            b[0] = (byte) w;
+            write(b, 0, 1);
+        }
+
+        @Override
+        public void write(byte[] buf, int off, int len) throws IOException {
+            RemoteFile.this.write(fileOffset, buf, off, len);
+            fileOffset += len;
+        }
+
+    }
+
+    public class RemoteFileInputStream extends InputStream {
+
+        private final byte[] b = new byte[1];
+
+        private long fileOffset;
+        private long markPos;
+        private long readLimit;
+
+        public RemoteFileInputStream() {
+            this(0);
+        }
+
+        public RemoteFileInputStream(int fileOffset) {
+            this.fileOffset = fileOffset;
+        }
+
+        @Override
+        public boolean markSupported() {
+            return true;
+        }
+
+        @Override
+        public void mark(int readLimit) {
+            this.readLimit = readLimit;
+            markPos = fileOffset;
+        }
+
+        @Override
+        public void reset() throws IOException {
+            fileOffset = markPos;
+        }
+
+        @Override
+        public long skip(long n) throws IOException {
+            return (this.fileOffset = Math.min(fileOffset + n, length()));
+        }
+
+        @Override
+        public int read() throws IOException {
+            return read(b, 0, 1) == -1 ? -1 : b[0];
+        }
+
+        @Override
+        public int read(byte[] into, int off, int len) throws IOException {
+            int read = RemoteFile.this.read(fileOffset, into, off, len);
+            if (read != -1) {
+                fileOffset += read;
+                if (markPos != 0 && read > readLimit) // Invalidate mark position
+                    markPos = 0;
+            }
+            return read;
+        }
+
+    }
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/RemoteResource.java b/src/main/java/net/schmizz/sshj/sftp/RemoteResource.java
new file mode 100644
index 00000000..a878c77a
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/RemoteResource.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.Closeable;
+import java.io.IOException;
+
+abstract class RemoteResource implements Closeable {
+
+    /** Logger */
+    protected final Logger log = LoggerFactory.getLogger(getClass());
+
+    protected final Requester requester;
+    protected final String path;
+    protected final String handle;
+
+    protected RemoteResource(Requester requester, String path, String handle) {
+        this.requester = requester;
+        this.path = path;
+        this.handle = handle;
+    }
+
+    public String getPath() {
+        return path;
+    }
+
+    protected Request newRequest(PacketType type) {
+        return requester.newRequest(type).putString(handle);
+    }
+
+    public void close() throws IOException {
+        log.info("Closing `{}`", this);
+        requester.doRequest(newRequest(PacketType.CLOSE)).ensureStatusPacketIsOK();
+    }
+
+    @Override
+    public String toString() {
+        return "RemoteResource{" + path + "}";
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/RemoteResourceFilter.java b/src/main/java/net/schmizz/sshj/sftp/RemoteResourceFilter.java
new file mode 100644
index 00000000..2fee9469
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/RemoteResourceFilter.java
@@ -0,0 +1,22 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+public interface RemoteResourceFilter {
+
+    boolean accept(RemoteResourceInfo resource);
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/RemoteResourceInfo.java b/src/main/java/net/schmizz/sshj/sftp/RemoteResourceInfo.java
new file mode 100644
index 00000000..1fddea69
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/RemoteResourceInfo.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+public class RemoteResourceInfo {
+
+    private final PathComponents comps;
+    private final FileAttributes attrs;
+
+    public RemoteResourceInfo(String parent, String name, FileAttributes attrs) {
+        this.comps = new PathComponents(parent, name);
+        this.attrs = attrs;
+    }
+
+    public String getParent() {
+        return comps.getParent();
+    }
+
+    public String getPath() {
+        return comps.getPath();
+    }
+
+    public String getName() {
+        return comps.getName();
+    }
+
+    public FileAttributes getAttributes() {
+        return attrs;
+    }
+
+    public boolean isType(FileMode.Type type) {
+        return attrs.getType() == type;
+    }
+
+    public boolean isRegularFile() {
+        return isType(FileMode.Type.REGULAR);
+    }
+
+    public boolean isDirectory() {
+        return isType(FileMode.Type.DIRECTORY);
+    }
+
+    public boolean isSymlink() {
+        return isType(FileMode.Type.SYMKLINK);
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (o instanceof RemoteResourceInfo) {
+            final RemoteResourceInfo that = (RemoteResourceInfo) o;
+            if (comps.equals(that.comps))
+                return true;
+        }
+        return false;
+    }
+
+    @Override
+    public int hashCode() {
+        return comps.hashCode();
+    }
+
+    @Override
+    public String toString() {
+        return "[" + attrs.getType() + "] " + getPath();
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/Request.java b/src/main/java/net/schmizz/sshj/sftp/Request.java
new file mode 100644
index 00000000..e75f8042
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/Request.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import net.schmizz.concurrent.Future;
+
+public class Request extends SFTPPacket<Request> {
+
+    private final PacketType type;
+    private final long reqID;
+    private final Future<Response, SFTPException> responseFuture;
+
+    public Request(PacketType type, long reqID) {
+        super();
+        this.reqID = reqID;
+        this.type = type;
+        responseFuture = new Future<Response, SFTPException>("sftp / " + reqID, SFTPException.chainer);
+        putByte(type.toByte());
+        putInt(reqID);
+    }
+
+    public long getRequestID() {
+        return reqID;
+    }
+
+    public PacketType getType() {
+        return type;
+    }
+
+    public Future<Response, SFTPException> getResponseFuture() {
+        return responseFuture;
+    }
+
+    @Override
+    public String toString() {
+        return "Request{" + reqID + ";" + type + "}";
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/Requester.java b/src/main/java/net/schmizz/sshj/sftp/Requester.java
new file mode 100644
index 00000000..d21ae05f
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/Requester.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import java.io.IOException;
+
+public interface Requester {
+
+    Request newRequest(PacketType type);
+
+    Response doRequest(Request req) throws IOException;
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/Response.java b/src/main/java/net/schmizz/sshj/sftp/Response.java
new file mode 100644
index 00000000..d0086099
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/Response.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import net.schmizz.sshj.common.Buffer;
+
+public class Response extends SFTPPacket<Response> {
+
+    public static enum StatusCode {
+        UNKNOWN(-1),
+        OK(0),
+        EOF(1),
+        NO_SUCH_FILE(2),
+        PERMISSION_DENIED(3),
+        FAILURE(4),
+        BAD_MESSAGE(5),
+        NO_CONNECTION(6),
+        CONNECITON_LOST(7),
+        OP_UNSUPPORTED(8);
+
+        private final int code;
+
+        public static StatusCode fromInt(int code) {
+            for (StatusCode s : StatusCode.values())
+                if (s.code == code)
+                    return s;
+            return UNKNOWN;
+        }
+
+        private StatusCode(int code) {
+            this.code = code;
+        }
+
+    }
+
+    private final PacketType type;
+    private final long reqID;
+
+    public Response(Buffer<Response> pk) {
+        super(pk);
+        this.type = readType();
+        this.reqID = readLong();
+    }
+
+    public long getRequestID() {
+        return reqID;
+    }
+
+    public PacketType getType() {
+        return type;
+    }
+
+    public StatusCode readStatusCode() {
+        return StatusCode.fromInt(readInt());
+    }
+
+    public Response ensurePacketTypeIs(PacketType pt) throws SFTPException {
+        if (getType() != pt)
+            if (getType() == PacketType.STATUS)
+                throw new SFTPException(readStatusCode(), readString());
+            else
+                throw new SFTPException("Unexpected packet " + getType());
+        return this;
+    }
+
+    public Response ensureStatusPacketIsOK() throws SFTPException {
+        return ensurePacketTypeIs(PacketType.STATUS).ensureStatusIs(StatusCode.OK);
+    }
+
+    public Response ensureStatusIs(StatusCode acceptable) throws SFTPException {
+        StatusCode sc = readStatusCode();
+        if (sc != acceptable)
+            throw new SFTPException(sc, readString());
+        return this;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/SFTPClient.java b/src/main/java/net/schmizz/sshj/sftp/SFTPClient.java
new file mode 100644
index 00000000..fb59063b
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/SFTPClient.java
@@ -0,0 +1,175 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import net.schmizz.sshj.connection.channel.direct.SessionFactory;
+import net.schmizz.sshj.xfer.FilePermission;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.util.EnumSet;
+import java.util.List;
+import java.util.Set;
+
+public class SFTPClient {
+
+    /** Logger */
+    protected final Logger log = LoggerFactory.getLogger(getClass());
+
+    private final SFTPEngine sftp;
+    private final SFTPFileTransfer xfer;
+
+    public SFTPClient(SessionFactory ssh) throws IOException {
+        this.sftp = new SFTPEngine(ssh).init();
+        this.xfer = new SFTPFileTransfer(sftp);
+    }
+
+    public SFTPEngine getSFTPEngine() {
+        return sftp;
+    }
+
+    public SFTPFileTransfer getFileTansfer() {
+        return xfer;
+    }
+
+    public List<RemoteResourceInfo> ls(String path) throws IOException {
+        return ls(path, null);
+    }
+
+    public List<RemoteResourceInfo> ls(String path, RemoteResourceFilter filter) throws IOException {
+        final RemoteDirectory dir = sftp.openDir(path);
+        try {
+            return dir.scan(filter);
+        } finally {
+            dir.close();
+        }
+    }
+
+    public RemoteFile open(String filename, Set<OpenMode> mode, FileAttributes attrs) throws IOException {
+        log.debug("Opening `{}`", filename);
+        return sftp.open(filename, mode, attrs);
+    }
+
+    public RemoteFile open(String filename, Set<OpenMode> mode) throws IOException {
+        return open(filename, mode, new FileAttributes());
+    }
+
+    public RemoteFile open(String filename) throws IOException {
+        return open(filename, EnumSet.of(OpenMode.READ));
+    }
+
+    public void mkdir(String dirname) throws IOException {
+        sftp.makeDir(dirname);
+    }
+
+    public void rename(String oldpath, String newpath) throws IOException {
+        sftp.rename(oldpath, newpath);
+    }
+
+    public void rm(String filename) throws IOException {
+        sftp.remove(filename);
+    }
+
+    public void rmdir(String dirname) throws IOException {
+        sftp.removeDir(dirname);
+    }
+
+    public void symlink(String linkpath, String targetpath) throws IOException {
+        sftp.symlink(linkpath, targetpath);
+    }
+
+    public int version() {
+        return sftp.getOperativeProtocolVersion();
+    }
+
+    public void setattr(String path, FileAttributes attrs) throws IOException {
+        sftp.setAttributes(path, attrs);
+    }
+
+    public int uid(String path) throws IOException {
+        return stat(path).getUID();
+    }
+
+    public int gid(String path) throws IOException {
+        return stat(path).getGID();
+    }
+
+    public long atime(String path) throws IOException {
+        return stat(path).getAtime();
+    }
+
+    public long mtime(String path) throws IOException {
+        return stat(path).getMtime();
+    }
+
+    public Set<FilePermission> perms(String path) throws IOException {
+        return stat(path).getPermissions();
+    }
+
+    public FileMode mode(String path) throws IOException {
+        return stat(path).getMode();
+    }
+
+    public FileMode.Type type(String path) throws IOException {
+        return stat(path).getType();
+    }
+
+    public String readlink(String path) throws IOException {
+        return sftp.readLink(path);
+    }
+
+    public FileAttributes stat(String path) throws IOException {
+        return sftp.stat(path);
+    }
+
+    public FileAttributes lstat(String path) throws IOException {
+        return sftp.lstat(path);
+    }
+
+    public void chown(String path, int uid) throws IOException {
+        setattr(path, new FileAttributes.Builder().withUIDGID(uid, gid(path)).build());
+    }
+
+    public void chmod(String path, int perms) throws IOException {
+        setattr(path, new FileAttributes.Builder().withPermissions(perms).build());
+    }
+
+    public void chgrp(String path, int gid) throws IOException {
+        setattr(path, new FileAttributes.Builder().withUIDGID(uid(path), gid).build());
+    }
+
+    public void truncate(String path, long size) throws IOException {
+        setattr(path, new FileAttributes.Builder().withSize(size).build());
+    }
+
+    public String canonicalize(String path) throws IOException {
+        return sftp.canonicalize(path);
+    }
+
+    public long size(String path) throws IOException {
+        return stat(path).getSize();
+    }
+
+    public void get(String source, String dest) throws IOException {
+        xfer.download(source, dest);
+    }
+
+    public void put(String source, String dest) throws IOException {
+        xfer.upload(source, dest);
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/SFTPEngine.java b/src/main/java/net/schmizz/sshj/sftp/SFTPEngine.java
new file mode 100644
index 00000000..e974f3a0
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/SFTPEngine.java
@@ -0,0 +1,215 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import net.schmizz.sshj.common.SSHException;
+import net.schmizz.sshj.connection.channel.direct.Session.Subsystem;
+import net.schmizz.sshj.connection.channel.direct.SessionFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.EnumSet;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.TimeUnit;
+
+public class SFTPEngine implements Requester {
+
+    /** Logger */
+    private final Logger log = LoggerFactory.getLogger(getClass());
+
+    public static final int PROTOCOL_VERSION = 3;
+
+    public static final int DEFAULT_TIMEOUT = 30;
+
+    private volatile int timeout = DEFAULT_TIMEOUT;
+
+    private final Subsystem sub;
+    private final PacketReader reader;
+    private final OutputStream out;
+
+    private long reqID;
+    private int negotiatedVersion;
+    private final Map<String, String> serverExtensions = new HashMap<String, String>();
+
+    public SFTPEngine(SessionFactory ssh) throws SSHException {
+        sub = ssh.startSession().startSubsystem("sftp");
+        out = sub.getOutputStream();
+        reader = new PacketReader(sub.getInputStream());
+    }
+
+    public Subsystem getSubsystem() {
+        return sub;
+    }
+
+    public SFTPEngine init() throws IOException {
+        transmit(new SFTPPacket<Request>(PacketType.INIT).putInt(PROTOCOL_VERSION));
+
+        final SFTPPacket<Response> response = reader.readPacket();
+
+        final PacketType type = response.readType();
+        if (type != PacketType.VERSION)
+            throw new SFTPException("Expected INIT packet, received: " + type);
+
+        negotiatedVersion = response.readInt();
+        log.info("Client version {}, server version {}", PROTOCOL_VERSION, negotiatedVersion);
+        if (negotiatedVersion < PROTOCOL_VERSION)
+            throw new SFTPException("Server reported protocol version: " + negotiatedVersion);
+
+        while (response.available() > 0)
+            serverExtensions.put(response.readString(), response.readString());
+
+        // Start reader thread
+        reader.start();
+        return this;
+    }
+
+    public int getOperativeProtocolVersion() {
+        return negotiatedVersion;
+    }
+
+    public synchronized Request newRequest(PacketType type) {
+        return new Request(type, reqID = reqID + 1 & 0xffffffffL);
+    }
+
+    public Response doRequest(Request req) throws IOException {
+        reader.expectResponseTo(req);
+        log.debug("Sending {}", req);
+        transmit(req);
+        return req.getResponseFuture().get(timeout, TimeUnit.SECONDS);
+    }
+
+    private synchronized void transmit(SFTPPacket<Request> payload) throws IOException {
+        final int len = payload.available();
+        out.write((len >>> 24) & 0xff);
+        out.write((len >>> 16) & 0xff);
+        out.write((len >>> 8) & 0xff);
+        out.write(len & 0xff);
+        out.write(payload.array(), 0, len);
+        out.flush();
+    }
+
+    public RemoteFile open(String path, Set<OpenMode> modes, FileAttributes fa) throws IOException {
+
+        final String handle = doRequest(
+                newRequest(PacketType.OPEN).putString(path).putInt(OpenMode.toMask(modes)).putFileAttributes(fa)
+        ).ensurePacketTypeIs(PacketType.HANDLE).readString();
+        return new RemoteFile(this, path, handle);
+    }
+
+    public RemoteFile open(String filename, Set<OpenMode> modes) throws IOException {
+        return open(filename, modes, new FileAttributes());
+    }
+
+    public RemoteFile open(String filename) throws IOException {
+        return open(filename, EnumSet.of(OpenMode.READ));
+    }
+
+    public RemoteDirectory openDir(String path) throws IOException {
+        final String handle = doRequest(
+                newRequest(PacketType.OPENDIR).putString(path)
+        ).ensurePacketTypeIs(PacketType.HANDLE).readString();
+        return new RemoteDirectory(this, path, handle);
+    }
+
+    public void setAttributes(String path, FileAttributes attrs) throws IOException {
+        doRequest(
+                newRequest(PacketType.SETSTAT).putString(path).putFileAttributes(attrs)
+        ).ensureStatusPacketIsOK();
+    }
+
+    public String readLink(String path) throws IOException {
+        return readSingleName(
+                doRequest(
+                        newRequest(PacketType.READLINK).putString(path)
+                ));
+    }
+
+    public void makeDir(String path, FileAttributes attrs) throws IOException {
+        doRequest(
+                newRequest(PacketType.MKDIR).putString(path).putFileAttributes(attrs)
+        ).ensureStatusPacketIsOK();
+    }
+
+    public void makeDir(String path) throws IOException {
+        makeDir(path, new FileAttributes());
+    }
+
+    public void symlink(String linkpath, String targetpath) throws IOException {
+        doRequest(
+                newRequest(PacketType.SYMLINK).putString(linkpath).putString(targetpath)
+        ).ensureStatusPacketIsOK();
+    }
+
+    public void remove(String filename) throws IOException {
+        doRequest(
+                newRequest(PacketType.REMOVE).putString(filename)
+        ).ensureStatusPacketIsOK();
+    }
+
+    public void removeDir(String path) throws IOException {
+        doRequest(
+                newRequest(PacketType.RMDIR).putString(path)
+        ).ensureStatusIs(Response.StatusCode.OK);
+    }
+
+    private FileAttributes stat(PacketType pt, String path) throws IOException {
+        return doRequest(newRequest(pt).putString(path))
+                .ensurePacketTypeIs(PacketType.ATTRS)
+                .readFileAttributes();
+    }
+
+    public FileAttributes stat(String path) throws IOException {
+        return stat(PacketType.STAT, path);
+    }
+
+    public FileAttributes lstat(String path) throws IOException {
+        return stat(PacketType.LSTAT, path);
+    }
+
+    public void rename(String oldPath, String newPath) throws IOException {
+        doRequest(
+                newRequest(PacketType.RENAME).putString(oldPath).putString(newPath)
+        ).ensureStatusPacketIsOK();
+    }
+
+    public String canonicalize(String path) throws IOException {
+        return readSingleName(
+                doRequest(
+                        newRequest(PacketType.REALPATH).putString(path)
+                ));
+    }
+
+    private static String readSingleName(Response res) throws IOException {
+        res.ensurePacketTypeIs(PacketType.NAME);
+        if (res.readInt() == 1)
+            return res.readString();
+        else
+            throw new SFTPException("Unexpected data in " + res.getType() + " packet");
+    }
+
+    public void setTimeout(int timeout) {
+        this.timeout = timeout;
+    }
+
+    public int getTimeout() {
+        return timeout;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/SFTPException.java b/src/main/java/net/schmizz/sshj/sftp/SFTPException.java
new file mode 100644
index 00000000..287e4e85
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/SFTPException.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import net.schmizz.concurrent.ExceptionChainer;
+import net.schmizz.sshj.common.DisconnectReason;
+import net.schmizz.sshj.common.SSHException;
+import net.schmizz.sshj.sftp.Response.StatusCode;
+
+public class SFTPException extends SSHException {
+
+    public static final ExceptionChainer<SFTPException> chainer = new ExceptionChainer<SFTPException>() {
+
+        public SFTPException chain(Throwable t) {
+            if (t instanceof SFTPException)
+                return (SFTPException) t;
+            else
+                return new SFTPException(t);
+        }
+
+    };
+
+    public SFTPException() {
+        super();
+    }
+
+    public SFTPException(DisconnectReason code) {
+        super(code);
+    }
+
+    public SFTPException(DisconnectReason code, String message) {
+        super(code, message);
+    }
+
+    public SFTPException(DisconnectReason code, String message, Throwable cause) {
+        super(code, message, cause);
+    }
+
+    public SFTPException(DisconnectReason code, Throwable cause) {
+        super(code, cause);
+    }
+
+    public SFTPException(String message) {
+        super(message);
+    }
+
+    public SFTPException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public SFTPException(Throwable cause) {
+        super(cause);
+    }
+
+    private StatusCode sc;
+
+    public StatusCode getStatusCode() {
+        return (sc == null) ? StatusCode.UNKNOWN : sc;
+
+    }
+
+    public SFTPException(StatusCode sc, String msg) {
+        this(msg);
+        this.sc = sc;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/SFTPFileTransfer.java b/src/main/java/net/schmizz/sshj/sftp/SFTPFileTransfer.java
new file mode 100644
index 00000000..2a7425cb
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/SFTPFileTransfer.java
@@ -0,0 +1,251 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import net.schmizz.sshj.common.StreamCopier;
+import net.schmizz.sshj.sftp.Response.StatusCode;
+import net.schmizz.sshj.xfer.AbstractFileTransfer;
+import net.schmizz.sshj.xfer.FileTransfer;
+import net.schmizz.sshj.xfer.FileTransferUtil;
+import net.schmizz.sshj.xfer.ModeGetter;
+import net.schmizz.sshj.xfer.ModeSetter;
+
+import java.io.File;
+import java.io.FileFilter;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.util.EnumSet;
+
+public class SFTPFileTransfer extends AbstractFileTransfer implements FileTransfer {
+
+    private final SFTPEngine sftp;
+    private final PathHelper pathHelper;
+
+    private volatile FileFilter uploadFilter = defaultLocalFilter;
+    private volatile RemoteResourceFilter downloadFilter = defaultRemoteFilter;
+
+    private static final FileFilter defaultLocalFilter = new FileFilter() {
+        public boolean accept(File pathName) {
+            return true;
+        }
+    };
+
+    private static final RemoteResourceFilter defaultRemoteFilter = new RemoteResourceFilter() {
+        public boolean accept(RemoteResourceInfo resource) {
+            return true;
+        }
+    };
+
+    public SFTPFileTransfer(SFTPEngine sftp) {
+        this.sftp = sftp;
+        this.pathHelper = new PathHelper(sftp);
+    }
+
+    public void upload(String source, String dest) throws IOException {
+        new Uploader(getModeGetter(), getUploadFilter()).upload(new File(source), dest);
+    }
+
+    public void download(String source, String dest) throws IOException {
+        PathComponents src = pathHelper.getComponents(source);
+        new Downloader(getModeSetter(), getDownloadFilter()).download(new RemoteResourceInfo(src.getParent(), src
+                .getName(), sftp.stat(source)), new File(dest));
+    }
+
+    public void setUploadFilter(FileFilter uploadFilter) {
+        this.uploadFilter = (this.uploadFilter == null) ? defaultLocalFilter : uploadFilter;
+    }
+
+    public void setDownloadFilter(RemoteResourceFilter downloadFilter) {
+        this.downloadFilter = (this.downloadFilter == null) ? defaultRemoteFilter : downloadFilter;
+    }
+
+    public FileFilter getUploadFilter() {
+        return uploadFilter;
+    }
+
+    public RemoteResourceFilter getDownloadFilter() {
+        return downloadFilter;
+    }
+
+    private class Downloader {
+
+        private final ModeSetter modeSetter;
+        private final RemoteResourceFilter filter;
+
+        Downloader(ModeSetter modeSetter, RemoteResourceFilter filter) {
+            this.modeSetter = modeSetter;
+            this.filter = filter;
+        }
+
+        private void setAttributes(RemoteResourceInfo remote, File local) throws IOException {
+            final FileAttributes attrs = remote.getAttributes();
+            modeSetter.setPermissions(local, attrs.getMode().getPermissionsMask());
+            if (modeSetter.preservesTimes() && attrs.has(FileAttributes.Flag.ACMODTIME)) {
+                modeSetter.setLastAccessedTime(local, attrs.getAtime());
+                modeSetter.setLastModifiedTime(local, attrs.getMtime());
+            }
+        }
+
+        private void downloadFile(RemoteResourceInfo remote, File local) throws IOException {
+            local = FileTransferUtil.getTargetFile(local, remote.getName());
+            setAttributes(remote, local);
+            RemoteFile rf = sftp.open(remote.getPath());
+            try {
+                final FileOutputStream fos = new FileOutputStream(local);
+                try {
+                    StreamCopier.copy(rf.getInputStream(), fos, sftp.getSubsystem()
+                            .getLocalMaxPacketSize(), false);
+                } finally {
+                    fos.close();
+                }
+            } finally {
+                rf.close();
+            }
+        }
+
+        private void downloadDir(RemoteResourceInfo remote, File local) throws IOException {
+            local = FileTransferUtil.getTargetDirectory(local, remote.getName());
+            setAttributes(remote, local);
+            final RemoteDirectory rd = sftp.openDir(remote.getPath());
+            for (RemoteResourceInfo rri : rd.scan(filter))
+                download(rri, new File(local.getPath(), rri.getName()));
+            rd.close();
+        }
+
+        void download(RemoteResourceInfo remote, File local) throws IOException {
+            log.info("Downloading [{}] to [{}]", remote, local);
+            if (remote.isDirectory())
+                downloadDir(remote, local);
+            else if (remote.isRegularFile())
+                downloadFile(remote, local);
+            else
+                throw new IOException(remote + " is not a regular file or directory");
+        }
+    }
+
+    private class Uploader {
+
+        private final ModeGetter modeGetter;
+        private final FileFilter filter;
+
+        Uploader(ModeGetter modeGetter, FileFilter filter) {
+            this.modeGetter = modeGetter;
+            this.filter = filter;
+        }
+
+        public FileAttributes getAttributes(File local) throws IOException {
+            FileAttributes.Builder builder = new FileAttributes.Builder().withPermissions(modeGetter
+                    .getPermissions(local));
+            if (modeGetter.preservesTimes())
+                builder.withAtimeMtime(modeGetter.getLastAccessTime(local), modeGetter.getLastModifiedTime(local));
+            return builder.build();
+        }
+
+        // tread carefully
+        private void setAttributes(FileAttributes current, File local, String remote) throws IOException {
+            final FileAttributes attrs = getAttributes(local);
+            // TODO whoaaa.. simplify?
+            if (!(current != null
+                    && current.getMode().getPermissionsMask() == attrs.getMode().getPermissionsMask()
+                    && (!modeGetter.preservesTimes() || (attrs.getAtime() == current.getAtime() && attrs.getMtime() == current
+                    .getMtime()))))
+                sftp.setAttributes(remote, attrs);
+        }
+
+        private String prepareDir(File local, String remote) throws IOException {
+            FileAttributes attrs;
+            try {
+                attrs = sftp.stat(remote);
+            } catch (SFTPException e) {
+                if (e.getStatusCode() == StatusCode.NO_SUCH_FILE) {
+                    log.debug("probeDir: {} does not exist, creating", remote);
+                    sftp.makeDir(remote, getAttributes(local));
+                    return remote;
+                } else
+                    throw e;
+            }
+
+            if (attrs.getMode().getType() == FileMode.Type.DIRECTORY)
+                if (pathHelper.getComponents(remote).getName().equals(local.getName())) {
+                    log.debug("probeDir: {} already exists", remote);
+                    setAttributes(attrs, local, remote);
+                    return remote;
+                } else {
+                    log.debug("probeDir: {} already exists, path adjusted for {}", remote, local.getName());
+                    return prepareDir(local, PathComponents.adjustForParent(remote, local.getName()));
+                }
+            else
+                throw new IOException(attrs.getMode().getType() + " file already exists at " + remote);
+        }
+
+        private String prepareFile(File local, String remote) throws IOException {
+            FileAttributes attrs;
+            try {
+                attrs = sftp.stat(remote);
+            } catch (SFTPException e) {
+                if (e.getStatusCode() == StatusCode.NO_SUCH_FILE) {
+                    log.debug("probeFile: {} does not exist", remote);
+                    return remote;
+                } else
+                    throw e;
+            }
+            if (attrs.getMode().getType() == FileMode.Type.DIRECTORY) {
+                log.debug("probeFile: {} was directory, path adjusted for {}", remote, local.getName());
+                remote = PathComponents.adjustForParent(remote, local.getName());
+                return remote;
+            } else {
+                log.debug("probeFile: {} is a {} file that will be replaced", remote, attrs.getMode().getType());
+                return remote;
+            }
+        }
+
+        private void uploadDir(File local, String remote) throws IOException {
+            final String adjusted = prepareDir(local, remote);
+            for (File f : local.listFiles(filter))
+                upload(f, adjusted);
+        }
+
+        private void uploadFile(File local, String remote) throws IOException {
+            final String adjusted = prepareFile(local, remote);
+            final RemoteFile rf = sftp.open(adjusted, EnumSet.of(OpenMode.WRITE, OpenMode.CREAT, OpenMode.TRUNC),
+                    getAttributes(local));
+            try {
+                final FileInputStream fis = new FileInputStream(local);
+                try {
+                    StreamCopier.copy(fis, //
+                            rf.getOutputStream(), sftp.getSubsystem().getRemoteMaxPacketSize()
+                                    - rf.getOutgoingPacketOverhead(), false);
+                } finally {
+                    fis.close();
+                }
+            } finally {
+                rf.close();
+            }
+        }
+
+        void upload(File local, String remote) throws IOException {
+            log.info("Uploading [{}] to [{}]", local, remote);
+            if (local.isDirectory())
+                uploadDir(local, remote);
+            else if (local.isFile())
+                uploadFile(local, remote);
+            else
+                throw new IOException(local + " is not a file or directory");
+        }
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/SFTPPacket.java b/src/main/java/net/schmizz/sshj/sftp/SFTPPacket.java
new file mode 100644
index 00000000..8966ad06
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/SFTPPacket.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import net.schmizz.sshj.common.Buffer;
+
+public class SFTPPacket<T extends SFTPPacket<T>> extends Buffer<T> {
+
+    public SFTPPacket() {
+        super();
+    }
+
+    public SFTPPacket(Buffer<T> buf) {
+        super(buf);
+    }
+
+    public SFTPPacket(PacketType pt) {
+        super();
+        putByte(pt.toByte());
+    }
+
+    public FileAttributes readFileAttributes() {
+        final FileAttributes.Builder builder = new FileAttributes.Builder();
+        final int mask = readInt();
+        if (FileAttributes.Flag.SIZE.isSet(mask))
+            builder.withSize(readUINT64());
+        if (FileAttributes.Flag.UIDGID.isSet(mask))
+            builder.withUIDGID(readInt(), readInt());
+        if (FileAttributes.Flag.MODE.isSet(mask))
+            builder.withPermissions(readInt());
+        if (FileAttributes.Flag.ACMODTIME.isSet(mask))
+            builder.withAtimeMtime(readInt(), readInt());
+        if (FileAttributes.Flag.EXTENDED.isSet(mask)) {
+            final int extCount = readInt();
+            for (int i = 0; i < extCount; i++)
+                builder.withExtended(readString(), readString());
+        }
+        return builder.build();
+    }
+
+    public PacketType readType() {
+        return PacketType.fromByte(readByte());
+    }
+
+    public T putFileAttributes(FileAttributes fa) {
+        return putRawBytes(fa.toBytes());
+    }
+
+    public T putType(PacketType type) {
+        return putByte(type.toByte());
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/sftp/StatefulSFTPClient.java b/src/main/java/net/schmizz/sshj/sftp/StatefulSFTPClient.java
new file mode 100644
index 00000000..e00eb32f
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/sftp/StatefulSFTPClient.java
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.sftp;
+
+import net.schmizz.sshj.connection.channel.direct.SessionFactory;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Set;
+
+public class StatefulSFTPClient extends SFTPClient {
+
+    private String cwd;
+
+    public StatefulSFTPClient(SessionFactory ssh) throws IOException {
+        super(ssh);
+        this.cwd = getSFTPEngine().canonicalize(".");
+        log.info("Start dir = " + cwd);
+    }
+
+    private synchronized String cwdify(String path) {
+        return PathComponents.adjustForParent(cwd, path);
+    }
+
+    public synchronized void cd(String dirname) {
+        cwd = cwdify(dirname);
+        log.info("CWD = " + cwd);
+    }
+
+    public synchronized List<RemoteResourceInfo> ls() throws IOException {
+        return ls(cwd, null);
+    }
+
+    public synchronized List<RemoteResourceInfo> ls(RemoteResourceFilter filter) throws IOException {
+        return ls(cwd, filter);
+    }
+
+    public synchronized String pwd() throws IOException {
+        return super.canonicalize(cwd);
+    }
+
+    @Override
+    public List<RemoteResourceInfo> ls(String path) throws IOException {
+        return ls(path, null);
+    }
+
+    @Override
+    public List<RemoteResourceInfo> ls(String path, RemoteResourceFilter filter) throws IOException {
+        final RemoteDirectory dir = getSFTPEngine().openDir(cwdify(path));
+        try {
+            return dir.scan(filter);
+        } finally {
+            dir.close();
+        }
+    }
+
+    @Override
+    public RemoteFile open(String filename, Set<OpenMode> mode, FileAttributes attrs) throws IOException {
+        return super.open(cwdify(filename), mode, attrs);
+    }
+
+    @Override
+    public RemoteFile open(String filename, Set<OpenMode> mode) throws IOException {
+        return super.open(cwdify(filename), mode);
+    }
+
+    @Override
+    public RemoteFile open(String filename) throws IOException {
+        return super.open(cwdify(filename));
+    }
+
+    @Override
+    public void mkdir(String dirname) throws IOException {
+        super.mkdir(cwdify(dirname));
+    }
+
+    @Override
+    public void rename(String oldpath, String newpath) throws IOException {
+        super.rename(cwdify(oldpath), cwdify(newpath));
+    }
+
+    @Override
+    public void rm(String filename) throws IOException {
+        super.rm(cwdify(filename));
+    }
+
+    @Override
+    public void rmdir(String dirname) throws IOException {
+        super.rmdir(cwdify(dirname));
+    }
+
+    @Override
+    public void symlink(String linkpath, String targetpath) throws IOException {
+        super.symlink(cwdify(linkpath), cwdify(targetpath));
+    }
+
+    @Override
+    public void setattr(String path, FileAttributes attrs) throws IOException {
+        super.setattr(cwdify(path), attrs);
+    }
+
+    @Override
+    public String readlink(String path) throws IOException {
+        return super.readlink(cwdify(path));
+    }
+
+    @Override
+    public FileAttributes stat(String path) throws IOException {
+        return super.stat(cwdify(path));
+    }
+
+    @Override
+    public FileAttributes lstat(String path) throws IOException {
+        return super.lstat(cwdify(path));
+    }
+
+    @Override
+    public void truncate(String path, long size) throws IOException {
+        super.truncate(cwdify(path), size);
+    }
+
+    @Override
+    public String canonicalize(String path) throws IOException {
+        return super.canonicalize(cwdify(path));
+    }
+
+    @Override
+    public void get(String source, String dest) throws IOException {
+        super.get(cwdify(source), dest);
+    }
+
+    @Override
+    public void put(String source, String dest) throws IOException {
+        super.get(source, cwdify(dest));
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/signature/AbstractSignature.java b/src/main/java/net/schmizz/sshj/signature/AbstractSignature.java
new file mode 100644
index 00000000..5d5106a1
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/signature/AbstractSignature.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.signature;
+
+import net.schmizz.sshj.common.SSHRuntimeException;
+import net.schmizz.sshj.common.SecurityUtils;
+
+import java.security.GeneralSecurityException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SignatureException;
+
+/** An abstract class for {@link Signature} that implements common functionality. */
+public abstract class AbstractSignature implements Signature {
+
+    protected java.security.Signature signature;
+    protected String algorithm;
+
+    protected AbstractSignature(String algorithm) {
+        this.algorithm = algorithm;
+    }
+
+    public void init(PublicKey pubkey, PrivateKey prvkey) {
+        try {
+            signature = SecurityUtils.getSignature(algorithm);
+            if (pubkey != null)
+                signature.initVerify(pubkey);
+            if (prvkey != null)
+                signature.initSign(prvkey);
+        } catch (GeneralSecurityException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+    public void update(byte[] foo) {
+        update(foo, 0, foo.length);
+    }
+
+    public void update(byte[] foo, int off, int len) {
+        try {
+            signature.update(foo, off, len);
+        } catch (SignatureException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+    protected byte[] extractSig(byte[] sig) {
+        if (sig[0] == 0 && sig[1] == 0 && sig[2] == 0) {
+            int i = 0;
+            int j;
+            j = sig[i++] << 24 & 0xff000000 //
+                    | sig[i++] << 16 & 0x00ff0000 // 
+                    | sig[i++] << 8 & 0x0000ff00 //
+                    | sig[i++] & 0x000000ff;
+            i += j;
+            j = sig[i++] << 24 & 0xff000000 //
+                    | sig[i++] << 16 & 0x00ff0000 //
+                    | sig[i++] << 8 & 0x0000ff00 //
+                    | sig[i++] & 0x000000ff;
+            byte[] tmp = new byte[j];
+            System.arraycopy(sig, i, tmp, 0, j);
+            sig = tmp;
+        }
+        return sig;
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/signature/Signature.java b/src/main/java/net/schmizz/sshj/signature/Signature.java
new file mode 100644
index 00000000..84b4f7b6
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/signature/Signature.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.signature;
+
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+/**
+ * Signature interface for SSH used to sign or verify data.
+ * <p/>
+ * Usually wraps a javax.crypto.Signature object.
+ */
+public interface Signature {
+
+    /**
+     * Initialize this signature with the given public key and private key. If the private key is null, only signature
+     * verification can be performed.
+     *
+     * @param pubkey (null-ok) specify in case verification is needed
+     * @param prvkey (null-ok) specify in case signing is needed
+     */
+    void init(PublicKey pubkey, PrivateKey prvkey);
+
+    /**
+     * Compute the signature
+     *
+     * @return the computed signature
+     */
+    byte[] sign();
+
+    /**
+     * Convenience method for {@link #update(byte[], int, int)}
+     *
+     * @param H the byte-array to update with
+     */
+    void update(byte[] H);
+
+    /**
+     * Update the computed signature with the given data
+     *
+     * @param H   byte-array to update with
+     * @param off offset within the array
+     * @param len length until which to compute
+     */
+    void update(byte[] H, int off, int len);
+
+    /**
+     * Verify against the given signature
+     *
+     * @param sig
+     *
+     * @return {@code true} on successful verification, {@code false} on failure
+     */
+    boolean verify(byte[] sig);
+
+}
diff --git a/src/main/java/net/schmizz/sshj/signature/SignatureDSA.java b/src/main/java/net/schmizz/sshj/signature/SignatureDSA.java
new file mode 100644
index 00000000..f572ee96
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/signature/SignatureDSA.java
@@ -0,0 +1,125 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.signature;
+
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.common.SSHRuntimeException;
+
+import java.security.SignatureException;
+
+/** DSA {@link Signature} */
+public class SignatureDSA extends AbstractSignature {
+
+    /** A named factory for DSA signature */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Signature> {
+
+        public Signature create() {
+            return new SignatureDSA();
+        }
+
+        public String getName() {
+            return KeyType.DSA.toString();
+        }
+
+    }
+
+    public SignatureDSA() {
+        super("SHA1withDSA");
+    }
+
+    public byte[] sign() {
+        byte[] sig;
+        try {
+            sig = signature.sign();
+        } catch (SignatureException e) {
+            throw new SSHRuntimeException(e);
+        }
+
+        // sig is in ASN.1
+        // SEQUENCE::={ r INTEGER, s INTEGER }
+        int len = 0;
+        int index = 3;
+        len = sig[index++] & 0xff;
+        byte[] r = new byte[len];
+        System.arraycopy(sig, index, r, 0, r.length);
+        index = index + len + 1;
+        len = sig[index++] & 0xff;
+        byte[] s = new byte[len];
+        System.arraycopy(sig, index, s, 0, s.length);
+
+        byte[] result = new byte[40];
+
+        // result must be 40 bytes, but length of r and s may not be 20 bytes
+
+        System.arraycopy(r, r.length > 20 ? 1 : 0, result, r.length > 20 ? 0 : 20 - r.length, r.length > 20 ? 20
+                : r.length);
+        System.arraycopy(s, s.length > 20 ? 1 : 0, result, s.length > 20 ? 20 : 40 - s.length, s.length > 20 ? 20
+                : s.length);
+
+        return result;
+    }
+
+    public boolean verify(byte[] sig) {
+        sig = extractSig(sig);
+
+        // ASN.1
+        int frst = (sig[0] & 0x80) != 0 ? 1 : 0;
+        int scnd = (sig[20] & 0x80) != 0 ? 1 : 0;
+
+        int length = sig.length + 6 + frst + scnd;
+        byte[] tmp = new byte[length];
+        tmp[0] = (byte) 0x30;
+        tmp[1] = (byte) 0x2c;
+        tmp[1] += frst;
+        tmp[1] += scnd;
+        tmp[2] = (byte) 0x02;
+        tmp[3] = (byte) 0x14;
+        tmp[3] += frst;
+        System.arraycopy(sig, 0, tmp, 4 + frst, 20);
+        tmp[4 + tmp[3]] = (byte) 0x02;
+        tmp[5 + tmp[3]] = (byte) 0x14;
+        tmp[5 + tmp[3]] += scnd;
+        System.arraycopy(sig, 20, tmp, 6 + tmp[3] + scnd, 20);
+        sig = tmp;
+
+        try {
+            return signature.verify(sig);
+        } catch (SignatureException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/signature/SignatureRSA.java b/src/main/java/net/schmizz/sshj/signature/SignatureRSA.java
new file mode 100644
index 00000000..51add884
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/signature/SignatureRSA.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.signature;
+
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.common.SSHRuntimeException;
+
+import java.security.SignatureException;
+
+/** RSA {@link Signature} */
+public class SignatureRSA extends AbstractSignature {
+
+    /** A named factory for RSA {@link Signature} */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Signature> {
+
+        public Signature create() {
+            return new SignatureRSA();
+        }
+
+        public String getName() {
+            return KeyType.RSA.toString();
+        }
+
+    }
+
+    public SignatureRSA() {
+        super("SHA1withRSA");
+    }
+
+    public byte[] sign() {
+        try {
+            return signature.sign();
+        } catch (SignatureException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+    public boolean verify(byte[] sig) {
+        sig = extractSig(sig);
+        try {
+            return signature.verify(sig);
+        } catch (SignatureException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/Converter.java b/src/main/java/net/schmizz/sshj/transport/Converter.java
new file mode 100644
index 00000000..eb541670
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/Converter.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport;
+
+import net.schmizz.sshj.transport.cipher.Cipher;
+import net.schmizz.sshj.transport.cipher.NoneCipher;
+import net.schmizz.sshj.transport.compression.Compression;
+import net.schmizz.sshj.transport.mac.MAC;
+
+/**
+ * Base class for {@link Encoder} and {@link Decoder}.
+ * <p/>
+ * From RFC 4253, p. 6
+ * <p/>
+ * <pre>
+ *    Each packet is in the following format:
+ * <p/>
+ *       uint32    packet_length
+ *       byte      padding_length
+ *       byte[n1]  payload; n1 = packet_length - padding_length - 1
+ *       byte[n2]  random padding; n2 = padding_length
+ *       byte[m]   mac (Message Authentication Code - MAC); m = mac_length
+ * </pre>
+ */
+abstract class Converter {
+
+    protected Cipher cipher = new NoneCipher();
+    protected MAC mac = null;
+    protected Compression compression = null;
+
+    protected int cipherSize = 8;
+    protected long seq = -1;
+    protected boolean authed;
+
+    long getSequenceNumber() {
+        return seq;
+    }
+
+    void setAlgorithms(Cipher cipher, MAC mac, Compression compression) {
+        this.cipher = cipher;
+        this.mac = mac;
+        this.compression = compression;
+        if (compression != null)
+            compression.init(getCompressionType(), -1);
+        this.cipherSize = cipher.getIVSize();
+    }
+
+    void setAuthenticated() {
+        this.authed = true;
+    }
+
+    boolean usingCompression() {
+        return compression != null && (authed || !compression.isDelayed());
+    }
+
+    abstract Compression.Type getCompressionType();
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/transport/Decoder.java b/src/main/java/net/schmizz/sshj/transport/Decoder.java
new file mode 100644
index 00000000..6f970041
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/Decoder.java
@@ -0,0 +1,205 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport;
+
+import net.schmizz.sshj.common.ByteArrayUtils;
+import net.schmizz.sshj.common.DisconnectReason;
+import net.schmizz.sshj.common.SSHException;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.common.SSHPacketHandler;
+import net.schmizz.sshj.transport.cipher.Cipher;
+import net.schmizz.sshj.transport.compression.Compression;
+import net.schmizz.sshj.transport.mac.MAC;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/** Decodes packets from the SSH binary protocol per the current algorithms. */
+final class Decoder extends Converter {
+
+    private static final int MAX_PACKET_LEN = 256 * 1024;
+
+    private final Logger log = LoggerFactory.getLogger(getClass());
+
+    /** What we pass decoded packets to */
+    private final SSHPacketHandler packetHandler;
+    /** Buffer where as-yet undecoded data lives */
+    private final SSHPacket inputBuffer = new SSHPacket();
+    /** Used in case compression is active to store the uncompressed data */
+    private final SSHPacket uncompressBuffer = new SSHPacket();
+    /** MAC result is stored here */
+    private byte[] macResult;
+
+    /** -1 if packet length not yet been decoded, else the packet length */
+    private int packetLength = -1;
+
+    /**
+     * How many bytes do we need, before a call to decode() can succeed at decoding at least packet length, OR the whole
+     * packet?
+     */
+    private int needed = 8;
+
+    Decoder(SSHPacketHandler packetHandler) {
+        this.packetHandler = packetHandler;
+    }
+
+    /**
+     * Returns advised number of bytes that should be made available in decoderBuffer before the method should be called
+     * again.
+     *
+     * @return number of bytes needed before further decoding possible
+     */
+    private int decode() throws SSHException {
+        int need;
+
+        /* Decoding loop */
+        for (; ;)
+
+            if (packetLength == -1) // Waiting for beginning of packet
+            {
+
+                assert inputBuffer.rpos() == 0 : "buffer cleared";
+
+                need = cipherSize - inputBuffer.available();
+                if (need <= 0)
+                    packetLength = decryptLength();
+                else
+                    // Need more data
+                    break;
+
+            } else {
+
+                assert inputBuffer.rpos() == 4 : "packet length read";
+
+                need = packetLength + (mac != null ? mac.getBlockSize() : 0) - inputBuffer.available();
+                if (need <= 0) {
+
+                    decryptPayload(inputBuffer.array());
+
+                    seq = seq + 1 & 0xffffffffL;
+
+                    if (mac != null)
+                        checkMAC(inputBuffer.array());
+
+                    // Exclude the padding & MAC
+                    inputBuffer.wpos(packetLength + 4 - inputBuffer.readByte());
+
+                    final SSHPacket plain = usingCompression() ? decompressed() : inputBuffer;
+
+                    if (log.isTraceEnabled())
+                        log.trace("Received packet #{}: {}", seq, plain.printHex());
+
+                    packetHandler.handle(plain.readMessageID(), plain); // Process the decoded packet //
+
+                    inputBuffer.clear();
+                    packetLength = -1;
+
+                } else
+                    // Need more data
+                    break;
+            }
+
+        return need;
+    }
+
+    private void checkMAC(final byte[] data) throws TransportException {
+        mac.update(seq); // seq num
+        mac.update(data, 0, packetLength + 4); // packetLength+4 = entire packet w/o mac
+        mac.doFinal(macResult, 0); // compute
+        // Check against the received MAC
+        if (!ByteArrayUtils.equals(macResult, 0, data, packetLength + 4, mac.getBlockSize()))
+            throw new TransportException(DisconnectReason.MAC_ERROR, "MAC Error");
+    }
+
+    private SSHPacket decompressed() throws TransportException {
+        uncompressBuffer.clear();
+        compression.uncompress(inputBuffer, uncompressBuffer);
+        return uncompressBuffer;
+    }
+
+    private int decryptLength() throws TransportException {
+        cipher.update(inputBuffer.array(), 0, cipherSize);
+
+        final int len = inputBuffer.readInt(); // Read packet length
+
+        if (isInvalidPacketLength(len)) { // Check packet length validity
+            log.info("Error decoding packet (invalid length) {}", inputBuffer.printHex());
+            throw new TransportException(DisconnectReason.PROTOCOL_ERROR, "invalid packet length: " + len);
+        }
+
+        return len;
+    }
+
+    private static boolean isInvalidPacketLength(int len) {
+        return len < 5 || len > MAX_PACKET_LEN;
+    }
+
+    private void decryptPayload(final byte[] data) {
+        cipher.update(data, cipherSize, packetLength + 4 - cipherSize);
+    }
+
+    /**
+     * Adds {@code len} bytes from {@code b} to the decoder buffer. When a packet has been successfully decoded, hooks
+     * in to {@link net.schmizz.sshj.common.SSHPacketHandler#handle} of the {@link net.schmizz.sshj.common.SSHPacketHandler}
+     * this decoder was initialized with.
+     * <p/>
+     * Returns the number of bytes expected in the next call in order to decode the packet length, and if the packet
+     * length has already been decoded; to decode the payload. This number is accurate and should be taken to heart.
+     */
+    int received(byte[] b, int len) throws SSHException {
+        inputBuffer.putRawBytes(b, 0, len);
+        if (needed <= len)
+            needed = decode();
+        else
+            needed -= len;
+        return needed;
+    }
+
+    @Override
+    void setAlgorithms(Cipher cipher, MAC mac, Compression compression) {
+        super.setAlgorithms(cipher, mac, compression);
+        macResult = new byte[mac.getBlockSize()];
+    }
+
+    @Override
+    Compression.Type getCompressionType() {
+        return Compression.Type.Inflater;
+    }
+
+    int getMaxPacketLength() {
+        return MAX_PACKET_LEN;
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/transport/Encoder.java b/src/main/java/net/schmizz/sshj/transport/Encoder.java
new file mode 100644
index 00000000..46879198
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/Encoder.java
@@ -0,0 +1,167 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport;
+
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.transport.cipher.Cipher;
+import net.schmizz.sshj.transport.compression.Compression;
+import net.schmizz.sshj.transport.mac.MAC;
+import net.schmizz.sshj.transport.random.Random;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.concurrent.locks.Lock;
+
+/** Encodes packets into the SSH binary protocol per the current algorithms. */
+final class Encoder extends Converter {
+
+    private final Logger log = LoggerFactory.getLogger(getClass());
+
+    private final Random prng;
+
+    private final Lock encodeLock;
+
+    Encoder(Random prng, Lock encodeLock) {
+        this.prng = prng;
+        this.encodeLock = encodeLock;
+    }
+
+    private SSHPacket checkHeaderSpace(SSHPacket buffer) {
+        if (buffer.rpos() < 5) {
+            log.warn("Performance cost: when sending a packet, ensure that "
+                    + "5 bytes are available in front of the buffer");
+            SSHPacket nb = new SSHPacket(buffer.available() + 5);
+            nb.rpos(5);
+            nb.wpos(5);
+            nb.putBuffer(buffer);
+            buffer = nb;
+        }
+        return buffer;
+    }
+
+    private void compress(SSHPacket buffer) {
+        compression.compress(buffer);
+    }
+
+    private void putMAC(SSHPacket buffer, int startOfPacket, int endOfPadding) {
+        buffer.wpos(endOfPadding + mac.getBlockSize());
+        mac.update(seq);
+        mac.update(buffer.array(), startOfPacket, endOfPadding);
+        mac.doFinal(buffer.array(), endOfPadding);
+    }
+
+    /**
+     * Encode a buffer into the SSH binary protocol per the current algorithms.
+     *
+     * @param buffer the buffer to encode
+     *
+     * @return the sequence no. of encoded packet
+     *
+     * @throws TransportException
+     */
+    long encode(SSHPacket buffer) {
+        encodeLock.lock();
+        try {
+            buffer = checkHeaderSpace(buffer);
+
+            if (log.isTraceEnabled())
+                log.trace("Encoding packet #{}: {}", seq, buffer.printHex());
+
+            if (usingCompression())
+                compress(buffer);
+
+            final int payloadSize = buffer.available();
+
+            // Compute padding length
+            int padLen = -(payloadSize + 5) & cipherSize - 1;
+            if (padLen < cipherSize)
+                padLen += cipherSize;
+
+            final int startOfPacket = buffer.rpos() - 5;
+            final int packetLen = payloadSize + 1 + padLen;
+
+            // Put packet header
+            buffer.wpos(startOfPacket);
+            buffer.putInt(packetLen);
+            buffer.putByte((byte) padLen);
+
+            // Now wpos will mark end of padding
+            buffer.wpos(startOfPacket + 5 + payloadSize + padLen);
+            // Fill padding
+            prng.fill(buffer.array(), buffer.wpos() - padLen, padLen);
+
+            seq = seq + 1 & 0xffffffffL;
+
+            if (mac != null)
+                putMAC(buffer, startOfPacket, buffer.wpos());
+
+            cipher.update(buffer.array(), startOfPacket, 4 + packetLen);
+
+            buffer.rpos(startOfPacket); // Make ready-to-read
+
+            return seq;
+        } finally {
+            encodeLock.unlock();
+        }
+    }
+
+    @Override
+    void setAlgorithms(Cipher cipher, MAC mac, Compression compression) {
+        encodeLock.lock();
+        try {
+            super.setAlgorithms(cipher, mac, compression);
+        } finally {
+            encodeLock.unlock();
+        }
+    }
+
+    @Override
+    void setAuthenticated() {
+        encodeLock.lock();
+        try {
+            super.setAuthenticated();
+        } finally {
+            encodeLock.unlock();
+        }
+    }
+
+    @Override
+    Compression.Type getCompressionType() {
+        return Compression.Type.Deflater;
+    }
+
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/transport/Heartbeater.java b/src/main/java/net/schmizz/sshj/transport/Heartbeater.java
new file mode 100644
index 00000000..0464615f
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/Heartbeater.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+
+package net.schmizz.sshj.transport;
+
+import net.schmizz.sshj.common.Message;
+import net.schmizz.sshj.common.SSHPacket;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+final class Heartbeater extends Thread {
+
+    private final Logger log = LoggerFactory.getLogger(getClass());
+
+    private final TransportProtocol trans;
+
+    private int interval;
+
+    private boolean started;
+
+    Heartbeater(TransportProtocol trans) {
+        this.trans = trans;
+        setName("heartbeater");
+    }
+
+    synchronized void setInterval(int interval) {
+        this.interval = interval;
+        if (interval != 0) {
+            if (!started)
+                start();
+            notify();
+        }
+    }
+
+    synchronized int getInterval() {
+        return interval;
+    }
+
+    @Override
+    public void run() {
+        try {
+            while (!Thread.currentThread().isInterrupted()) {
+                int hi;
+                synchronized (this) {
+                    while ((hi = interval) == 0)
+                        wait();
+                }
+                if (!started)
+                    started = true;
+                else if (trans.isRunning()) {
+                    log.info("Sending heartbeat since {} seconds elapsed", hi);
+                    trans.write(new SSHPacket(Message.IGNORE));
+                }
+                Thread.sleep(hi * 1000);
+            }
+        } catch (Exception e) {
+            if (Thread.currentThread().isInterrupted()) {
+                // We are meant to shut up and draw to a close if interrupted
+            } else
+                trans.die(e);
+        }
+
+        log.debug("Stopping");
+    }
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/KeyExchanger.java b/src/main/java/net/schmizz/sshj/transport/KeyExchanger.java
new file mode 100644
index 00000000..9393a8a9
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/KeyExchanger.java
@@ -0,0 +1,365 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport;
+
+import net.schmizz.concurrent.Event;
+import net.schmizz.concurrent.FutureUtils;
+import net.schmizz.sshj.common.*;
+import net.schmizz.sshj.transport.cipher.Cipher;
+import net.schmizz.sshj.transport.compression.Compression;
+import net.schmizz.sshj.transport.digest.Digest;
+import net.schmizz.sshj.transport.kex.KeyExchange;
+import net.schmizz.sshj.transport.mac.MAC;
+import net.schmizz.sshj.transport.verification.HostKeyVerifier;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.security.PublicKey;
+import java.util.Arrays;
+import java.util.LinkedList;
+import java.util.Queue;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+/** Algorithm negotiation and key exchange. */
+final class KeyExchanger implements SSHPacketHandler, ErrorNotifiable {
+
+    private static enum Expected {
+        /** we have sent or are sending KEXINIT, and expect the server's KEXINIT */
+        KEXINIT,
+        /** we are expecting some followup data as part of the exchange */
+        FOLLOWUP,
+        /** we are expecting SSH_MSG_NEWKEYS */
+        NEWKEYS,
+    }
+
+    private final Logger log = LoggerFactory.getLogger(getClass());
+
+    private final TransportProtocol transport;
+
+    /**
+     * {@link HostKeyVerifier#verify(String, int, java.security.PublicKey)} is invoked by {@link #verifyHost(PublicKey)}
+     * when we are ready to verify the the server's host key.
+     */
+    private final Queue<HostKeyVerifier> hostVerifiers = new LinkedList<HostKeyVerifier>();
+
+    private final AtomicBoolean kexOngoing = new AtomicBoolean();
+
+    /** What we are expecting from the next packet */
+    private Expected expected = Expected.KEXINIT;
+
+    /** Instance of negotiated key exchange algorithm */
+    private KeyExchange kex;
+
+    /** Computed session ID */
+    private byte[] sessionID;
+
+    private Proposal clientProposal;
+    private NegotiatedAlgorithms negotiatedAlgs;
+
+    private final Event<TransportException> kexInitSent = new Event<TransportException>("kexinit sent",
+            TransportException.chainer);
+
+    private final Event<TransportException> done;
+
+    KeyExchanger(TransportProtocol trans) {
+        this.transport = trans;
+        /*
+         * Use TransportProtocol's writeLock, since TransportProtocol.write() may wait on this event and the lock should
+         * be released while waiting.
+         */
+        this.done = new Event<TransportException>("kex done", TransportException.chainer, trans.getWriteLock());
+    }
+
+    /**
+     * Add a callback for host key verification.
+     * <p/>
+     * Any of the {@link HostKeyVerifier} implementations added this way can deem a host key to be acceptable, allowing
+     * key exchange to successfuly complete. Otherwise, a {@link TransportException} will result during key exchange.
+     *
+     * @param hkv object whose {@link HostKeyVerifier#verify} method will be invoked
+     */
+    synchronized void addHostKeyVerifier(HostKeyVerifier hkv) {
+        hostVerifiers.add(hkv);
+    }
+
+    /**
+     * Returns the session identifier computed during key exchange.
+     *
+     * @return session identifier as a byte array
+     */
+    byte[] getSessionID() {
+        return Arrays.copyOf(sessionID, sessionID.length);
+    }
+
+    /** @return Whether key exchange has been completed */
+    boolean isKexDone() {
+        return done.isSet();
+    }
+
+    /** @return Whether key exchange is currently ongoing */
+    boolean isKexOngoing() {
+        return kexOngoing.get();
+    }
+
+    /**
+     * Starts key exchange by sending a {@code SSH_MSG_KEXINIT} packet. Key exchange needs to be done once mandatorily
+     * after initializing the {@link Transport} for it to be usable and may be initiated at any later point e.g. if
+     * {@link Transport#getConfig() algorithms} have changed and should be renegotiated.
+     *
+     * @param waitForDone whether should block till key exchange completed
+     *
+     * @throws TransportException if there is an error during key exchange
+     * @see {@link Transport#setTimeout} for setting timeout for kex
+     */
+    void startKex(boolean waitForDone) throws TransportException {
+        if (!kexOngoing.getAndSet(true)) {
+            done.clear();
+            sendKexInit();
+        }
+        if (waitForDone)
+            waitForDone();
+    }
+
+    void waitForDone() throws TransportException {
+        done.await(transport.getTimeout(), TimeUnit.SECONDS);
+    }
+
+    private synchronized void ensureKexOngoing() throws TransportException {
+        if (!isKexOngoing())
+            throw new TransportException(DisconnectReason.PROTOCOL_ERROR,
+                    "Key exchange packet received when key exchange was not ongoing");
+    }
+
+    private static void ensureReceivedMatchesExpected(Message got, Message expected) throws TransportException {
+        if (got != expected)
+            throw new TransportException(DisconnectReason.PROTOCOL_ERROR, "Was expecting " + expected);
+    }
+
+    /**
+     * Sends SSH_MSG_KEXINIT and sets the {@link #kexInitSent} event.
+     *
+     * @throws TransportException
+     */
+    private void sendKexInit() throws TransportException {
+        log.info("Sending SSH_MSG_KEXINIT");
+        clientProposal = new Proposal(transport.getConfig());
+        transport.write(clientProposal.getPacket());
+        kexInitSent.set();
+    }
+
+    private void sendNewKeys() throws TransportException {
+        log.info("Sending SSH_MSG_NEWKEYS");
+        transport.write(new SSHPacket(Message.NEWKEYS));
+    }
+
+    /**
+     * Tries to validate host key with all the host key verifiers known to this instance ( {@link #hostVerifiers})
+     *
+     * @param key the host key to verify
+     *
+     * @throws TransportException
+     */
+    private synchronized void verifyHost(PublicKey key) throws TransportException {
+        for (HostKeyVerifier hkv : hostVerifiers) {
+            log.debug("Trying to verify host key with {}", hkv);
+            if (hkv.verify(transport.getRemoteHost(), transport.getRemotePort(), key))
+                return;
+        }
+
+        throw new TransportException(DisconnectReason.HOST_KEY_NOT_VERIFIABLE, "Could not verify `"
+                + KeyType.fromKey(key) + "` host key with fingerprint `" + SecurityUtils.getFingerprint(key)
+                + "` for `" + transport.getRemoteHost() + "` on port " + transport.getRemotePort());
+    }
+
+    private void setKexDone() {
+        kexOngoing.set(false);
+        kexInitSent.clear();
+        done.set();
+    }
+
+    private void gotKexInit(SSHPacket buf) throws TransportException {
+        Proposal serverProposal = new Proposal(buf);
+        negotiatedAlgs = clientProposal.negotiate(serverProposal);
+        log.debug("Negotiated algorithms: {}", negotiatedAlgs);
+        kex = Factory.Named.Util.create(transport.getConfig().getKeyExchangeFactories(), negotiatedAlgs
+                .getKeyExchangeAlgorithm());
+        kex.init(transport, transport.getServerID().getBytes(), transport.getClientID().getBytes(), buf
+                .getCompactData(), clientProposal.getPacket().getCompactData());
+    }
+
+    /**
+     * Private method used while putting new keys into use that will resize the key used to initialize the cipher to the
+     * needed length.
+     *
+     * @param E         the key to resize
+     * @param blockSize the cipher block size
+     * @param hash      the hash algorithm
+     * @param K         the key exchange K parameter
+     * @param H         the key exchange H parameter
+     *
+     * @return the resized key
+     */
+    private static byte[] resizedKey(byte[] E, int blockSize, Digest hash, byte[] K, byte[] H) {
+        while (blockSize > E.length) {
+            Buffer.PlainBuffer buffer = new Buffer.PlainBuffer().putMPInt(K).putRawBytes(H).putRawBytes(E);
+            hash.update(buffer.array(), 0, buffer.available());
+            byte[] foo = hash.digest();
+            byte[] bar = new byte[E.length + foo.length];
+            System.arraycopy(E, 0, bar, 0, E.length);
+            System.arraycopy(foo, 0, bar, E.length, foo.length);
+            E = bar;
+        }
+        return E;
+    }
+
+    /* See Sec. 7.2. "Output from Key Exchange", RFC 4253 */
+
+    private void gotNewKeys() {
+        final Digest hash = kex.getHash();
+
+        if (sessionID == null)
+            // session id is 'H' from the first key exchange and does not change thereafter
+            sessionID = Arrays.copyOf(kex.getH(), kex.getH().length);
+
+        final Buffer.PlainBuffer hashInput = new Buffer.PlainBuffer() //
+                .putMPInt(kex.getK()) //
+                .putRawBytes(kex.getH()) //
+                .putByte((byte) 0) // <placeholder>
+                .putRawBytes(sessionID);
+        final int pos = hashInput.available() - sessionID.length - 1; // Position of <placeholder>
+
+        hashInput.array()[pos] = 'A';
+        hash.update(hashInput.array(), 0, hashInput.available());
+        final byte[] initialIV_C2S = hash.digest();
+
+        hashInput.array()[pos] = 'B';
+        hash.update(hashInput.array(), 0, hashInput.available());
+        final byte[] initialIV_S2C = hash.digest();
+
+        hashInput.array()[pos] = 'C';
+        hash.update(hashInput.array(), 0, hashInput.available());
+        final byte[] encryptionKey_C2S = hash.digest();
+
+        hashInput.array()[pos] = 'D';
+        hash.update(hashInput.array(), 0, hashInput.available());
+        final byte[] encryptionKey_S2C = hash.digest();
+
+        hashInput.array()[pos] = 'E';
+        hash.update(hashInput.array(), 0, hashInput.available());
+        final byte[] integrityKey_C2S = hash.digest();
+
+        hashInput.array()[pos] = 'F';
+        hash.update(hashInput.array(), 0, hashInput.available());
+        final byte[] integrityKey_S2C = hash.digest();
+
+        final Cipher cipher_C2S = Factory.Named.Util.create(transport.getConfig().getCipherFactories(), negotiatedAlgs
+                .getClient2ServerCipherAlgorithm());
+        cipher_C2S.init(Cipher.Mode.Encrypt, //
+                resizedKey(encryptionKey_C2S, cipher_C2S.getBlockSize(), hash, kex.getK(), kex.getH()), //
+                initialIV_C2S);
+
+        final Cipher cipher_S2C = Factory.Named.Util.create(transport.getConfig().getCipherFactories(), //
+                negotiatedAlgs.getServer2ClientCipherAlgorithm());
+        cipher_S2C.init(Cipher.Mode.Decrypt, //
+                resizedKey(encryptionKey_S2C, cipher_S2C.getBlockSize(), hash, kex.getK(), kex.getH()), //
+                initialIV_S2C);
+
+        final MAC mac_C2S = Factory.Named.Util.create(transport.getConfig().getMACFactories(), negotiatedAlgs
+                .getClient2ServerMACAlgorithm());
+        mac_C2S.init(integrityKey_C2S);
+
+        final MAC mac_S2C = Factory.Named.Util.create(transport.getConfig().getMACFactories(), //
+                negotiatedAlgs.getServer2ClientMACAlgorithm());
+        mac_S2C.init(integrityKey_S2C);
+
+        final Compression compression_S2C = Factory.Named.Util.create(transport.getConfig().getCompressionFactories(),
+                negotiatedAlgs.getServer2ClientCompressionAlgorithm());
+        final Compression compression_C2S = Factory.Named.Util.create(transport.getConfig().getCompressionFactories(),
+                negotiatedAlgs.getClient2ServerCompressionAlgorithm());
+
+        transport.getEncoder().setAlgorithms(cipher_C2S, mac_C2S, compression_C2S);
+        transport.getDecoder().setAlgorithms(cipher_S2C, mac_S2C, compression_S2C);
+    }
+
+    public void handle(Message msg, SSHPacket buf) throws TransportException {
+        switch (expected) {
+
+            case KEXINIT:
+                ensureReceivedMatchesExpected(msg, Message.KEXINIT);
+                log.info("Received SSH_MSG_KEXINIT");
+                startKex(false); // Will start key exchange if not already on
+                /*
+                * We block on this event to prevent a race condition where we may have received a SSH_MSG_KEXINIT before
+                * having sent the packet ourselves (would cause gotKexInit() to fail)
+                */
+                kexInitSent.await(transport.getTimeout(), TimeUnit.SECONDS);
+                buf.rpos(buf.rpos() - 1);
+                gotKexInit(buf);
+                expected = Expected.FOLLOWUP;
+                break;
+
+            case FOLLOWUP:
+                ensureKexOngoing();
+                log.info("Received kex followup data");
+                if (kex.next(msg, buf)) {
+                    verifyHost(kex.getHostKey());
+                    sendNewKeys();
+                    expected = Expected.NEWKEYS;
+                }
+                break;
+
+            case NEWKEYS:
+                ensureReceivedMatchesExpected(msg, Message.NEWKEYS);
+                ensureKexOngoing();
+                log.info("Received SSH_MSG_NEWKEYS");
+                gotNewKeys();
+                setKexDone();
+                expected = Expected.KEXINIT;
+                break;
+
+            default:
+                assert false;
+
+        }
+    }
+
+    public void notifyError(SSHException error) {
+        log.debug("Got notified of {}", error.toString());
+        FutureUtils.alertAll(error, kexInitSent, done);
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/transport/NegotiatedAlgorithms.java b/src/main/java/net/schmizz/sshj/transport/NegotiatedAlgorithms.java
new file mode 100644
index 00000000..7685c7e5
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/NegotiatedAlgorithms.java
@@ -0,0 +1,107 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport;
+
+public final class NegotiatedAlgorithms {
+
+    private final String kex;
+    private final String sig;
+    private final String c2sCipher;
+    private final String s2cCipher;
+    private final String c2sMAC;
+    private final String s2cMAC;
+    private final String c2sComp;
+    private final String s2cComp;
+
+    NegotiatedAlgorithms(String kex, String sig, String c2sCipher, String s2cCipher, String c2sMAC, String s2cMAC,
+                         String c2sComp, String s2cComp) {
+        this.kex = kex;
+        this.sig = sig;
+        this.c2sCipher = c2sCipher;
+        this.s2cCipher = s2cCipher;
+        this.c2sMAC = c2sMAC;
+        this.s2cMAC = s2cMAC;
+        this.c2sComp = c2sComp;
+        this.s2cComp = s2cComp;
+    }
+
+    public String getKeyExchangeAlgorithm() {
+        return kex;
+    }
+
+    public String getSignatureAlgorithm() {
+        return sig;
+    }
+
+    public String getClient2ServerCipherAlgorithm() {
+        return c2sCipher;
+    }
+
+    public String getServer2ClientCipherAlgorithm() {
+        return s2cCipher;
+    }
+
+    public String getClient2ServerMACAlgorithm() {
+        return c2sMAC;
+    }
+
+    public String getServer2ClientMACAlgorithm() {
+        return s2cMAC;
+    }
+
+    public String getClient2ServerCompressionAlgorithm() {
+        return c2sComp;
+    }
+
+    public String getServer2ClientCompressionAlgorithm() {
+        return s2cComp;
+    }
+
+    @Override
+    public String toString() {
+        return ("[ " + //
+                "kex=" + kex + "; " + //
+                "sig=" + sig + "; " + //
+                "c2sCipher=" + c2sCipher + "; " + //
+                "s2cCipher=" + s2cCipher + "; " + //
+                "c2sMAC=" + c2sMAC + "; " + //
+                "s2cMAC=" + s2cMAC + "; " + //
+                "c2sComp=" + c2sComp + "; " + //
+                "s2cComp=" + s2cComp + //
+                " ]");
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/transport/Proposal.java b/src/main/java/net/schmizz/sshj/transport/Proposal.java
new file mode 100644
index 00000000..aff3844b
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/Proposal.java
@@ -0,0 +1,176 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport;
+
+import net.schmizz.sshj.Config;
+import net.schmizz.sshj.common.Factory;
+import net.schmizz.sshj.common.Message;
+import net.schmizz.sshj.common.SSHPacket;
+
+import java.util.Arrays;
+import java.util.List;
+
+class Proposal {
+
+    private final List<String> kex;
+    private final List<String> sig;
+    private final List<String> c2sCipher;
+    private final List<String> s2cCipher;
+    private final List<String> c2sMAC;
+    private final List<String> s2cMAC;
+    private final List<String> c2sComp;
+    private final List<String> s2cComp;
+    private final SSHPacket packet;
+
+    public Proposal(Config config) {
+        kex = Factory.Named.Util.getNames(config.getKeyExchangeFactories());
+        sig = Factory.Named.Util.getNames(config.getSignatureFactories());
+        c2sCipher = s2cCipher = Factory.Named.Util.getNames(config.getCipherFactories());
+        c2sMAC = s2cMAC = Factory.Named.Util.getNames(config.getMACFactories());
+        c2sComp = s2cComp = Factory.Named.Util.getNames(config.getCompressionFactories());
+
+        packet = new SSHPacket(Message.KEXINIT);
+
+        // Put cookie
+        packet.ensureCapacity(16);
+        config.getRandomFactory().create().fill(packet.array(), packet.wpos(), 16);
+        packet.wpos(packet.wpos() + 16);
+
+        // Put algorithm lists
+        packet.putString(toCommaString(kex));
+        packet.putString(toCommaString(sig));
+        packet.putString(toCommaString(c2sCipher));
+        packet.putString(toCommaString(s2cCipher));
+        packet.putString(toCommaString(c2sMAC));
+        packet.putString(toCommaString(s2cMAC));
+        packet.putString(toCommaString(c2sComp));
+        packet.putString(toCommaString(s2cComp));
+        packet.putString("");
+        packet.putString("");
+
+        packet.putBoolean(false); // Optimistic next packet does not follow
+        packet.putInt(0); // "Reserved" for future by spec
+    }
+
+    public Proposal(SSHPacket packet) {
+        this.packet = packet;
+        final int savedPos = packet.rpos();
+        packet.rpos(packet.rpos() + 17); // Skip message ID & cookie
+        kex = fromCommaString(packet.readString());
+        sig = fromCommaString(packet.readString());
+        c2sCipher = fromCommaString(packet.readString());
+        s2cCipher = fromCommaString(packet.readString());
+        c2sMAC = fromCommaString(packet.readString());
+        s2cMAC = fromCommaString(packet.readString());
+        c2sComp = fromCommaString(packet.readString());
+        s2cComp = fromCommaString(packet.readString());
+        packet.rpos(savedPos);
+    }
+
+    public List<String> getKeyExchangeAlgorithms() {
+        return kex;
+    }
+
+    public List<String> getSignatureAlgorithms() {
+        return sig;
+    }
+
+    public List<String> getClient2ServerCipherAlgorithms() {
+        return c2sCipher;
+    }
+
+    public List<String> getServer2ClientCipherAlgorithms() {
+        return s2cCipher;
+    }
+
+    public List<String> getClient2ServerMACAlgorithms() {
+        return c2sMAC;
+    }
+
+    public List<String> getServer2ClientMACAlgorithms() {
+        return s2cMAC;
+    }
+
+    public List<String> getClient2ServerCompressionAlgorithms() {
+        return c2sComp;
+    }
+
+    public List<String> getServer2ClientCompressionAlgorithms() {
+        return s2cComp;
+    }
+
+    public SSHPacket getPacket() {
+        return new SSHPacket(packet);
+
+    }
+
+    public NegotiatedAlgorithms negotiate(Proposal other) throws TransportException {
+        return new NegotiatedAlgorithms(
+                firstMatch(this.getKeyExchangeAlgorithms(), other.getKeyExchangeAlgorithms()), //
+                firstMatch(this.getSignatureAlgorithms(), other.getSignatureAlgorithms()), //
+                firstMatch(this.getClient2ServerCipherAlgorithms(), other.getClient2ServerCipherAlgorithms()), //
+                firstMatch(this.getServer2ClientCipherAlgorithms(), other.getServer2ClientCipherAlgorithms()), //
+                firstMatch(this.getClient2ServerMACAlgorithms(), other.getClient2ServerMACAlgorithms()), //
+                firstMatch(this.getServer2ClientMACAlgorithms(), other.getServer2ClientMACAlgorithms()), //
+                firstMatch(this.getClient2ServerCompressionAlgorithms(), other.getClient2ServerCompressionAlgorithms()), //
+                firstMatch(this.getServer2ClientCompressionAlgorithms(), other.getServer2ClientCompressionAlgorithms()) //
+        );
+    }
+
+    private static String firstMatch(List<String> a, List<String> b) throws TransportException {
+        for (String aa : a)
+            for (String bb : b)
+                if (aa.equals(bb))
+                    return aa;
+        throw new TransportException("Unable to reach a settlement: " + a + " and " + b);
+    }
+
+    private static String toCommaString(List<String> sl) {
+        StringBuilder sb = new StringBuilder();
+        int i = 0;
+        for (String s : sl) {
+            if (i++ != 0)
+                sb.append(",");
+            sb.append(s);
+        }
+        return sb.toString();
+    }
+
+    private static List<String> fromCommaString(String s) {
+        return Arrays.asList(s.split(","));
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/Reader.java b/src/main/java/net/schmizz/sshj/transport/Reader.java
new file mode 100644
index 00000000..a6fcee91
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/Reader.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+
+package net.schmizz.sshj.transport;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.InputStream;
+
+final class Reader extends Thread {
+
+    private final Logger log = LoggerFactory.getLogger(getClass());
+
+    private final TransportProtocol trans;
+
+    Reader(TransportProtocol trans) {
+        this.trans = trans;
+        setName("reader");
+    }
+
+    @Override
+    public void run() {
+        final Thread curThread = Thread.currentThread();
+
+        try {
+
+            final Decoder decoder = trans.getDecoder();
+            final InputStream inp = trans.getConnInfo().in;
+
+            final byte[] recvbuf = new byte[decoder.getMaxPacketLength()];
+
+            int needed = 1;
+
+            while (!curThread.isInterrupted()) {
+                int read = inp.read(recvbuf, 0, needed);
+                if (read == -1)
+                    throw new TransportException("Broken transport; encountered EOF");
+                else
+                    needed = decoder.received(recvbuf, read);
+            }
+
+        } catch (Exception e) {
+            if (curThread.isInterrupted()) {
+                // We are meant to shut up and draw to a close if interrupted
+            } else
+                trans.die(e);
+        }
+
+        log.debug("Stopping");
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/Transport.java b/src/main/java/net/schmizz/sshj/transport/Transport.java
new file mode 100644
index 00000000..b41f94d2
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/Transport.java
@@ -0,0 +1,190 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport;
+
+import net.schmizz.sshj.Config;
+import net.schmizz.sshj.Service;
+import net.schmizz.sshj.common.DisconnectReason;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.common.SSHPacketHandler;
+import net.schmizz.sshj.transport.verification.HostKeyVerifier;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+/** Transport layer of the SSH protocol. */
+public interface Transport extends SSHPacketHandler {
+
+    /**
+     * Sets the {@code socket} to be used by this transport; and identification information is exchanged. A {@link
+     * TransportException} is thrown in case of SSH protocol version incompatibility.
+     *
+     * @throws TransportException if there is an error during exchange of identification information
+     */
+    void init(String host, int port, InputStream in, OutputStream out) throws TransportException;
+
+    void addHostKeyVerifier(HostKeyVerifier hkv);
+
+    void doKex() throws TransportException;
+
+    /** @return the version string used by this client to identify itself to an SSH server, e.g. "SSHJ_3_0" */
+    String getClientVersion();
+
+    /** @return the {@link net.schmizz.sshj.ConfigImpl} associated with this transport. */
+    Config getConfig();
+
+    /** @return the timeout that is currently set for blocking operations. */
+    int getTimeout();
+
+    /**
+     * Set a timeout for method that may block, e.g. {@link #reqService(net.schmizz.sshj.Service)}, {@link
+     * KeyExchanger#waitForDone()}.
+     *
+     * @param timeout the timeout in seconds
+     */
+    void setTimeout(int timeout);
+
+    int getHeartbeatInterval();
+
+    void setHeartbeatInterval(int interval);
+
+    /** Returns the hostname to which this transport is connected. */
+    String getRemoteHost();
+
+    /** Returns the port number on the {@link #getRemoteHost() remote host} to which this transport is connected. */
+    int getRemotePort();
+
+    /**
+     * Returns the version string as sent by the SSH server for identification purposes, e.g. "OpenSSH_$version".
+     * <p/>
+     * If the transport has not yet been initialized via {@link #init}, it will be {@code null}.
+     *
+     * @return server's version string (may be {@code null})
+     */
+    String getServerVersion();
+
+    byte[] getSessionID();
+
+    /** Returns the currently active {@link net.schmizz.sshj.Service} instance. */
+    Service getService();
+
+    /**
+     * Request a SSH service represented by a {@link net.schmizz.sshj.Service} instance. A separate call to {@link
+     * #setService} is not needed.
+     *
+     * @param service the SSH service to be requested
+     *
+     * @throws IOException if the request failed for any reason
+     */
+    void reqService(Service service) throws TransportException;
+
+    /**
+     * Sets the currently active {@link net.schmizz.sshj.Service}. Handling of non-transport-layer packets is {@link
+     * net.schmizz.sshj.Service#handle delegated} to that service.
+     * <p/>
+     * For this method to be successful, at least one service request via {@link #reqService} must have been successful
+     * (not necessarily for the service being set).
+     *
+     * @param service (null-ok) the {@link net.schmizz.sshj.Service}
+     */
+    void setService(Service service);
+
+    /** Returns whether the transport thinks it is authenticated. */
+    boolean isAuthenticated();
+
+    /**
+     * Informs this transport that authentication has been completed. This method <strong>must</strong> be called after
+     * successful authentication, so that delayed compression may become effective if applicable.
+     */
+    void setAuthenticated();
+
+    /**
+     * Sends SSH_MSG_UNIMPLEMENTED in response to the last packet received.
+     *
+     * @return the sequence number of the packet sent
+     *
+     * @throws TransportException if an error occured sending the packet
+     */
+    long sendUnimplemented() throws TransportException;
+
+    /**
+     * Returns whether this transport is active.
+     * <p/>
+     * The transport is considered to be running if it has been initialized without error via {@link #init} and has not
+     * been disconnected.
+     */
+    boolean isRunning();
+
+    /**
+     * Joins the thread calling this method to the transport's death. The transport dies of exceptional events.
+     *
+     * @throws TransportException
+     */
+    void join() throws TransportException;
+
+    /** Send a disconnection packet with reason as {@link DisconnectReason#BY_APPLICATION}, and closes this transport. */
+    void disconnect();
+
+    /**
+     * Send a disconnect packet with the given {@link net.schmizz.sshj.common.DisconnectReason reason}, and closes this
+     * transport.
+     */
+    void disconnect(DisconnectReason reason);
+
+    /**
+     * Send a disconnect packet with the given {@link DisconnectReason reason} and {@code message}, and closes this
+     * transport.
+     *
+     * @param reason  the reason code for this disconnect
+     * @param message the text message
+     */
+    void disconnect(DisconnectReason reason, String message);
+
+    /**
+     * Write a packet over this transport.
+     * <p/>
+     * The {@code payload} {@link net.schmizz.sshj.common.SSHPacket} should have 5 bytes free at the beginning to avoid
+     * a performance penalty associated with making space for header bytes (packet length, padding length).
+     *
+     * @param payload the {@link net.schmizz.sshj.common.SSHPacket} containing data to send
+     *
+     * @return sequence number of the sent packet
+     *
+     * @throws TransportException if an error occurred sending the packet
+     */
+    long write(SSHPacket payload) throws TransportException;
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/transport/TransportException.java b/src/main/java/net/schmizz/sshj/transport/TransportException.java
new file mode 100644
index 00000000..d079afac
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/TransportException.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport;
+
+import net.schmizz.concurrent.ExceptionChainer;
+import net.schmizz.sshj.common.DisconnectReason;
+import net.schmizz.sshj.common.SSHException;
+
+/** Transport-layer exception */
+public class TransportException extends SSHException {
+
+    /** @see {@link net.schmizz.concurrent.ExceptionChainer} */
+    public static final ExceptionChainer<TransportException> chainer = new ExceptionChainer<TransportException>() {
+        public TransportException chain(Throwable t) {
+            if (t instanceof TransportException)
+                return (TransportException) t;
+            else
+                return new TransportException(t);
+        }
+    };
+
+    public TransportException() {
+        super();
+    }
+
+    public TransportException(DisconnectReason code) {
+        super(code);
+    }
+
+    public TransportException(DisconnectReason code, String message) {
+        super(code, message);
+    }
+
+    public TransportException(DisconnectReason code, String message, Throwable cause) {
+        super(code, message, cause);
+    }
+
+    public TransportException(DisconnectReason code, Throwable cause) {
+        super(code, cause);
+    }
+
+    public TransportException(String message) {
+        super(message);
+    }
+
+    public TransportException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public TransportException(Throwable cause) {
+        super(cause);
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/transport/TransportProtocol.java b/src/main/java/net/schmizz/sshj/transport/TransportProtocol.java
new file mode 100644
index 00000000..d12c231a
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/TransportProtocol.java
@@ -0,0 +1,548 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport;
+
+import net.schmizz.concurrent.Event;
+import net.schmizz.concurrent.FutureUtils;
+import net.schmizz.sshj.AbstractService;
+import net.schmizz.sshj.Config;
+import net.schmizz.sshj.Service;
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.DisconnectReason;
+import net.schmizz.sshj.common.IOUtils;
+import net.schmizz.sshj.common.Message;
+import net.schmizz.sshj.common.SSHException;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.transport.verification.HostKeyVerifier;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.locks.ReentrantLock;
+
+/** A thread-safe {@link Transport} implementation. */
+public final class TransportProtocol implements Transport {
+
+    private static final class NullService extends AbstractService {
+        NullService(Transport trans) {
+            super("null-service", trans);
+        }
+    }
+
+    static final class ConnInfo {
+        final String host;
+        final int port;
+        final InputStream in;
+        final OutputStream out;
+
+        public ConnInfo(String host, int port, InputStream in, OutputStream out) {
+            this.host = host;
+            this.port = port;
+            this.in = in;
+            this.out = out;
+        }
+    }
+
+    private final Logger log = LoggerFactory.getLogger(getClass());
+
+    private final Service nullService = new NullService(this);
+
+    private final Config config;
+
+    private final KeyExchanger kexer;
+
+    private final Reader reader;
+
+    private final Heartbeater heartbeater;
+
+    private final Encoder encoder;
+
+    private final Decoder decoder;
+
+    private final Event<TransportException> serviceAccept = new Event<TransportException>("service accept",
+            TransportException.chainer);
+
+    private final Event<TransportException> close = new Event<TransportException>("transport close",
+            TransportException.chainer);
+
+    /** Client version identification string */
+    private final String clientID;
+
+    private volatile int timeout = 30;
+
+    private volatile boolean authed = false;
+
+    /** Currently active service e.g. UserAuthService, ConnectionService */
+    private volatile Service service = nullService;
+
+    private ConnInfo connInfo;
+
+    /** Server version identification string */
+    private String serverID;
+
+    /** Message identifier of last packet received */
+    private Message msg;
+
+    private final ReentrantLock writeLock = new ReentrantLock();
+
+    public TransportProtocol(Config config) {
+        this.config = config;
+        this.reader = new Reader(this);
+        this.heartbeater = new Heartbeater(this);
+        this.encoder = new Encoder(config.getRandomFactory().create(), writeLock);
+        this.decoder = new Decoder(this);
+        this.kexer = new KeyExchanger(this);
+        clientID = "SSH-2.0-" + config.getVersion();
+    }
+
+    public void init(String remoteHost, int remotePort, InputStream in, OutputStream out) throws TransportException {
+        connInfo = new ConnInfo(remoteHost, remotePort, in, out);
+
+        try {
+
+            log.info("Client identity string: {}", clientID);
+            connInfo.out.write((clientID + "\r\n").getBytes());
+
+            // Read server's ID
+            final Buffer.PlainBuffer buf = new Buffer.PlainBuffer();
+            while ((serverID = readIdentification(buf)).isEmpty()) {
+                buf.putByte((byte) connInfo.in.read());
+            }
+
+            log.info("Server identity string: {}", serverID);
+
+        } catch (IOException e) {
+            throw new TransportException(e);
+        }
+
+        reader.start();
+    }
+
+    /**
+     * Reads the identification string from the SSH server. This is the very first string that is sent upon connection
+     * by the server. It takes the form of, e.g. "SSH-2.0-OpenSSH_ver".
+     * <p/>
+     * Several concerns are taken care of here, e.g. verifying protocol version, correct line endings as specified in
+     * RFC and such.
+     * <p/>
+     * This is not efficient but is only done once.
+     *
+     * @param buffer
+     *
+     * @return
+     *
+     * @throws IOException
+     */
+    private String readIdentification(Buffer.PlainBuffer buffer) throws IOException {
+        String ident;
+
+        byte[] data = new byte[256];
+        for (; ;) {
+            int savedBufPos = buffer.rpos();
+            int pos = 0;
+            boolean needLF = false;
+            for (; ;) {
+                if (buffer.available() == 0) {
+                    // Need more data, so undo reading and return null
+                    buffer.rpos(savedBufPos);
+                    return "";
+                }
+                byte b = buffer.readByte();
+                if (b == '\r') {
+                    needLF = true;
+                    continue;
+                }
+                if (b == '\n')
+                    break;
+                if (needLF)
+                    throw new TransportException("Incorrect identification: bad line ending");
+                if (pos >= data.length)
+                    throw new TransportException("Incorrect identification: line too long");
+                data[pos++] = b;
+            }
+            ident = new String(data, 0, pos);
+            if (ident.startsWith("SSH-"))
+                break;
+            if (buffer.rpos() > 16 * 1024)
+                throw new TransportException("Incorrect identification: too many header lines");
+        }
+
+        if (!ident.startsWith("SSH-2.0-") && !ident.startsWith("SSH-1.99-"))
+            throw new TransportException(DisconnectReason.PROTOCOL_VERSION_NOT_SUPPORTED,
+                    "Server does not support SSHv2, identified as: " + ident);
+
+        return ident;
+    }
+
+    public void addHostKeyVerifier(HostKeyVerifier hkv) {
+        kexer.addHostKeyVerifier(hkv);
+    }
+
+    public void doKex() throws TransportException {
+        kexer.startKex(true);
+    }
+
+    public boolean isKexDone() {
+        return kexer.isKexDone();
+    }
+
+    public int getTimeout() {
+        return timeout;
+    }
+
+    public void setTimeout(int timeout) {
+        this.timeout = timeout;
+    }
+
+    public int getHeartbeatInterval() {
+        return heartbeater.getInterval();
+    }
+
+    public void setHeartbeatInterval(int interval) {
+        heartbeater.setInterval(interval);
+    }
+
+    public String getRemoteHost() {
+        return connInfo.host;
+    }
+
+    public int getRemotePort() {
+        return connInfo.port;
+    }
+
+    public String getClientVersion() {
+        return clientID.substring(8);
+    }
+
+    public Config getConfig() {
+        return config;
+    }
+
+    public String getServerVersion() {
+        return serverID == null ? serverID : serverID.substring(8);
+    }
+
+    public byte[] getSessionID() {
+        return kexer.getSessionID();
+    }
+
+    public synchronized Service getService() {
+        return service;
+    }
+
+    public synchronized void setService(Service service) {
+        if (service == null)
+            service = nullService;
+
+        log.info("Setting active service to {}", service.getName());
+        this.service = service;
+    }
+
+    public void reqService(Service service) throws TransportException {
+        serviceAccept.lock();
+        try {
+            serviceAccept.clear();
+            sendServiceRequest(service.getName());
+            serviceAccept.await(timeout, TimeUnit.SECONDS);
+            setService(service);
+        } finally {
+            serviceAccept.unlock();
+        }
+    }
+
+    /**
+     * Sends a service request for the specified service
+     *
+     * @param serviceName name of the service being requested
+     *
+     * @throws TransportException if there is an error while sending the request
+     */
+    private void sendServiceRequest(String serviceName) throws TransportException {
+        log.debug("Sending SSH_MSG_SERVICE_REQUEST for {}", serviceName);
+        write(new SSHPacket(Message.SERVICE_REQUEST).putString(serviceName));
+    }
+
+    public void setAuthenticated() {
+        this.authed = true;
+        encoder.setAuthenticated();
+        decoder.setAuthenticated();
+    }
+
+    public boolean isAuthenticated() {
+        return authed;
+    }
+
+    public long sendUnimplemented() throws TransportException {
+        final long seq = decoder.getSequenceNumber();
+        log.info("Sending SSH_MSG_UNIMPLEMENTED for packet #{}", seq);
+        return write(new SSHPacket(Message.UNIMPLEMENTED).putInt(seq));
+    }
+
+    public void join() throws TransportException {
+        close.await();
+    }
+
+    public boolean isRunning() {
+        return reader.isAlive() && !close.isSet();
+    }
+
+    public void disconnect() {
+        disconnect(DisconnectReason.BY_APPLICATION);
+    }
+
+    public void disconnect(DisconnectReason reason) {
+        disconnect(reason, "");
+    }
+
+    public void disconnect(DisconnectReason reason, String message) {
+        close.lock(); // CAS type operation on close
+        try {
+            try {
+                service.notifyDisconnect();
+            } catch (SSHException logged) {
+                log.warn("{} did not handle disconnect cleanly: {}", service, logged);
+            }
+            if (!close.isSet()) {
+                sendDisconnect(reason, message);
+                finishOff();
+                close.set();
+            }
+        } finally {
+            close.unlock();
+        }
+    }
+
+    public long write(SSHPacket payload) throws TransportException {
+        writeLock.lock();
+        try {
+
+            if (kexer.isKexOngoing()) {
+                // Only transport layer packets (1 to 49) allowed except SERVICE_REQUEST
+                final Message m = Message.fromByte(payload.array()[payload.rpos()]);
+                if (!m.in(1, 49) || m == Message.SERVICE_REQUEST) {
+                    assert m != Message.KEXINIT;
+                    kexer.waitForDone();
+                }
+            } else if (encoder.getSequenceNumber() == 0) // We get here every 2**32th packet
+                kexer.startKex(true);
+
+            final long seq = encoder.encode(payload);
+            try {
+                connInfo.out.write(payload.array(), payload.rpos(), payload.available());
+                connInfo.out.flush();
+            } catch (IOException ioe) {
+                throw new TransportException(ioe);
+            }
+
+            return seq;
+
+        } finally {
+            writeLock.unlock();
+        }
+    }
+
+    private void sendDisconnect(DisconnectReason reason, String message) {
+        if (message == null)
+            message = "";
+        log.debug("Sending SSH_MSG_DISCONNECT: reason=[{}], msg=[{}]", reason, message);
+        try {
+            write(new SSHPacket(Message.DISCONNECT)
+                    .putInt(reason.toInt())
+                    .putString(message)
+                    .putString(""));
+        } catch (IOException logged) {
+            log.warn("Error writing packet: {}", logged);
+        }
+    }
+
+    /**
+     * This is where all incoming packets are handled. If they pertain to the transport layer, they are handled here;
+     * otherwise they are delegated to the active service instance if any via {@link Service#handle}.
+     * <p/>
+     * Even among the transport layer specific packets, key exchange packets are delegated to {@link
+     * KeyExchanger#handle}.
+     * <p/>
+     * This method is called in the context of the {@link #reader} thread via {@link Decoder#received} when a full
+     * packet has been decoded.
+     *
+     * @param msg the message identifer
+     * @param buf buffer containg rest of the packet
+     *
+     * @throws SSHException if an error occurs during handling (unrecoverable)
+     */
+    public void handle(Message msg, SSHPacket buf) throws SSHException {
+        this.msg = msg;
+
+        log.trace("Received packet {}", msg);
+
+        if (msg.geq(50)) // not a transport layer packet
+            service.handle(msg, buf);
+
+        else if (msg.in(20, 21) || msg.in(30, 49)) // kex packet
+            kexer.handle(msg, buf);
+
+        else
+            switch (msg) {
+                case DISCONNECT: {
+                    gotDisconnect(buf);
+                    break;
+                }
+                case IGNORE: {
+                    log.info("Received SSH_MSG_IGNORE");
+                    break;
+                }
+                case UNIMPLEMENTED: {
+                    gotUnimplemented(buf);
+                    break;
+                }
+                case DEBUG: {
+                    gotDebug(buf);
+                    break;
+                }
+                case SERVICE_ACCEPT: {
+                    gotServiceAccept();
+                    break;
+                }
+                default:
+                    sendUnimplemented();
+            }
+    }
+
+    private void gotDebug(SSHPacket buf) {
+        boolean display = buf.readBoolean();
+        String message = buf.readString();
+        log.info("Received SSH_MSG_DEBUG (display={}) '{}'", display, message);
+    }
+
+    private void gotDisconnect(SSHPacket buf) throws TransportException {
+        DisconnectReason code = DisconnectReason.fromInt(buf.readInt());
+        String message = buf.readString();
+        log.info("Received SSH_MSG_DISCONNECT (reason={}, msg={})", code, message);
+        throw new TransportException(code, "Disconnected; server said: " + message);
+    }
+
+    private void gotServiceAccept() throws TransportException {
+        serviceAccept.lock();
+        try {
+            if (!serviceAccept.hasWaiters())
+                throw new TransportException(DisconnectReason.PROTOCOL_ERROR,
+                        "Got a service accept notification when none was awaited");
+            serviceAccept.set();
+        } finally {
+            serviceAccept.unlock();
+        }
+    }
+
+    /**
+     * Got an SSH_MSG_UNIMPLEMENTED, so lets see where we're at and act accordingly.
+     *
+     * @param buf
+     *
+     * @throws TransportException
+     */
+    private void gotUnimplemented(SSHPacket buf) throws SSHException {
+        long seqNum = buf.readLong();
+        log.info("Received SSH_MSG_UNIMPLEMENTED #{}", seqNum);
+        if (kexer.isKexOngoing())
+            throw new TransportException("Received SSH_MSG_UNIMPLEMENTED while exchanging keys");
+        getService().notifyUnimplemented(seqNum);
+    }
+
+    private void finishOff() {
+        reader.interrupt();
+        heartbeater.interrupt();
+        IOUtils.closeQuietly(connInfo.in);
+        IOUtils.closeQuietly(connInfo.out);
+    }
+
+    void die(Exception ex) {
+        close.lock();
+        try {
+            if (!close.isSet()) {
+
+                log.error("Dying because - {}", ex.toString());
+
+                final SSHException causeOfDeath = SSHException.chainer.chain(ex);
+
+                FutureUtils.alertAll(causeOfDeath, close, serviceAccept);
+                kexer.notifyError(causeOfDeath);
+                getService().notifyError(causeOfDeath);
+                setService(nullService);
+
+                { // Perhaps can send disconnect packet to server
+                    final boolean didNotReceiveDisconnect = msg != Message.DISCONNECT;
+                    final boolean gotRequiredInfo = causeOfDeath.getDisconnectReason() != DisconnectReason.UNKNOWN;
+                    if (didNotReceiveDisconnect && gotRequiredInfo)
+                        sendDisconnect(causeOfDeath.getDisconnectReason(), causeOfDeath.getMessage());
+                }
+
+                finishOff();
+
+                close.set();
+            }
+        } finally {
+            close.unlock();
+        }
+    }
+
+    String getClientID() {
+        return clientID;
+    }
+
+    String getServerID() {
+        return serverID;
+    }
+
+    Encoder getEncoder() {
+        return encoder;
+    }
+
+    Decoder getDecoder() {
+        return decoder;
+    }
+
+    ReentrantLock getWriteLock() {
+        return writeLock;
+    }
+
+    ConnInfo getConnInfo() {
+        return connInfo;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/AES128CBC.java b/src/main/java/net/schmizz/sshj/transport/cipher/AES128CBC.java
new file mode 100644
index 00000000..55b70286
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES128CBC.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.cipher;
+
+/** AES128CBC cipher */
+public class AES128CBC extends BaseCipher {
+
+    /** Named factory for AES128CBC Cipher */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Cipher> {
+        public Cipher create() {
+            return new AES128CBC();
+        }
+
+        public String getName() {
+            return "aes128-cbc";
+        }
+    }
+
+    public AES128CBC() {
+        super(16, 16, "AES", "AES/CBC/NoPadding");
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/AES128CTR.java b/src/main/java/net/schmizz/sshj/transport/cipher/AES128CTR.java
new file mode 100644
index 00000000..3629afa1
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES128CTR.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.cipher;
+
+/** {@code aes128-ctr} cipher */
+public class AES128CTR extends BaseCipher {
+
+    /** Named factory for AES128CBC Cipher */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Cipher> {
+        public Cipher create() {
+            return new AES128CTR();
+        }
+
+        public String getName() {
+            return "aes128-ctr";
+        }
+    }
+
+    public AES128CTR() {
+        super(16, 16, "AES", "AES/CTR/NoPadding");
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/AES192CBC.java b/src/main/java/net/schmizz/sshj/transport/cipher/AES192CBC.java
new file mode 100644
index 00000000..f539b8c6
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES192CBC.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.cipher;
+
+/** {@code aes192-cbc} cipher */
+public class AES192CBC extends BaseCipher {
+
+    /** Named factory for AES192CBC Cipher */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Cipher> {
+        public Cipher create() {
+            return new AES192CBC();
+        }
+
+        public String getName() {
+            return "aes192-cbc";
+        }
+    }
+
+    public AES192CBC() {
+        super(16, 24, "AES", "AES/CBC/NoPadding");
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/AES192CTR.java b/src/main/java/net/schmizz/sshj/transport/cipher/AES192CTR.java
new file mode 100644
index 00000000..00df71d5
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES192CTR.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.cipher;
+
+/** {@code aes192-ctr} cipher */
+public class AES192CTR extends BaseCipher {
+
+    /** Named factory for AES192CTR Cipher */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Cipher> {
+        public Cipher create() {
+            return new AES192CTR();
+        }
+
+        public String getName() {
+            return "aes192-ctr";
+        }
+    }
+
+    public AES192CTR() {
+        super(16, 24, "AES", "AES/CTR/NoPadding");
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/AES256CBC.java b/src/main/java/net/schmizz/sshj/transport/cipher/AES256CBC.java
new file mode 100644
index 00000000..f2213e97
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES256CBC.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.cipher;
+
+/** {@code aes256-ctr} cipher */
+public class AES256CBC extends BaseCipher {
+
+    /** Named factory for AES256CBC Cipher */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Cipher> {
+        public Cipher create() {
+            return new AES256CBC();
+        }
+
+        public String getName() {
+            return "aes256-cbc";
+        }
+    }
+
+    public AES256CBC() {
+        super(16, 32, "AES", "AES/CBC/NoPadding");
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/AES256CTR.java b/src/main/java/net/schmizz/sshj/transport/cipher/AES256CTR.java
new file mode 100644
index 00000000..653f5576
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES256CTR.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.cipher;
+
+/** {@code aes256-ctr} cipher */
+public class AES256CTR extends BaseCipher {
+
+    /** Named factory for AES256CBC Cipher */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Cipher> {
+        public Cipher create() {
+            return new AES256CTR();
+        }
+
+        public String getName() {
+            return "aes256-ctr";
+        }
+    }
+
+    public AES256CTR() {
+        super(16, 32, "AES", "AES/CTR/NoPadding");
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/BaseCipher.java b/src/main/java/net/schmizz/sshj/transport/cipher/BaseCipher.java
new file mode 100644
index 00000000..bc41d92a
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/BaseCipher.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.cipher;
+
+import net.schmizz.sshj.common.SSHRuntimeException;
+import net.schmizz.sshj.common.SecurityUtils;
+
+import javax.crypto.ShortBufferException;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.GeneralSecurityException;
+
+/** Base class for all Cipher implementations delegating to the JCE provider. */
+public class BaseCipher implements Cipher {
+
+    private static byte[] resize(byte[] data, int size) {
+        if (data.length > size) {
+            final byte[] tmp = new byte[size];
+            System.arraycopy(data, 0, tmp, 0, size);
+            data = tmp;
+        }
+        return data;
+    }
+
+    private final int ivsize;
+    private final int bsize;
+    private final String algorithm;
+    private final String transformation;
+
+    private javax.crypto.Cipher cipher;
+
+    public BaseCipher(int ivsize, int bsize, String algorithm, String transformation) {
+        this.ivsize = ivsize;
+        this.bsize = bsize;
+        this.algorithm = algorithm;
+        this.transformation = transformation;
+    }
+
+    public int getBlockSize() {
+        return bsize;
+    }
+
+    public int getIVSize() {
+        return ivsize;
+    }
+
+    public void init(Mode mode, byte[] key, byte[] iv) {
+        key = BaseCipher.resize(key, bsize);
+        iv = BaseCipher.resize(iv, ivsize);
+        try {
+            cipher = SecurityUtils.getCipher(transformation);
+            cipher.init((mode == Mode.Encrypt ? javax.crypto.Cipher.ENCRYPT_MODE : javax.crypto.Cipher.DECRYPT_MODE),
+                    new SecretKeySpec(key, algorithm), new IvParameterSpec(iv));
+        } catch (GeneralSecurityException e) {
+            cipher = null;
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+    public void update(byte[] input, int inputOffset, int inputLen) {
+        try {
+            cipher.update(input, inputOffset, inputLen, input, inputOffset);
+        } catch (ShortBufferException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/BlowfishCBC.java b/src/main/java/net/schmizz/sshj/transport/cipher/BlowfishCBC.java
new file mode 100644
index 00000000..8212531b
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/BlowfishCBC.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.cipher;
+
+/** {@code blowfish-ctr} cipher */
+public class BlowfishCBC extends BaseCipher {
+
+    /** Named factory for BlowfishCBC Cipher */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Cipher> {
+        public Cipher create() {
+            return new BlowfishCBC();
+        }
+
+        public String getName() {
+            return "blowfish-cbc";
+        }
+    }
+
+    public BlowfishCBC() {
+        super(8, 16, "Blowfish", "Blowfish/CBC/NoPadding");
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/Cipher.java b/src/main/java/net/schmizz/sshj/transport/cipher/Cipher.java
new file mode 100644
index 00000000..3a4a8824
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/Cipher.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.cipher;
+
+/** Wrapper for a cryptographic cipher, used either for encryption or decryption. */
+public interface Cipher {
+
+    enum Mode {
+        Encrypt, Decrypt
+    }
+
+    /**
+     * Retrieves the block size for this cipher
+     *
+     * @return
+     */
+    int getBlockSize();
+
+    /**
+     * Retrieves the size of the initialization vector
+     *
+     * @return
+     */
+    int getIVSize();
+
+    /**
+     * Initialize the cipher for encryption or decryption with the given private key and initialization vector
+     *
+     * @param mode
+     * @param key
+     * @param iv
+     */
+    void init(Mode mode, byte[] key, byte[] iv);
+
+    /**
+     * Performs in-place encryption or decryption on the given data.
+     *
+     * @param input
+     * @param inputOffset
+     * @param inputLen
+     */
+    void update(byte[] input, int inputOffset, int inputLen);
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/NoneCipher.java b/src/main/java/net/schmizz/sshj/transport/cipher/NoneCipher.java
new file mode 100644
index 00000000..d930049b
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/NoneCipher.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.cipher;
+
+/** Represents a no-op cipher. */
+public class NoneCipher implements Cipher {
+
+    /** Named factory for the no-op Cipher */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Cipher> {
+        public Cipher create() {
+            return new NoneCipher();
+        }
+
+        public String getName() {
+            return "none";
+        }
+    }
+
+    public int getBlockSize() {
+        return 8;
+    }
+
+    public int getIVSize() {
+        return 8;
+    }
+
+    public void init(Mode mode, byte[] bytes, byte[] bytes1) {
+    }
+
+    public void update(byte[] input, int inputOffset, int inputLen) {
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/cipher/TripleDESCBC.java b/src/main/java/net/schmizz/sshj/transport/cipher/TripleDESCBC.java
new file mode 100644
index 00000000..0538272a
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/TripleDESCBC.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.cipher;
+
+/** {@code 3des-cbc} cipher */
+public class TripleDESCBC extends BaseCipher {
+
+    /** Named factory for TripleDESCBC Cipher */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Cipher> {
+        public Cipher create() {
+            return new TripleDESCBC();
+        }
+
+        public String getName() {
+            return "3des-cbc";
+        }
+    }
+
+    public TripleDESCBC() {
+        super(8, 24, "DESede", "DESede/CBC/NoPadding");
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/compression/Compression.java b/src/main/java/net/schmizz/sshj/transport/compression/Compression.java
new file mode 100644
index 00000000..fa8a31e4
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/compression/Compression.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.compression;
+
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.transport.TransportException;
+
+/** Interface used to compress the stream of data between the SSH server and clients. */
+public interface Compression {
+
+    /** Enum identifying if this object will be used to compress or uncompress data. */
+    enum Type {
+        Inflater, Deflater
+    }
+
+    /**
+     * Compress the given buffer in place.
+     *
+     * @param buffer the buffer containing the data to compress s
+     */
+    void compress(SSHPacket buffer);
+
+    /**
+     * Initialize this object to either compress or uncompress data. This method must be called prior to any calls to
+     * either <code>compress</code> or <code>uncompress</code>. Once the object has been initialized, only one of
+     * <code>compress</code> or <code>uncompress</code> method can be called.
+     *
+     * @param type
+     * @param level
+     */
+    void init(Type type, int level);
+
+    /**
+     * Delayed compression is an Open-SSH specific feature which informs both the client and server to not compress data
+     * before the session has been authenticated.
+     *
+     * @return if the compression is delayed after authentication or not
+     */
+    boolean isDelayed();
+
+    /**
+     * Uncompress the data in a buffer into another buffer.
+     *
+     * @param from the buffer containing the data to uncompress
+     * @param to   the buffer receiving the uncompressed data
+     */
+    void uncompress(SSHPacket from, SSHPacket to) throws TransportException;
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/compression/DelayedZlibCompression.java b/src/main/java/net/schmizz/sshj/transport/compression/DelayedZlibCompression.java
new file mode 100644
index 00000000..30991e63
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/compression/DelayedZlibCompression.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.compression;
+
+/**
+ * ZLib delayed compression.
+ *
+ * @see Compression#isDelayed()
+ */
+public class DelayedZlibCompression extends ZlibCompression {
+
+    /** Named factory for the ZLib Delayed Compression. */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Compression> {
+        public Compression create() {
+            return new DelayedZlibCompression();
+        }
+
+        public String getName() {
+            return "zlib@openssh.com";
+        }
+    }
+
+    @Override
+    public boolean isDelayed() {
+        return true;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/compression/NoneCompression.java b/src/main/java/net/schmizz/sshj/transport/compression/NoneCompression.java
new file mode 100644
index 00000000..cb1e138e
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/compression/NoneCompression.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.compression;
+
+/** No-op <code>Compression</code>. */
+public abstract class NoneCompression implements Compression {
+
+    /** Named factory for the no-op <code>Compression</code> */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Compression> {
+        public Compression create() {
+            return null;
+        }
+
+        public String getName() {
+            return "none";
+        }
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/compression/ZlibCompression.java b/src/main/java/net/schmizz/sshj/transport/compression/ZlibCompression.java
new file mode 100644
index 00000000..ac1dcbea
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/compression/ZlibCompression.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.compression;
+
+import com.jcraft.jzlib.JZlib;
+import com.jcraft.jzlib.ZStream;
+import net.schmizz.sshj.common.DisconnectReason;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.common.SSHRuntimeException;
+import net.schmizz.sshj.transport.TransportException;
+
+/** ZLib based Compression. */
+public class ZlibCompression implements Compression {
+
+    /** Named factory for the ZLib Compression. */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Compression> {
+        public Compression create() {
+            return new ZlibCompression();
+        }
+
+        public String getName() {
+            return "zlib";
+        }
+    }
+
+    static private final int BUF_SIZE = 4096;
+
+    private ZStream stream;
+    private final byte[] tmpbuf = new byte[BUF_SIZE];
+
+    /** Create a new instance of a ZLib base compression */
+    public ZlibCompression() {
+    }
+
+    public void compress(SSHPacket buffer) {
+        stream.next_in = buffer.array();
+        stream.next_in_index = buffer.rpos();
+        stream.avail_in = buffer.available();
+        buffer.wpos(buffer.rpos());
+        do {
+            stream.next_out = tmpbuf;
+            stream.next_out_index = 0;
+            stream.avail_out = BUF_SIZE;
+            int status = stream.deflate(JZlib.Z_PARTIAL_FLUSH);
+            switch (status) {
+                case JZlib.Z_OK:
+                    buffer.putRawBytes(tmpbuf, 0, BUF_SIZE - stream.avail_out);
+                    break;
+                default:
+                    throw new SSHRuntimeException("compress: deflate returned " + status);
+            }
+        } while (stream.avail_out == 0);
+    }
+
+    public void init(Type type, int level) {
+        stream = new ZStream();
+        if (type == Type.Deflater)
+            stream.deflateInit(level);
+        else
+            stream.inflateInit();
+    }
+
+    public boolean isDelayed() {
+        return false;
+    }
+
+    public void uncompress(SSHPacket from, SSHPacket to) throws TransportException {
+        stream.next_in = from.array();
+        stream.next_in_index = from.rpos();
+        stream.avail_in = from.available();
+
+        while (true) {
+            stream.next_out = tmpbuf;
+            stream.next_out_index = 0;
+            stream.avail_out = BUF_SIZE;
+            int status = stream.inflate(JZlib.Z_PARTIAL_FLUSH);
+            switch (status) {
+                case JZlib.Z_OK:
+                    to.putRawBytes(tmpbuf, 0, BUF_SIZE - stream.avail_out);
+                    break;
+                case JZlib.Z_BUF_ERROR:
+                    return; // wtf.. but this works *head spins*
+                default:
+                    throw new TransportException(DisconnectReason.COMPRESSION_ERROR, "uncompress: inflate returned "
+                            + status);
+            }
+        }
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/digest/BaseDigest.java b/src/main/java/net/schmizz/sshj/transport/digest/BaseDigest.java
new file mode 100644
index 00000000..42cdebd7
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/digest/BaseDigest.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.digest;
+
+import net.schmizz.sshj.common.SSHRuntimeException;
+import net.schmizz.sshj.common.SecurityUtils;
+
+import java.security.GeneralSecurityException;
+import java.security.MessageDigest;
+
+/** Base class for Digest algorithms based on the JCE provider. */
+public class BaseDigest implements Digest {
+
+    private final String algorithm;
+    private final int bsize;
+    private MessageDigest md;
+
+    /**
+     * Create a new digest using the given algorithm and block size. The initialization and creation of the underlying
+     * {@link MessageDigest} object will be done in the {@link #init()} method.
+     *
+     * @param algorithm the JCE algorithm to use for this digest
+     * @param bsize     the block size of this digest
+     */
+    public BaseDigest(String algorithm, int bsize) {
+        this.algorithm = algorithm;
+        this.bsize = bsize;
+    }
+
+    public byte[] digest() {
+        return md.digest();
+    }
+
+    public int getBlockSize() {
+        return bsize;
+    }
+
+    public void init() {
+        try {
+            md = SecurityUtils.getMessageDigest(algorithm);
+        } catch (GeneralSecurityException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+    public void update(byte[] foo) {
+        update(foo, 0, foo.length);
+    }
+
+    public void update(byte[] foo, int start, int len) {
+        md.update(foo, start, len);
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/digest/Digest.java b/src/main/java/net/schmizz/sshj/transport/digest/Digest.java
new file mode 100644
index 00000000..5541d3c3
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/digest/Digest.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.digest;
+
+/** Interface used to compute digests, based on algorithms such as MD5 or SHA1. */
+public interface Digest {
+
+    byte[] digest();
+
+    int getBlockSize();
+
+    void init();
+
+    void update(byte[] foo);
+
+    void update(byte[] foo, int start, int len);
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/digest/MD5.java b/src/main/java/net/schmizz/sshj/transport/digest/MD5.java
new file mode 100644
index 00000000..2738fbf2
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/digest/MD5.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.digest;
+
+/** MD5 Digest. */
+public class MD5 extends BaseDigest {
+
+    /** Named factory for MD5 digest */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Digest> {
+
+        public Digest create() {
+            return new MD5();
+        }
+
+        public String getName() {
+            return "md5";
+        }
+    }
+
+    /** Create a new instance of a MD5 digest */
+    public MD5() {
+        super("MD5", 16);
+    }
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/digest/SHA1.java b/src/main/java/net/schmizz/sshj/transport/digest/SHA1.java
new file mode 100644
index 00000000..07917171
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/digest/SHA1.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.digest;
+
+/** SHA1 Digest. */
+public class SHA1 extends BaseDigest {
+
+    /** Named factory for SHA1 digest */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Digest> {
+
+        public Digest create() {
+            return new SHA1();
+        }
+
+        public String getName() {
+            return "sha1";
+        }
+    }
+
+    /** Create a new instance of a SHA1 digest */
+    public SHA1() {
+        super("SHA-1", 20);
+    }
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java b/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java
new file mode 100644
index 00000000..24e6e46e
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/kex/AbstractDHG.java
@@ -0,0 +1,144 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.kex;
+
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.ByteArrayUtils;
+import net.schmizz.sshj.common.DisconnectReason;
+import net.schmizz.sshj.common.Factory;
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.common.Message;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.signature.Signature;
+import net.schmizz.sshj.transport.Transport;
+import net.schmizz.sshj.transport.TransportException;
+import net.schmizz.sshj.transport.digest.Digest;
+import net.schmizz.sshj.transport.digest.SHA1;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.security.PublicKey;
+
+/**
+ * Base class for DHG key exchange algorithms. Implementations will only have to configure the required data on the
+ * {@link DH} class in the
+ */
+public abstract class AbstractDHG implements KeyExchange {
+
+    private final Logger log = LoggerFactory.getLogger(getClass());
+
+    private Transport trans;
+
+    private final Digest sha = new SHA1();
+    private final DH dh = new DH();
+
+    private byte[] V_S;
+    private byte[] V_C;
+    private byte[] I_S;
+    private byte[] I_C;
+
+    private byte[] e;
+    private byte[] f;
+    private byte[] K;
+    private byte[] H;
+    private PublicKey hostKey;
+
+    public byte[] getH() {
+        return ByteArrayUtils.copyOf(H);
+    }
+
+    public Digest getHash() {
+        return sha;
+    }
+
+    public PublicKey getHostKey() {
+        return hostKey;
+    }
+
+    public byte[] getK() {
+        return ByteArrayUtils.copyOf(K);
+    }
+
+    public void init(Transport trans, byte[] V_S, byte[] V_C, byte[] I_S, byte[] I_C) throws TransportException {
+        this.trans = trans;
+        this.V_S = ByteArrayUtils.copyOf(V_S);
+        this.V_C = ByteArrayUtils.copyOf(V_C);
+        this.I_S = ByteArrayUtils.copyOf(I_S);
+        this.I_C = ByteArrayUtils.copyOf(I_C);
+        sha.init();
+        initDH(dh);
+        e = dh.getE();
+
+        log.info("Sending SSH_MSG_KEXDH_INIT");
+        trans.write(new SSHPacket(Message.KEXDH_INIT).putMPInt(e));
+    }
+
+    public boolean next(Message msg, SSHPacket packet) throws TransportException {
+        if (msg != Message.KEXDH_31)
+            throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED, "Unxpected packet: " + msg);
+
+        log.info("Received SSH_MSG_KEXDH_REPLY");
+        final byte[] K_S = packet.readBytes();
+        f = packet.readMPIntAsBytes();
+        final byte[] sig = packet.readBytes(); // signature sent by server
+        dh.setF(f);
+        K = dh.getK();
+
+        hostKey = new Buffer.PlainBuffer(K_S).readPublicKey();
+
+        final Buffer.PlainBuffer buf = new Buffer.PlainBuffer() // our hash
+                .putString(V_C) // 
+                .putString(V_S) // 
+                .putString(I_C) //
+                .putString(I_S) //
+                .putString(K_S) //
+                .putMPInt(e) //
+                .putMPInt(f) //
+                .putMPInt(K); //
+        sha.update(buf.array(), 0, buf.available());
+        H = sha.digest();
+
+        Signature signature = Factory.Named.Util.create(trans.getConfig().getSignatureFactories(), KeyType.fromKey(hostKey).toString());
+        signature.init(hostKey, null);
+        signature.update(H, 0, H.length);
+        if (!signature.verify(sig))
+            throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED, "KeyExchange signature verification failed");
+        return true;
+    }
+
+    protected abstract void initDH(DH dh);
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/kex/DH.java b/src/main/java/net/schmizz/sshj/transport/kex/DH.java
new file mode 100644
index 00000000..d83e98b0
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/kex/DH.java
@@ -0,0 +1,133 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.kex;
+
+import net.schmizz.sshj.common.ByteArrayUtils;
+import net.schmizz.sshj.common.SSHRuntimeException;
+import net.schmizz.sshj.common.SecurityUtils;
+
+import javax.crypto.KeyAgreement;
+import javax.crypto.spec.DHParameterSpec;
+import javax.crypto.spec.DHPublicKeySpec;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PublicKey;
+
+/** Diffie-Hellman key generator. */
+public class DH {
+
+    private BigInteger p;
+    private BigInteger g;
+    private BigInteger e; // my public key
+    private byte[] e_array;
+    private BigInteger f; // your public key
+    private BigInteger K; // shared secret key
+    private byte[] K_array;
+    private final KeyPairGenerator myKpairGen;
+    private final KeyAgreement myKeyAgree;
+
+    public DH() {
+        try {
+            myKpairGen = SecurityUtils.getKeyPairGenerator("DH");
+            myKeyAgree = SecurityUtils.getKeyAgreement("DH");
+        } catch (GeneralSecurityException e) {
+            throw new SSHRuntimeException(e);
+        }
+
+    }
+
+    public byte[] getE() {
+        if (e == null) {
+            DHParameterSpec dhSkipParamSpec = new DHParameterSpec(p, g);
+            KeyPair myKpair;
+            try {
+                myKpairGen.initialize(dhSkipParamSpec);
+                myKpair = myKpairGen.generateKeyPair();
+                myKeyAgree.init(myKpair.getPrivate());
+            } catch (GeneralSecurityException e) {
+                throw new SSHRuntimeException(e);
+            }
+            e = ((javax.crypto.interfaces.DHPublicKey) myKpair.getPublic()).getY();
+            e_array = e.toByteArray();
+        }
+        return ByteArrayUtils.copyOf(e_array);
+    }
+
+    public byte[] getK() {
+        if (K == null) {
+            try {
+                KeyFactory myKeyFac = SecurityUtils.getKeyFactory("DH");
+                DHPublicKeySpec keySpec = new DHPublicKeySpec(f, p, g);
+                PublicKey yourPubKey = myKeyFac.generatePublic(keySpec);
+                myKeyAgree.doPhase(yourPubKey, true);
+            } catch (GeneralSecurityException e) {
+                throw new SSHRuntimeException(e);
+            }
+            byte[] mySharedSecret = myKeyAgree.generateSecret();
+            K = new BigInteger(mySharedSecret);
+            K_array = mySharedSecret;
+        }
+        return ByteArrayUtils.copyOf(K_array);
+    }
+
+    public void setF(byte[] f) {
+        setF(new BigInteger(f));
+    }
+
+    public void setG(byte[] g) {
+        setG(new BigInteger(g));
+    }
+
+    public void setP(byte[] p) {
+        setP(new BigInteger(p));
+    }
+
+    void setF(BigInteger f) {
+        this.f = f;
+    }
+
+    void setG(BigInteger g) {
+        this.g = g;
+    }
+
+    void setP(BigInteger p) {
+        this.p = p;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/kex/DHG1.java b/src/main/java/net/schmizz/sshj/transport/kex/DHG1.java
new file mode 100644
index 00000000..15c7872b
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/kex/DHG1.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.kex;
+
+/**
+ * Diffie-Hellman key exchange with SHA-1 and Oakley Group 2 [RFC2409] (1024-bit MODP Group).
+ *
+ * @see <a href="http://www.ietf.org/rfc/rfc4253.txt">RFC 4253</a>
+ */
+public class DHG1 extends AbstractDHG {
+
+    /** Named factory for DHG1 key exchange */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<KeyExchange> {
+
+        public KeyExchange create() {
+            return new DHG1();
+        }
+
+        public String getName() {
+            return "diffie-hellman-group1-sha1";
+        }
+
+    }
+
+    @Override
+    protected void initDH(DH dh) {
+        dh.setG(DHGroupData.getG());
+        dh.setP(DHGroupData.getP1());
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/kex/DHG14.java b/src/main/java/net/schmizz/sshj/transport/kex/DHG14.java
new file mode 100644
index 00000000..9eee9d5e
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/kex/DHG14.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.kex;
+
+/**
+ * Diffie-Hellman key exchange with SHA-1 and Oakley Group 14 [RFC3526] (2048-bit MODP Group).
+ * <p/>
+ * DHG14 does not work with the default JCE implementation provided by Sun because it does not support 2048 bits
+ * encryption. It requires BouncyCastle to be used.
+ */
+public class DHG14 extends AbstractDHG {
+
+    /** Named factory for DHG14 key exchange */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<KeyExchange> {
+
+        public KeyExchange create() {
+            return new DHG14();
+        }
+
+        public String getName() {
+            return "diffie-hellman-group14-sha1";
+        }
+
+    }
+
+    @Override
+    protected void initDH(DH dh) {
+        dh.setG(DHGroupData.getG());
+        dh.setP(DHGroupData.getP14());
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/kex/DHGroupData.java b/src/main/java/net/schmizz/sshj/transport/kex/DHGroupData.java
new file mode 100644
index 00000000..c4cfa649
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/kex/DHGroupData.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.kex;
+
+/** Simple class holding the data for DH group key exchanges. */
+public final class DHGroupData {
+
+    public static byte[] getG() {
+        final byte[] G = {2};
+        return G;
+    }
+
+    public static byte[] getP1() {
+        final byte[] P_1 = {(byte) 0x00, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+                (byte) 0xFF, (byte) 0xFF, (byte) 0xC9, (byte) 0x0F, (byte) 0xDA, (byte) 0xA2, (byte) 0x21, (byte) 0x68,
+                (byte) 0xC2, (byte) 0x34, (byte) 0xC4, (byte) 0xC6, (byte) 0x62, (byte) 0x8B, (byte) 0x80, (byte) 0xDC,
+                (byte) 0x1C, (byte) 0xD1, (byte) 0x29, (byte) 0x02, (byte) 0x4E, (byte) 0x08, (byte) 0x8A, (byte) 0x67,
+                (byte) 0xCC, (byte) 0x74, (byte) 0x02, (byte) 0x0B, (byte) 0xBE, (byte) 0xA6, (byte) 0x3B, (byte) 0x13,
+                (byte) 0x9B, (byte) 0x22, (byte) 0x51, (byte) 0x4A, (byte) 0x08, (byte) 0x79, (byte) 0x8E, (byte) 0x34,
+                (byte) 0x04, (byte) 0xDD, (byte) 0xEF, (byte) 0x95, (byte) 0x19, (byte) 0xB3, (byte) 0xCD, (byte) 0x3A,
+                (byte) 0x43, (byte) 0x1B, (byte) 0x30, (byte) 0x2B, (byte) 0x0A, (byte) 0x6D, (byte) 0xF2, (byte) 0x5F,
+                (byte) 0x14, (byte) 0x37, (byte) 0x4F, (byte) 0xE1, (byte) 0x35, (byte) 0x6D, (byte) 0x6D, (byte) 0x51,
+                (byte) 0xC2, (byte) 0x45, (byte) 0xE4, (byte) 0x85, (byte) 0xB5, (byte) 0x76, (byte) 0x62, (byte) 0x5E,
+                (byte) 0x7E, (byte) 0xC6, (byte) 0xF4, (byte) 0x4C, (byte) 0x42, (byte) 0xE9, (byte) 0xA6, (byte) 0x37,
+                (byte) 0xED, (byte) 0x6B, (byte) 0x0B, (byte) 0xFF, (byte) 0x5C, (byte) 0xB6, (byte) 0xF4, (byte) 0x06,
+                (byte) 0xB7, (byte) 0xED, (byte) 0xEE, (byte) 0x38, (byte) 0x6B, (byte) 0xFB, (byte) 0x5A, (byte) 0x89,
+                (byte) 0x9F, (byte) 0xA5, (byte) 0xAE, (byte) 0x9F, (byte) 0x24, (byte) 0x11, (byte) 0x7C, (byte) 0x4B,
+                (byte) 0x1F, (byte) 0xE6, (byte) 0x49, (byte) 0x28, (byte) 0x66, (byte) 0x51, (byte) 0xEC, (byte) 0xE6,
+                (byte) 0x53, (byte) 0x81, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+                (byte) 0xFF, (byte) 0xFF};
+        return P_1;
+    }
+
+    public static byte[] getP14() {
+        final byte[] P_14 = {(byte) 0x00, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+                (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xC9, (byte) 0x0F, (byte) 0xDA, (byte) 0xA2, (byte) 0x21,
+                (byte) 0x68, (byte) 0xC2, (byte) 0x34, (byte) 0xC4, (byte) 0xC6, (byte) 0x62, (byte) 0x8B, (byte) 0x80,
+                (byte) 0xDC, (byte) 0x1C, (byte) 0xD1, (byte) 0x29, (byte) 0x02, (byte) 0x4E, (byte) 0x08, (byte) 0x8A,
+                (byte) 0x67, (byte) 0xCC, (byte) 0x74, (byte) 0x02, (byte) 0x0B, (byte) 0xBE, (byte) 0xA6, (byte) 0x3B,
+                (byte) 0x13, (byte) 0x9B, (byte) 0x22, (byte) 0x51, (byte) 0x4A, (byte) 0x08, (byte) 0x79, (byte) 0x8E,
+                (byte) 0x34, (byte) 0x04, (byte) 0xDD, (byte) 0xEF, (byte) 0x95, (byte) 0x19, (byte) 0xB3, (byte) 0xCD,
+                (byte) 0x3A, (byte) 0x43, (byte) 0x1B, (byte) 0x30, (byte) 0x2B, (byte) 0x0A, (byte) 0x6D, (byte) 0xF2,
+                (byte) 0x5F, (byte) 0x14, (byte) 0x37, (byte) 0x4F, (byte) 0xE1, (byte) 0x35, (byte) 0x6D, (byte) 0x6D,
+                (byte) 0x51, (byte) 0xC2, (byte) 0x45, (byte) 0xE4, (byte) 0x85, (byte) 0xB5, (byte) 0x76, (byte) 0x62,
+                (byte) 0x5E, (byte) 0x7E, (byte) 0xC6, (byte) 0xF4, (byte) 0x4C, (byte) 0x42, (byte) 0xE9, (byte) 0xA6,
+                (byte) 0x37, (byte) 0xED, (byte) 0x6B, (byte) 0x0B, (byte) 0xFF, (byte) 0x5C, (byte) 0xB6, (byte) 0xF4,
+                (byte) 0x06, (byte) 0xB7, (byte) 0xED, (byte) 0xEE, (byte) 0x38, (byte) 0x6B, (byte) 0xFB, (byte) 0x5A,
+                (byte) 0x89, (byte) 0x9F, (byte) 0xA5, (byte) 0xAE, (byte) 0x9F, (byte) 0x24, (byte) 0x11, (byte) 0x7C,
+                (byte) 0x4B, (byte) 0x1F, (byte) 0xE6, (byte) 0x49, (byte) 0x28, (byte) 0x66, (byte) 0x51, (byte) 0xEC,
+                (byte) 0xE4, (byte) 0x5B, (byte) 0x3D, (byte) 0xC2, (byte) 0x00, (byte) 0x7C, (byte) 0xB8, (byte) 0xA1,
+                (byte) 0x63, (byte) 0xBF, (byte) 0x05, (byte) 0x98, (byte) 0xDA, (byte) 0x48, (byte) 0x36, (byte) 0x1C,
+                (byte) 0x55, (byte) 0xD3, (byte) 0x9A, (byte) 0x69, (byte) 0x16, (byte) 0x3F, (byte) 0xA8, (byte) 0xFD,
+                (byte) 0x24, (byte) 0xCF, (byte) 0x5F, (byte) 0x83, (byte) 0x65, (byte) 0x5D, (byte) 0x23, (byte) 0xDC,
+                (byte) 0xA3, (byte) 0xAD, (byte) 0x96, (byte) 0x1C, (byte) 0x62, (byte) 0xF3, (byte) 0x56, (byte) 0x20,
+                (byte) 0x85, (byte) 0x52, (byte) 0xBB, (byte) 0x9E, (byte) 0xD5, (byte) 0x29, (byte) 0x07, (byte) 0x70,
+                (byte) 0x96, (byte) 0x96, (byte) 0x6D, (byte) 0x67, (byte) 0x0C, (byte) 0x35, (byte) 0x4E, (byte) 0x4A,
+                (byte) 0xBC, (byte) 0x98, (byte) 0x04, (byte) 0xF1, (byte) 0x74, (byte) 0x6C, (byte) 0x08, (byte) 0xCA,
+                (byte) 0x18, (byte) 0x21, (byte) 0x7C, (byte) 0x32, (byte) 0x90, (byte) 0x5E, (byte) 0x46, (byte) 0x2E,
+                (byte) 0x36, (byte) 0xCE, (byte) 0x3B, (byte) 0xE3, (byte) 0x9E, (byte) 0x77, (byte) 0x2C, (byte) 0x18,
+                (byte) 0x0E, (byte) 0x86, (byte) 0x03, (byte) 0x9B, (byte) 0x27, (byte) 0x83, (byte) 0xA2, (byte) 0xEC,
+                (byte) 0x07, (byte) 0xA2, (byte) 0x8F, (byte) 0xB5, (byte) 0xC5, (byte) 0x5D, (byte) 0xF0, (byte) 0x6F,
+                (byte) 0x4C, (byte) 0x52, (byte) 0xC9, (byte) 0xDE, (byte) 0x2B, (byte) 0xCB, (byte) 0xF6, (byte) 0x95,
+                (byte) 0x58, (byte) 0x17, (byte) 0x18, (byte) 0x39, (byte) 0x95, (byte) 0x49, (byte) 0x7C, (byte) 0xEA,
+                (byte) 0x95, (byte) 0x6A, (byte) 0xE5, (byte) 0x15, (byte) 0xD2, (byte) 0x26, (byte) 0x18, (byte) 0x98,
+                (byte) 0xFA, (byte) 0x05, (byte) 0x10, (byte) 0x15, (byte) 0x72, (byte) 0x8E, (byte) 0x5A, (byte) 0x8A,
+                (byte) 0xAC, (byte) 0xAA, (byte) 0x68, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+                (byte) 0xFF, (byte) 0xFF, (byte) 0xFF};
+        return P_14;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/kex/KeyExchange.java b/src/main/java/net/schmizz/sshj/transport/kex/KeyExchange.java
new file mode 100644
index 00000000..33b7a94c
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/kex/KeyExchange.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.kex;
+
+import net.schmizz.sshj.common.Message;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.transport.Transport;
+import net.schmizz.sshj.transport.TransportException;
+import net.schmizz.sshj.transport.digest.Digest;
+
+import java.security.PublicKey;
+
+/** Key exchange algorithm. */
+public interface KeyExchange {
+
+    /**
+     * Retrieves the computed H parameter
+     *
+     * @return
+     */
+    byte[] getH();
+
+    /**
+     * The message digest used by this key exchange algorithm.
+     *
+     * @return the message digest
+     */
+    Digest getHash();
+
+    PublicKey getHostKey();
+
+    /** Retrieves the computed K parameter */
+    byte[] getK();
+
+    /**
+     * Initialize the key exchange algorithm.
+     *
+     * @param V_S the server identification string
+     * @param V_C the client identification string
+     * @param I_S the server key init packet
+     * @param I_C the client key init packet
+     */
+    void init(Transport trans, byte[] V_S, byte[] V_C, byte[] I_S, byte[] I_C) throws TransportException;
+
+    /**
+     * Process the next packet
+     *
+     * @param buffer the packet
+     *
+     * @return a boolean indicating if the processing is complete or if more packets are to be received
+     */
+    boolean next(Message msg, SSHPacket buffer) throws TransportException;
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/mac/BaseMAC.java b/src/main/java/net/schmizz/sshj/transport/mac/BaseMAC.java
new file mode 100644
index 00000000..94b695ab
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/mac/BaseMAC.java
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.mac;
+
+import net.schmizz.sshj.common.SSHRuntimeException;
+import net.schmizz.sshj.common.SecurityUtils;
+
+import javax.crypto.ShortBufferException;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.GeneralSecurityException;
+
+/** Base class for <code>MAC</code> implementations based on the JCE provider. */
+public class BaseMAC implements MAC {
+
+    private final String algorithm;
+    private final int defbsize;
+    private final int bsize;
+    private final byte[] tmp;
+    private javax.crypto.Mac mac;
+
+    public BaseMAC(String algorithm, int bsize, int defbsize) {
+        this.algorithm = algorithm;
+        this.bsize = bsize;
+        this.defbsize = defbsize;
+        tmp = new byte[defbsize];
+    }
+
+    public byte[] doFinal() {
+        return mac.doFinal();
+    }
+
+    public byte[] doFinal(byte[] input) {
+        return mac.doFinal(input);
+    }
+
+    public void doFinal(byte[] buf, int offset) {
+        try {
+            if (bsize != defbsize) {
+                mac.doFinal(tmp, 0);
+                System.arraycopy(tmp, 0, buf, offset, bsize);
+            } else
+                mac.doFinal(buf, offset);
+        } catch (ShortBufferException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+    public int getBlockSize() {
+        return bsize;
+    }
+
+    public void init(byte[] key) {
+        if (key.length > defbsize) {
+            byte[] tmp = new byte[defbsize];
+            System.arraycopy(key, 0, tmp, 0, defbsize);
+            key = tmp;
+        }
+
+        SecretKeySpec skey = new SecretKeySpec(key, algorithm);
+        try {
+            mac = SecurityUtils.getMAC(algorithm);
+            mac.init(skey);
+        } catch (GeneralSecurityException e) {
+            throw new SSHRuntimeException(e);
+        }
+    }
+
+    public void update(byte foo[], int s, int l) {
+        mac.update(foo, s, l);
+    }
+
+    public void update(byte[] foo) {
+        mac.update(foo, 0, foo.length);
+    }
+
+    public void update(long i) {
+        tmp[0] = (byte) (i >>> 24);
+        tmp[1] = (byte) (i >>> 16);
+        tmp[2] = (byte) (i >>> 8);
+        tmp[3] = (byte) i;
+        update(tmp, 0, 4);
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/mac/HMACMD5.java b/src/main/java/net/schmizz/sshj/transport/mac/HMACMD5.java
new file mode 100644
index 00000000..cae47575
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/mac/HMACMD5.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.mac;
+
+/** HMAC-MD5 <code>MAC</code>. */
+public class HMACMD5 extends BaseMAC {
+
+    /** Named factory for the HMACMD5 <code>MAC</code> */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<MAC> {
+
+        public MAC create() {
+            return new HMACMD5();
+        }
+
+        public String getName() {
+            return "hmac-md5";
+        }
+    }
+
+    public HMACMD5() {
+        super("HmacMD5", 16, 16);
+    }
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/mac/HMACMD596.java b/src/main/java/net/schmizz/sshj/transport/mac/HMACMD596.java
new file mode 100644
index 00000000..0a726645
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/mac/HMACMD596.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.mac;
+
+/** HMAC-MD5-96 <code>MAC</code> */
+public class HMACMD596 extends BaseMAC {
+
+    /** Named factory for the HMAC-MD5-96 <code>MAC</code> */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<MAC> {
+
+        public MAC create() {
+            return new HMACMD596();
+        }
+
+        public String getName() {
+            return "hmac-md5-96";
+        }
+    }
+
+    public HMACMD596() {
+        super("HmacMD5", 12, 16);
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/mac/HMACSHA1.java b/src/main/java/net/schmizz/sshj/transport/mac/HMACSHA1.java
new file mode 100644
index 00000000..a29abb6e
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/mac/HMACSHA1.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.mac;
+
+/** HMAC-SHA1 <code>MAC</code> */
+public class HMACSHA1 extends BaseMAC {
+
+    /** Named factory for the HMAC-SHA1 <code>MAC</code> */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<MAC> {
+
+        public MAC create() {
+            return new HMACSHA1();
+        }
+
+        public String getName() {
+            return "hmac-sha1";
+        }
+    }
+
+    public HMACSHA1() {
+        super("HmacSHA1", 20, 20);
+    }
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/mac/HMACSHA196.java b/src/main/java/net/schmizz/sshj/transport/mac/HMACSHA196.java
new file mode 100644
index 00000000..72d1dcd9
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/mac/HMACSHA196.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.mac;
+
+/** HMAC-SHA1-96 <code>MAC</code> */
+public class HMACSHA196 extends BaseMAC {
+
+    /** Named factory for the HMAC-SHA1-96 <code>MAC</code> */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<MAC> {
+
+        public MAC create() {
+            return new HMACSHA196();
+        }
+
+        public String getName() {
+            return "hmac-sha1-96";
+        }
+    }
+
+    public HMACSHA196() {
+        super("HmacSHA1", 12, 20);
+    }
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/mac/MAC.java b/src/main/java/net/schmizz/sshj/transport/mac/MAC.java
new file mode 100644
index 00000000..30e8c605
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/mac/MAC.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.mac;
+
+/** Message Authentication Code for use in SSH. It usually wraps a javax.crypto.Mac class. */
+public interface MAC {
+
+    byte[] doFinal();
+
+    byte[] doFinal(byte[] input);
+
+    void doFinal(byte[] buf, int offset);
+
+    int getBlockSize();
+
+    void init(byte[] key);
+
+    void update(byte[] foo);
+
+    void update(byte[] foo, int start, int len);
+
+    void update(long foo);
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/random/BouncyCastleRandom.java b/src/main/java/net/schmizz/sshj/transport/random/BouncyCastleRandom.java
new file mode 100644
index 00000000..e41bcc6c
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/random/BouncyCastleRandom.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.random;
+
+import org.bouncycastle.crypto.prng.RandomGenerator;
+import org.bouncycastle.crypto.prng.VMPCRandomGenerator;
+
+import java.security.SecureRandom;
+
+/**
+ * BouncyCastle <code>Random</code>. This pseudo random number generator uses the a very fast PRNG from BouncyCastle.
+ * The JRE random will be used when creating a new generator to add some random data to the seed.
+ */
+public class BouncyCastleRandom implements Random {
+
+    /** Named factory for the BouncyCastle <code>Random</code> */
+    public static class Factory implements net.schmizz.sshj.common.Factory<Random> {
+
+        public Random create() {
+            return new BouncyCastleRandom();
+        }
+
+    }
+
+    private final RandomGenerator random;
+
+    public BouncyCastleRandom() {
+        random = new VMPCRandomGenerator();
+        byte[] seed = new SecureRandom().generateSeed(8);
+        random.addSeedMaterial(seed);
+    }
+
+    public void fill(byte[] bytes, int start, int len) {
+        random.nextBytes(bytes, start, len);
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/random/JCERandom.java b/src/main/java/net/schmizz/sshj/transport/random/JCERandom.java
new file mode 100644
index 00000000..44327245
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/random/JCERandom.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.random;
+
+import java.security.SecureRandom;
+
+/** A {@link Random} implementation using the built-in {@link SecureRandom} PRNG. */
+public class JCERandom implements Random {
+
+    /** Named factory for the JCE {@link Random} */
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<Random> {
+
+        public Random create() {
+            return new JCERandom();
+        }
+
+        public String getName() {
+            return "default";
+        }
+
+    }
+
+    private byte[] tmp = new byte[16];
+    private SecureRandom random = null;
+
+    public JCERandom() {
+        random = new SecureRandom();
+    }
+
+    /**
+     * Fill the given byte-array with random bytes from this PRNG.
+     *
+     * @param foo   the byte-array
+     * @param start the offset to start at
+     * @param len   the number of bytes to fill
+     */
+    public synchronized void fill(byte[] foo, int start, int len) {
+        if (start == 0 && len == foo.length)
+            random.nextBytes(foo);
+        else
+            synchronized (this) {
+                if (len > tmp.length)
+                    tmp = new byte[len];
+                random.nextBytes(tmp);
+                System.arraycopy(tmp, 0, foo, start, len);
+            }
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/random/Random.java b/src/main/java/net/schmizz/sshj/transport/random/Random.java
new file mode 100644
index 00000000..5967bbd1
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/random/Random.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.random;
+
+/** A pseudo random number generator. */
+public interface Random {
+
+    /**
+     * Fill part of bytes with random values.
+     *
+     * @param bytes byte array to be filled.
+     * @param start index to start filling at.
+     * @param len   length of segment to fill.
+     */
+    void fill(byte[] bytes, int start, int len);
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/random/SingletonRandomFactory.java b/src/main/java/net/schmizz/sshj/transport/random/SingletonRandomFactory.java
new file mode 100644
index 00000000..c7d2d210
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/random/SingletonRandomFactory.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.random;
+
+import net.schmizz.sshj.common.Factory;
+
+/** A random factory wrapper that uses a single random instance. The underlying random instance has to be thread safe. */
+public class SingletonRandomFactory implements Random, Factory<Random> {
+    private final Random random;
+
+    public SingletonRandomFactory(Factory<Random> factory) {
+        random = factory.create();
+    }
+
+    public Random create() {
+        return this;
+    }
+
+    public void fill(byte[] bytes, int start, int len) {
+        random.fill(bytes, start, len);
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/verification/ConsoleHostKeyVerifier.java b/src/main/java/net/schmizz/sshj/transport/verification/ConsoleHostKeyVerifier.java
new file mode 100644
index 00000000..5d5e15fa
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/verification/ConsoleHostKeyVerifier.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.transport.verification;
+
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.common.SecurityUtils;
+
+import java.io.Console;
+import java.io.File;
+import java.io.IOException;
+import java.security.PublicKey;
+
+public class ConsoleHostKeyVerifier extends OpenSSHKnownHosts {
+
+    private static final String YES = "yes";
+    private static final String NO = "no";
+
+    private final Console console;
+
+    public ConsoleHostKeyVerifier(File khFile, Console console) throws IOException {
+        super(khFile);
+        this.console = console;
+    }
+
+    @Override
+    protected boolean hostKeyUnverifiableAction(String hostname, PublicKey key) {
+        console.printf("The authenticity of host '%s' can't be established.\n" +
+                "%s key fingerprint is %s.\n", hostname, KeyType.fromKey(key), SecurityUtils.getFingerprint(key));
+        String response = console.readLine("Are you sure you want to continue connecting (yes/no)? ");
+        while (!(response.equalsIgnoreCase(YES) || response.equalsIgnoreCase(NO))) {
+            response = console.readLine("Please explicitly enter yes/no: ");
+        }
+        if (response.equalsIgnoreCase(YES)) {
+            entries().add(new Entry(hostname, key));
+            try {
+                write();
+            } catch (IOException e) {
+                throw new RuntimeException(e);
+            }
+            return true;
+        }
+        return false;
+    }
+
+    @Override
+    protected boolean hostKeyChangedAction(Entry entry, String hostname, PublicKey key) throws IOException {
+        final KeyType type = KeyType.fromKey(key);
+        final String fp = SecurityUtils.getFingerprint(key);
+        final String path = khFile.getAbsolutePath();
+        console.printf(
+                "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n" +
+                        "@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @\n" +
+                        "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n" +
+                        "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\n" +
+                        "Someone could be eavesdropping on you right now (man-in-the-middle attack)!\n" +
+                        "It is also possible that the host key has just been changed.\n" +
+                        "The fingerprint for the %s key sent by the remote host is\n" +
+                        "%s.\n" +
+                        "Please contact your system administrator or" +
+                        "add correct host key in %s to get rid of this message.\n", type, fp, path);
+        return false;
+    }
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/verification/HostKeyVerifier.java b/src/main/java/net/schmizz/sshj/transport/verification/HostKeyVerifier.java
new file mode 100644
index 00000000..59866d54
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/verification/HostKeyVerifier.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.transport.verification;
+
+import java.security.PublicKey;
+
+/** Host key verification interface. */
+public interface HostKeyVerifier {
+
+    /**
+     * This callback is invoked when the server's host key needs to be verified. The return value indicates to the
+     * caller whether the SSH connection should proceed.
+     * <p/>
+     * <strong>Note</strong>: host key verification is the basis for security in SSH, therefore exercise due caution in
+     * implementing!
+     *
+     * @param hostname remote hostname
+     * @param port     remote port
+     * @param key      host key of server
+     *
+     * @return {@code true} if key is acceptable, {@code false} otherwise
+     */
+    boolean verify(String hostname, int port, PublicKey key);
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/verification/InsecureAccepter.java b/src/main/java/net/schmizz/sshj/transport/verification/InsecureAccepter.java
new file mode 100644
index 00000000..1df74b45
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/verification/InsecureAccepter.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.transport.verification;
+
+import java.security.PublicKey;
+
+public final class InsecureAccepter implements HostKeyVerifier {
+
+    public boolean verify(String hostname, int port, PublicKey key) {
+        return true;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java b/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java
new file mode 100644
index 00000000..c848526c
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java
@@ -0,0 +1,267 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.transport.verification;
+
+import net.schmizz.sshj.common.Base64;
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.ByteArrayUtils;
+import net.schmizz.sshj.common.IOUtils;
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.common.SSHException;
+import net.schmizz.sshj.transport.mac.HMACSHA1;
+import net.schmizz.sshj.transport.mac.MAC;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.BufferedOutputStream;
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.FileReader;
+import java.io.IOException;
+import java.security.PublicKey;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+// TODO: allow modifications to known_hosts e.g. adding entries
+
+/**
+ * A {@link HostKeyVerifier} implementation for a {@code known_hosts} file i.e. in the format used by OpenSSH.
+ * <p/>
+ * Hashed hostnames are correctly handled.
+ *
+ * @see <a href="http://nms.lcs.mit.edu/projects/ssh/README.hashed-hosts">Hashed hostnames spec</a>
+ */
+public class OpenSSHKnownHosts implements HostKeyVerifier {
+
+    private static final String LS = System.getProperty("line.separator");
+
+    /** Represents a single line */
+    public static class Entry {
+
+        private final MAC sha1 = new HMACSHA1();
+
+        private final List<String> hosts;
+        private final KeyType type;
+
+        private PublicKey key;
+        private String sKey;
+
+        /** Construct an entry from the hostname and public key */
+        public Entry(String host, PublicKey key) {
+            this.key = key;
+            this.hosts = Arrays.asList(host);
+            type = KeyType.fromKey(key);
+        }
+
+        /**
+         * Construct an entry from a string containing the line
+         *
+         * @param line the line from a known_hosts file
+         *
+         * @throws SSHException if it could not be parsed for any reason
+         */
+        public Entry(String line) throws SSHException {
+            String[] parts = line.split(" ");
+            if (parts.length != 3)
+                throw new SSHException("Line parts not 3: " + line);
+            hosts = Arrays.asList(parts[0].split(","));
+            type = KeyType.fromString(parts[1]);
+            if (type == KeyType.UNKNOWN)
+                throw new SSHException("Unknown key type: " + parts[1]);
+            sKey = parts[2];
+        }
+
+        /** Checks whether this entry is applicable to some {@code hostname} */
+        public boolean appliesTo(String hostname) throws IOException {
+            if (!hosts.isEmpty() && hosts.get(0).startsWith("|1|")) { // Hashed hostname
+                final String[] splitted = hosts.get(0).split("\\|");
+                if (splitted.length != 4)
+                    return false;
+
+                final byte[] salt = Base64.decode(splitted[2]);
+                if (salt.length != 20)
+                    return false;
+                sha1.init(salt);
+
+                final byte[] host = Base64.decode(splitted[3]);
+                if (ByteArrayUtils.equals(host, sha1.doFinal(hostname.getBytes())))
+                    return true;
+            } else
+                // Un-hashed, possibly comma-delimited
+                for (String host : hosts)
+                    if (host.equals(hostname))
+                        return true;
+            return false;
+        }
+
+        /**
+         * Returns the public host key represented in this entry.
+         * <p/>
+         * The key is cached so repeated calls to this method may be made without concern.
+         *
+         * @return the host key
+         */
+        public PublicKey getKey() {
+            if (key == null) {
+                byte[] decoded;
+                try {
+                    decoded = Base64.decode(sKey);
+                } catch (IOException e) {
+                    return null;
+                }
+                key = new Buffer.PlainBuffer(decoded).readPublicKey();
+            }
+            return key;
+        }
+
+        public KeyType getType() {
+            return type;
+        }
+
+        public String getLine() {
+            StringBuilder line = new StringBuilder();
+            for (String host : hosts) {
+                if (line.length() > 0)
+                    line.append(",");
+                line.append(host);
+            }
+            line.append(" ").append(type.toString());
+            line.append(" ").append(getKeyString());
+            return line.toString();
+        }
+
+        private String getKeyString() {
+            if (sKey == null) {
+                final Buffer.PlainBuffer buf = new Buffer.PlainBuffer().putPublicKey(key);
+                sKey = Base64.encodeBytes(buf.array(), buf.rpos(), buf.available());
+            }
+            return sKey;
+        }
+
+        @Override
+        public String toString() {
+            return "Entry{hostnames=" + hosts + "; type=" + type + "; key=" + getKey() + "}";
+        }
+
+    }
+
+    private final Logger log = LoggerFactory.getLogger(getClass());
+
+    protected final File khFile;
+    protected final List<Entry> entries = new ArrayList<Entry>();
+
+    /**
+     * Constructs a {@code KnownHosts} object from a file location
+     *
+     * @param khFile the file location
+     *
+     * @throws IOException if there is an error reading the file
+     */
+    public OpenSSHKnownHosts(File khFile) throws IOException {
+        this.khFile = khFile;
+        if (khFile.exists()) {
+            BufferedReader br = new BufferedReader(new FileReader(khFile));
+            String line;
+            try {
+                // Read in the file, storing each line as an entry
+                while ((line = br.readLine()) != null)
+                    try {
+                        entries.add(new Entry(line));
+                    } catch (SSHException ignore) {
+                        log.debug("Bad line ({}): {} ", ignore.toString(), line);
+                    }
+            } finally {
+                IOUtils.closeQuietly(br);
+            }
+        }
+    }
+
+    /**
+     * Checks whether the specified host is known per the contents of the {@code known_hosts} file.
+     *
+     * @return {@code true} on successful verification or {@code false} on failure
+     */
+    public boolean verify(String hostname, int port, PublicKey key) {
+        KeyType type = KeyType.fromKey(key);
+        if (type == KeyType.UNKNOWN)
+            return false;
+
+        if (port != 22)
+            hostname = "[" + hostname + "]:" + port;
+
+        for (Entry e : entries)
+            try {
+                if (e.getType() == type && e.appliesTo(hostname))
+                    if (key.equals(e.getKey()))
+                        return true;
+                    else {
+                        return hostKeyChangedAction(e, hostname, key);
+                    }
+            } catch (IOException ioe) {
+                log.error("Error with {}: {}", e, ioe);
+                return false;
+            }
+        return hostKeyUnverifiableAction(hostname, key);
+    }
+
+    protected boolean hostKeyUnverifiableAction(String hostname, PublicKey key) {
+        return false;
+    }
+
+    protected boolean hostKeyChangedAction(Entry entry, String hostname, PublicKey key) throws IOException {
+        log.warn("Host key for `{}` has changed!", hostname);
+        return false;
+    }
+
+    public List<Entry> entries() {
+        return entries;
+    }
+
+    public void write() throws IOException {
+        BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(khFile));
+        for (Entry entry : entries)
+            bos.write((entry.getLine() + LS).getBytes());
+        bos.close();
+    }
+
+    public static File detectSSHDir() {
+        final File sshDir = new File(System.getProperty("user.home"), ".ssh");
+        return sshDir.exists() ? sshDir : null;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/AuthParams.java b/src/main/java/net/schmizz/sshj/userauth/AuthParams.java
new file mode 100644
index 00000000..38f4946b
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/AuthParams.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+
+package net.schmizz.sshj.userauth;
+
+import net.schmizz.sshj.transport.Transport;
+
+/** The parameters available to authentication method */
+public interface AuthParams {
+
+    /** All userauth requests need to include the name of the next service being requested */
+    String getNextServiceName();
+
+    /**
+     * Retrieve the transport which will allow sending packets; retrieving information like the session-id, remote
+     * host/port etc. which is needed by some method.
+     */
+    Transport getTransport();
+
+    /** All userauth requests need to include the username */
+    String getUsername();
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/userauth/UserAuth.java b/src/main/java/net/schmizz/sshj/userauth/UserAuth.java
new file mode 100644
index 00000000..321e9f28
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/UserAuth.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.userauth;
+
+import net.schmizz.sshj.Service;
+import net.schmizz.sshj.transport.TransportException;
+import net.schmizz.sshj.userauth.method.AuthMethod;
+
+import java.util.Deque;
+
+/**
+ * User authentication API
+ *
+ * @see rfc4252
+ */
+public interface UserAuth {
+
+    /**
+     * Attempt to authenticate {@code username} using each of {@link methods} in order. {@code nextService} is the
+     * {@link net.schmizz.sshj.Service} that will be enabled on successful authentication.
+     * <p/>
+     * Authentication fails if there are no method available, i.e. if all the method failed or there were method
+     * available but could not be attempted because the server did not allow them. In this case, a {@code
+     * UserAuthException} is thrown with its cause as the last authentication failure. Other {@code UserAuthException}'s
+     * which may have been ignored may be accessed via {@link #getSavedExceptions()}.
+     * <p/>
+     * Further attempts may also be made by catching {@code UserAuthException} and retrying with this method.
+     *
+     * @param username    the user to authenticate
+     * @param nextService the service to set on successful authentication
+     * @param methods     the {@link AuthMethod}'s to try
+     *
+     * @throws UserAuthException  in case of authentication failure
+     * @throws TransportException if there was a transport-layer error
+     */
+    void authenticate(String username, Service nextService, Iterable<AuthMethod> methods) throws UserAuthException,
+            TransportException;
+
+    /**
+     * Returns the authentication banner (if any). In some cases this is available even before the first authentication
+     * request has been made.
+     *
+     * @return the banner, or {@code null} if none was received
+     */
+    String getBanner();
+
+    /** Returns saved exceptions that might have been ignored because there were more authentication method available. */
+    Deque<UserAuthException> getSavedExceptions();
+
+    /** Returns the {@code timeout} for a method to successfully authenticate before it is abandoned. */
+    int getTimeout();
+
+    /**
+     * Returns whether authentication was partially successful. Some server's may be configured to require multiple
+     * authentications; and this value will be {@code true} if at least one of the method supplied succeeded.
+     */
+    boolean hadPartialSuccess();
+
+    /**
+     * Set the {@code timeout} for any method to successfully authenticate before it is abandoned.
+     *
+     * @param timeout the timeout in seconds
+     */
+    void setTimeout(int timeout);
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/UserAuthException.java b/src/main/java/net/schmizz/sshj/userauth/UserAuthException.java
new file mode 100644
index 00000000..50926bc9
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/UserAuthException.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.userauth;
+
+import net.schmizz.concurrent.ExceptionChainer;
+import net.schmizz.sshj.common.DisconnectReason;
+import net.schmizz.sshj.common.SSHException;
+
+/** User authentication exception */
+public class UserAuthException extends SSHException {
+
+    public static final ExceptionChainer<UserAuthException> chainer = new ExceptionChainer<UserAuthException>() {
+
+        public UserAuthException chain(Throwable t) {
+            if (t instanceof UserAuthException)
+                return (UserAuthException) t;
+            else
+                return new UserAuthException(t);
+        }
+
+    };
+
+    public UserAuthException() {
+        super();
+    }
+
+    public UserAuthException(DisconnectReason code) {
+        super(code);
+    }
+
+    public UserAuthException(DisconnectReason code, String message) {
+        super(code, message);
+    }
+
+    public UserAuthException(DisconnectReason code, String message, Throwable cause) {
+        super(code, message, cause);
+    }
+
+    public UserAuthException(DisconnectReason code, Throwable cause) {
+        super(code, cause);
+    }
+
+    public UserAuthException(String message) {
+        super(message);
+    }
+
+    public UserAuthException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public UserAuthException(Throwable cause) {
+        super(cause);
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/UserAuthProtocol.java b/src/main/java/net/schmizz/sshj/userauth/UserAuthProtocol.java
new file mode 100644
index 00000000..46cc03af
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/UserAuthProtocol.java
@@ -0,0 +1,250 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.userauth;
+
+import net.schmizz.concurrent.Event;
+import net.schmizz.sshj.AbstractService;
+import net.schmizz.sshj.Service;
+import net.schmizz.sshj.common.DisconnectReason;
+import net.schmizz.sshj.common.Message;
+import net.schmizz.sshj.common.SSHException;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.transport.Transport;
+import net.schmizz.sshj.transport.TransportException;
+import net.schmizz.sshj.userauth.method.AuthMethod;
+
+import java.util.ArrayDeque;
+import java.util.Arrays;
+import java.util.Deque;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.concurrent.TimeUnit;
+
+/** {@link UserAuth} implementation. */
+public class UserAuthProtocol extends AbstractService implements UserAuth, AuthParams {
+
+    private final Set<String> allowed = new HashSet<String>();
+
+    private final Deque<UserAuthException> savedEx = new ArrayDeque<UserAuthException>();
+
+    private final Event<UserAuthException> result = new Event<UserAuthException>("userauth result",
+            UserAuthException.chainer);
+
+    private String username;
+    private AuthMethod currentMethod;
+    private Service nextService;
+
+    private boolean firstAttempt = true;
+
+    private volatile String banner;
+    private volatile boolean partialSuccess;
+
+    public UserAuthProtocol(Transport trans) {
+        super("ssh-userauth", trans);
+    }
+
+    // synchronized for mutual exclusion; ensure one authenticate() ever in progress
+
+    public synchronized void authenticate(String username, Service nextService, Iterable<AuthMethod> methods)
+            throws UserAuthException, TransportException {
+        clearState();
+
+        this.username = username;
+        this.nextService = nextService;
+
+        // Request "ssh-userauth" service (if not already active)
+        request();
+
+        if (firstAttempt) { // Assume all allowed
+            for (AuthMethod meth : methods)
+                allowed.add(meth.getName());
+            firstAttempt = false;
+        }
+
+        try {
+
+            for (AuthMethod meth : methods)
+
+                if (allowed.contains(meth.getName())) {
+
+                    log.info("Trying `{}` auth...", meth.getName());
+
+                    boolean success = false;
+                    try {
+                        success = tryWith(meth);
+                    } catch (UserAuthException e) {
+                        // Give other method a shot
+                        saveException(e);
+                    }
+
+                    if (success) {
+                        log.info("`{}` auth successful", meth.getName());
+                        return;
+                    } else
+                        log.info("`{}` auth failed", meth.getName());
+
+                } else
+                    saveException(currentMethod.getName() + " auth not allowed by server");
+
+        } finally {
+            currentMethod = null;
+        }
+
+        log.debug("Had {} saved exception(s)", savedEx.size());
+        throw new UserAuthException("Exhausted available authentication methods", savedEx.peek());
+    }
+
+    public String getBanner() {
+        return banner;
+    }
+
+    public String getNextServiceName() {
+        return nextService.getName();
+    }
+
+    public Transport getTransport() {
+        return trans;
+    }
+
+    /**
+     * Returns the exceptions that occured during authentication process but were ignored because more method were
+     * available for trying.
+     *
+     * @return deque of saved exceptions
+     */
+    public Deque<UserAuthException> getSavedExceptions() {
+        return savedEx;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public boolean hadPartialSuccess() {
+        return partialSuccess;
+    }
+
+    @Override
+    public void handle(Message msg, SSHPacket buf) throws SSHException {
+        if (!msg.in(50, 80)) // ssh-userauth packets have message numbers between 50-80
+            throw new TransportException(DisconnectReason.PROTOCOL_ERROR);
+
+        switch (msg) {
+
+            case USERAUTH_BANNER:
+                gotBanner(buf);
+                break;
+
+            case USERAUTH_SUCCESS:
+                gotSuccess();
+                break;
+
+            case USERAUTH_FAILURE:
+                gotFailure(buf);
+                break;
+
+            default:
+                gotUnknown(msg, buf);
+
+        }
+    }
+
+    @Override
+    public void notifyError(SSHException error) {
+        super.notifyError(error);
+        result.error(error);
+    }
+
+    private void clearState() {
+        allowed.clear();
+        savedEx.clear();
+        banner = null;
+    }
+
+    private void gotBanner(SSHPacket buf) {
+        banner = buf.readString();
+    }
+
+    private void gotFailure(SSHPacket buf) throws UserAuthException, TransportException {
+        allowed.clear();
+        allowed.addAll(Arrays.<String>asList(buf.readString().split(",")));
+        partialSuccess |= buf.readBoolean();
+        if (allowed.contains(currentMethod.getName()) && currentMethod.shouldRetry())
+            currentMethod.request();
+        else {
+            saveException(currentMethod.getName() + " auth failed");
+            result.set(false);
+        }
+    }
+
+    private void gotSuccess() {
+        trans.setAuthenticated(); // So it can put delayed compression into force if applicable
+        trans.setService(nextService); // We aren't in charge anymore, next service is
+        result.set(true);
+    }
+
+    private void gotUnknown(Message msg, SSHPacket buf) throws SSHException {
+        if (currentMethod == null || result == null) {
+            trans.sendUnimplemented();
+            return;
+        }
+
+        log.debug("Asking {} method to handle {} packet", currentMethod.getName(), msg);
+        try {
+            currentMethod.handle(msg, buf);
+        } catch (UserAuthException e) {
+            result.error(e);
+        }
+    }
+
+    private void saveException(String msg) {
+        saveException(new UserAuthException(msg));
+    }
+
+    private void saveException(UserAuthException e) {
+        log.error("Saving for later - {}", e.toString());
+        savedEx.push(e);
+    }
+
+    private boolean tryWith(AuthMethod meth) throws UserAuthException, TransportException {
+        currentMethod = meth;
+        result.clear();
+        meth.init(this);
+        meth.request();
+        return result.get(timeout, TimeUnit.SECONDS);
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/keyprovider/FileKeyProvider.java b/src/main/java/net/schmizz/sshj/userauth/keyprovider/FileKeyProvider.java
new file mode 100644
index 00000000..c9e76308
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/FileKeyProvider.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.userauth.keyprovider;
+
+import net.schmizz.sshj.userauth.password.PasswordFinder;
+
+import java.io.File;
+
+/** A file key provider is initialized with a location of */
+public interface FileKeyProvider extends KeyProvider {
+
+    enum Format {
+        PKCS8, OpenSSH, Unknown
+    }
+
+    void init(File location);
+
+    void init(File location, PasswordFinder pwdf);
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyPairWrapper.java b/src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyPairWrapper.java
new file mode 100644
index 00000000..40018973
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyPairWrapper.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.userauth.keyprovider;
+
+import net.schmizz.sshj.common.KeyType;
+
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+/** A {@link KeyProvider} wrapper around {@link java.security.KeyPair} */
+public class KeyPairWrapper implements KeyProvider {
+
+    private final KeyPair kp;
+    private final KeyType type;
+
+    public KeyPairWrapper(KeyPair kp) {
+        this.kp = kp;
+        type = KeyType.fromKey(kp.getPublic());
+    }
+
+    public KeyPairWrapper(PublicKey publicKey, PrivateKey privateKey) {
+        this(new KeyPair(publicKey, privateKey));
+    }
+
+    public PrivateKey getPrivate() {
+        return kp.getPrivate();
+    }
+
+    public PublicKey getPublic() {
+        return kp.getPublic();
+    }
+
+    public KeyType getType() {
+        return type;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyProvider.java b/src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyProvider.java
new file mode 100644
index 00000000..10533acb
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyProvider.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.userauth.keyprovider;
+
+import net.schmizz.sshj.common.KeyType;
+
+import java.io.IOException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+/** A KeyProvider is a container for a public-private keypair. */
+public interface KeyProvider {
+
+    /** Returns the private key. */
+    PrivateKey getPrivate() throws IOException;
+
+    /** Returns the public key. */
+    PublicKey getPublic() throws IOException;
+
+    /** Returns the {@link KeyType}. */
+    KeyType getType() throws IOException;
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyProviderUtil.java b/src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyProviderUtil.java
new file mode 100644
index 00000000..de3e2639
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/KeyProviderUtil.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.userauth.keyprovider;
+
+import net.schmizz.sshj.common.IOUtils;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+
+public class KeyProviderUtil {
+
+    /**
+     * Attempts to detect how a key file is encoded.
+     * <p/>
+     * Return values are consistent with the {@code NamedFactory} implementations in the {@code keyprovider} package.
+     *
+     * @param location
+     *
+     * @return name of the key file format
+     *
+     * @throws java.io.IOException
+     */
+    public static FileKeyProvider.Format detectKeyFileFormat(File location) throws IOException {
+        BufferedReader br = new BufferedReader(new FileReader(location));
+        String firstLine = br.readLine();
+        IOUtils.closeQuietly(br);
+        if (firstLine == null)
+            throw new IOException("Empty file");
+        if (firstLine.startsWith("-----BEGIN") && firstLine.endsWith("PRIVATE KEY-----"))
+            if (new File(location + ".pub").exists())
+                // Can delay asking for password since have unencrypted pubkey
+                return FileKeyProvider.Format.OpenSSH;
+            else
+                // More general
+                return FileKeyProvider.Format.PKCS8;
+        /*
+         * TODO: Tectia, PuTTY (.ppk) ...
+         */
+        return FileKeyProvider.Format.OpenSSH;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/keyprovider/OpenSSHKeyFile.java b/src/main/java/net/schmizz/sshj/userauth/keyprovider/OpenSSHKeyFile.java
new file mode 100644
index 00000000..2fb47113
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/OpenSSHKeyFile.java
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.userauth.keyprovider;
+
+import net.schmizz.sshj.common.Base64;
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.KeyType;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.security.PublicKey;
+
+/**
+ * Represents an OpenSSH identity that consists of a PKCS8-encoded private key file and an unencrypted public key file
+ * of the same name with the {@code ".pub"} extension. This allows to delay requesting of the passphrase until the
+ * private key is requested.
+ *
+ * @see PKCS8KeyFile
+ */
+public class OpenSSHKeyFile extends PKCS8KeyFile {
+
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<FileKeyProvider> {
+
+        public FileKeyProvider create() {
+            return new OpenSSHKeyFile();
+        }
+
+        public String getName() {
+            return "OpenSSH";
+        }
+    }
+
+    private PublicKey pubKey;
+
+    @Override
+    public PublicKey getPublic() throws IOException {
+        return pubKey != null ? pubKey : super.getPublic();
+    }
+
+    @Override
+    public void init(File location) {
+        File f = new File(location + ".pub");
+        if (f.exists())
+            try {
+                BufferedReader br = new BufferedReader(new FileReader(f));
+                String keydata = br.readLine();
+                if (keydata != null) {
+                    String[] parts = keydata.split(" ");
+                    assert parts.length >= 2;
+                    type = KeyType.fromString(parts[0]);
+                    pubKey = new Buffer.PlainBuffer(Base64.decode(parts[1])).readPublicKey();
+                }
+                br.close();
+            } catch (IOException e) {
+                // let super provide both public & private key
+                log.warn("Error reading public key file: {}", e.toString());
+            }
+        super.init(location);
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java b/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
new file mode 100644
index 00000000..e93bd671
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
@@ -0,0 +1,148 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.userauth.keyprovider;
+
+import net.schmizz.sshj.common.IOUtils;
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.userauth.password.PasswordFinder;
+import net.schmizz.sshj.userauth.password.PasswordUtils;
+import net.schmizz.sshj.userauth.password.PrivateKeyFileResource;
+import net.schmizz.sshj.userauth.password.Resource;
+import org.bouncycastle.openssl.EncryptionException;
+import org.bouncycastle.openssl.PEMReader;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+/** Represents a PKCS8-encoded key file. This is the format used by OpenSSH and OpenSSL. */
+public class PKCS8KeyFile implements FileKeyProvider {
+
+    public static class Factory implements net.schmizz.sshj.common.Factory.Named<FileKeyProvider> {
+        public FileKeyProvider create() {
+            return new PKCS8KeyFile();
+        }
+
+        public String getName() {
+            return "PKCS8";
+        }
+    }
+
+    protected final Logger log = LoggerFactory.getLogger(getClass());
+    protected PasswordFinder pwdf;
+    protected File location;
+    protected Resource resource;
+    protected KeyPair kp;
+
+    protected KeyType type;
+
+    protected char[] passphrase; // for blanking out
+
+    public PrivateKey getPrivate() throws IOException {
+        return kp != null ? kp.getPrivate() : (kp = readKeyPair()).getPrivate();
+    }
+
+    public PublicKey getPublic() throws IOException {
+        return kp != null ? kp.getPublic() : (kp = readKeyPair()).getPublic();
+    }
+
+    public KeyType getType() throws IOException {
+        return type != null ? type : (type = KeyType.fromKey(getPublic()));
+    }
+
+    public void init(File location) {
+        assert location != null;
+        this.location = location;
+        resource = new PrivateKeyFileResource(location.getAbsolutePath());
+    }
+
+    public void init(File location, PasswordFinder pwdf) {
+        init(location);
+        this.pwdf = pwdf;
+    }
+
+    protected org.bouncycastle.openssl.PasswordFinder makeBouncyPasswordFinder() {
+        if (pwdf == null)
+            return null;
+        else
+            return new org.bouncycastle.openssl.PasswordFinder() {
+                public char[] getPassword() {
+                    return passphrase = pwdf.reqPassword(resource);
+                }
+            };
+    }
+
+    protected KeyPair readKeyPair() throws IOException {
+        KeyPair kp = null;
+        org.bouncycastle.openssl.PasswordFinder pFinder = makeBouncyPasswordFinder();
+        PEMReader r = null;
+        Object o = null;
+        try {
+            for (; ;) {
+                // while the PasswordFinder tells us we should retry
+                try {
+                    r = new PEMReader(new InputStreamReader(new FileInputStream(location)), pFinder);
+                    o = r.readObject();
+                } catch (EncryptionException e) {
+                    if (pwdf.shouldRetry(resource))
+                        continue;
+                    else
+                        throw e;
+                } finally {
+                    IOUtils.closeQuietly(r);
+                }
+                break;
+            }
+        } finally {
+            PasswordUtils.blankOut(passphrase);
+        }
+
+        if (o == null)
+            throw new IOException("Could not read key pair from: " + location);
+        if (o instanceof KeyPair)
+            kp = (KeyPair) o;
+        else
+            log.debug("Expected KeyPair, got {}", o);
+        return kp;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/method/AbstractAuthMethod.java b/src/main/java/net/schmizz/sshj/userauth/method/AbstractAuthMethod.java
new file mode 100644
index 00000000..4dd727c6
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/method/AbstractAuthMethod.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.userauth.method;
+
+import net.schmizz.sshj.common.Message;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.transport.TransportException;
+import net.schmizz.sshj.userauth.AuthParams;
+import net.schmizz.sshj.userauth.UserAuthException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/** This abstract class for {@link AuthMethod} implements common or default functionality. */
+public abstract class AbstractAuthMethod implements AuthMethod {
+
+    /** Logger */
+    protected final Logger log = LoggerFactory.getLogger(getClass());
+
+    private final String name;
+
+    /** {@link net.schmizz.sshj.userauth.AuthParams} useful for building request. */
+    protected AuthParams params;
+
+    /** Create with the {@code name} of this authentication method. */
+    protected AbstractAuthMethod(String name) {
+        this.name = name;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void handle(Message msg, SSHPacket buf) throws UserAuthException, TransportException {
+        throw new UserAuthException("Unknown packet received during " + getName() + " auth: " + msg);
+    }
+
+    public void init(AuthParams params) {
+        this.params = params;
+    }
+
+    public void request() throws UserAuthException, TransportException {
+        params.getTransport().write(buildReq());
+    }
+
+    public boolean shouldRetry() {
+        return false;
+    }
+
+    /**
+     * Builds a {@link net.schmizz.sshj.common.SSHPacket} containing the fields common to all authentication method.
+     * Method-specific fields can further be put into this buffer.
+     */
+    protected SSHPacket buildReq() throws UserAuthException {
+        return new SSHPacket(Message.USERAUTH_REQUEST) // SSH_MSG_USERAUTH_REQUEST
+                .putString(params.getUsername()) // username goes first
+                .putString(params.getNextServiceName()) // the service that we'd like on success
+                .putString(name); // name of auth method
+
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/method/AuthHostbased.java b/src/main/java/net/schmizz/sshj/userauth/method/AuthHostbased.java
new file mode 100644
index 00000000..5068cf65
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/method/AuthHostbased.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.userauth.method;
+
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.userauth.UserAuthException;
+import net.schmizz.sshj.userauth.keyprovider.KeyProvider;
+
+// TODO check if this even works...!
+
+/** Implements the {@code hostbased} SSH authentication method. */
+public class AuthHostbased extends KeyedAuthMethod {
+
+    protected final String hostname;
+    protected final String hostuser;
+
+    public AuthHostbased(KeyProvider kProv, String hostuser) {
+        this(kProv, hostuser, null);
+    }
+
+    public AuthHostbased(KeyProvider kProv, String hostuser, String hostname) {
+        super("hostbased", kProv);
+        assert hostuser != null;
+        this.hostuser = hostuser;
+        this.hostname = hostname;
+    }
+
+    @Override
+    protected SSHPacket buildReq() throws UserAuthException {
+        SSHPacket req = putPubKey(super.buildReq());
+        req.putString(hostname == null ? params.getTransport().getRemoteHost() : hostname) //
+                .putString(hostuser);
+        return putSig(req);
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/userauth/method/AuthMethod.java b/src/main/java/net/schmizz/sshj/userauth/method/AuthMethod.java
new file mode 100644
index 00000000..e79f9b7b
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/method/AuthMethod.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.userauth.method;
+
+import net.schmizz.sshj.common.SSHPacketHandler;
+import net.schmizz.sshj.transport.TransportException;
+import net.schmizz.sshj.userauth.AuthParams;
+import net.schmizz.sshj.userauth.UserAuthException;
+
+/**
+ * An authentication method of the <a href="http://www.ietf.org/rfc/rfc4252.txt">SSH Authentication Protocol</a>.
+ *
+ * @see net.schmizz.sshj.userauth.UserAuth
+ */
+public interface AuthMethod extends SSHPacketHandler {
+
+    /** Returns assigned name of this authentication method */
+    String getName();
+
+    /**
+     * Initializes this {@link AuthMethod} with the {@link net.schmizz.sshj.userauth.AuthParams parameters} needed for
+     * authentication. This method must be called before requesting authentication with this method.
+     */
+    void init(AuthParams params);
+
+    /**
+     * @throws net.schmizz.sshj.userauth.UserAuthException
+     *
+     * @throws TransportException
+     */
+    void request() throws UserAuthException, TransportException;
+
+    /** Returns whether authentication should be reattempted if it failed. */
+    boolean shouldRetry();
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/method/AuthNone.java b/src/main/java/net/schmizz/sshj/userauth/method/AuthNone.java
new file mode 100644
index 00000000..15fee28b
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/method/AuthNone.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.userauth.method;
+
+/**
+ * {@code none} auth. No authentication information is exchanged in the request packet save username and the next
+ * service requested. This method generally fails and is typically used to find out the method allowed by an SSH server
+ * (sent as part of the {@code SSH_MSG_USERAUTH_FAILURE} packet)
+ */
+public class AuthNone extends AbstractAuthMethod {
+
+    AuthNone() {
+        super("none");
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/method/AuthPassword.java b/src/main/java/net/schmizz/sshj/userauth/method/AuthPassword.java
new file mode 100644
index 00000000..11f32e1e
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/method/AuthPassword.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.userauth.method;
+
+import net.schmizz.sshj.common.Message;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.transport.TransportException;
+import net.schmizz.sshj.userauth.AuthParams;
+import net.schmizz.sshj.userauth.UserAuthException;
+import net.schmizz.sshj.userauth.password.AccountResource;
+import net.schmizz.sshj.userauth.password.PasswordFinder;
+import net.schmizz.sshj.userauth.password.Resource;
+
+/** Implements the {@code password} authentication method. Password-change request handling is not currently supported. */
+public class AuthPassword extends AbstractAuthMethod {
+
+    private final PasswordFinder pwdf;
+    private Resource resource;
+
+    public AuthPassword(PasswordFinder pwdf) {
+        super("password");
+        this.pwdf = pwdf;
+
+    }
+
+    @Override
+    public void init(AuthParams params) {
+        super.init(params);
+        resource = new AccountResource(params.getUsername(), params.getTransport().getRemoteHost());
+    }
+
+    @Override
+    public SSHPacket buildReq() throws UserAuthException {
+        log.info("Requesting password for " + resource);
+        char[] password = pwdf.reqPassword(resource);
+        if (password == null)
+            throw new UserAuthException("Was given null password for " + resource);
+        else
+            return super.buildReq() // the generic stuff
+                    .putBoolean(false) // no, we are not responding to a CHANGEREQ
+                    .putPassword(password);
+    }
+
+    @Override
+    public void handle(Message cmd, SSHPacket buf) throws UserAuthException, TransportException {
+        if (cmd == Message.USERAUTH_60)
+            throw new UserAuthException("Password change request received; unsupported operation");
+        else
+            super.handle(cmd, buf);
+    }
+
+    /**
+     * Returns {@code true} if the associated {@link PasswordFinder} tells that we should retry with a new password that
+     * it will supply.
+     */
+    @Override
+    public boolean shouldRetry() {
+        return pwdf.shouldRetry(resource);
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/userauth/method/AuthPublickey.java b/src/main/java/net/schmizz/sshj/userauth/method/AuthPublickey.java
new file mode 100644
index 00000000..c4e513f4
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/method/AuthPublickey.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.userauth.method;
+
+import net.schmizz.sshj.common.Message;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.transport.TransportException;
+import net.schmizz.sshj.userauth.UserAuthException;
+import net.schmizz.sshj.userauth.keyprovider.KeyProvider;
+
+import java.io.IOException;
+
+/**
+ * Implements the {@code "publickey"} SSH authentication method.
+ * <p/>
+ * Requesteing authentication with this method first sends a "feeler" request with just the public key, and if the
+ * server responds with {@code SSH_MSG_USERAUTH_PK_OK} indicating that the key is acceptable, it proceeds to send a
+ * request signed with the private key. Therefore, private keys are not requested from the associated {@link
+ * KeyProvider} unless needed.
+ */
+public class AuthPublickey extends KeyedAuthMethod {
+
+    /** Initialize this method with the provider for public and private key. */
+    public AuthPublickey(KeyProvider kProv) {
+        super("publickey", kProv);
+    }
+
+    /** Internal use. */
+    @Override
+    public void handle(Message cmd, SSHPacket buf) throws UserAuthException, TransportException {
+        if (cmd == Message.USERAUTH_60)
+            sendSignedReq();
+        else
+            super.handle(cmd, buf);
+    }
+
+    /**
+     * Builds SSH_MSG_USERAUTH_REQUEST packet.
+     *
+     * @param signed whether the request packet will contain signature
+     *
+     * @return the {@link SSHPacket} containing the request packet
+     *
+     * @throws UserAuthException
+     */
+    private SSHPacket buildReq(boolean signed) throws UserAuthException {
+        try {
+            kProv.getPublic();
+        } catch (IOException ioe) {
+            throw new UserAuthException("Problem getting public key", ioe);
+        }
+        return putPubKey(super.buildReq().putBoolean(signed));
+    }
+
+    /**
+     * Send SSH_MSG_USERAUTH_REQUEST containing the signature.
+     *
+     * @throws UserAuthException
+     * @throws TransportException
+     */
+    private void sendSignedReq() throws UserAuthException, TransportException {
+        log.debug("Sending signed request");
+        params.getTransport().write(putSig(buildReq(true)));
+    }
+
+    /** Builds a feeler request (sans signature). */
+    @Override
+    protected SSHPacket buildReq() throws UserAuthException {
+        return buildReq(false);
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/method/KeyedAuthMethod.java b/src/main/java/net/schmizz/sshj/userauth/method/KeyedAuthMethod.java
new file mode 100644
index 00000000..4bd093e1
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/method/KeyedAuthMethod.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file may incorporate work covered by the following copyright and
+ * permission notice:
+ *
+ *     Licensed to the Apache Software Foundation (ASF) under one
+ *     or more contributor license agreements.  See the NOTICE file
+ *     distributed with this work for additional information
+ *     regarding copyright ownership.  The ASF licenses this file
+ *     to you under the Apache License, Version 2.0 (the
+ *     "License"); you may not use this file except in compliance
+ *     with the License.  You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *      Unless required by applicable law or agreed to in writing,
+ *      software distributed under the License is distributed on an
+ *      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *      KIND, either express or implied.  See the License for the
+ *      specific language governing permissions and limitations
+ *      under the License.
+ */
+package net.schmizz.sshj.userauth.method;
+
+import net.schmizz.sshj.common.Buffer;
+import net.schmizz.sshj.common.Factory;
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.common.SSHPacket;
+import net.schmizz.sshj.signature.Signature;
+import net.schmizz.sshj.userauth.UserAuthException;
+import net.schmizz.sshj.userauth.keyprovider.KeyProvider;
+
+import java.io.IOException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+public abstract class KeyedAuthMethod extends AbstractAuthMethod {
+    protected KeyProvider kProv;
+
+    public KeyedAuthMethod(String name, KeyProvider kProv) {
+        super(name);
+        this.kProv = kProv;
+    }
+
+    protected SSHPacket putPubKey(SSHPacket reqBuf) throws UserAuthException {
+        PublicKey key;
+        try {
+            key = kProv.getPublic();
+        } catch (IOException ioe) {
+            throw new UserAuthException("Problem getting public key", ioe);
+        }
+
+        // public key as 2 strings: [ key type | key blob ]
+        reqBuf.putString(KeyType.fromKey(key).toString())
+                .putString(new Buffer.PlainBuffer().putPublicKey(key).getCompactData());
+
+        return reqBuf;
+    }
+
+    protected SSHPacket putSig(SSHPacket reqBuf) throws UserAuthException {
+        PrivateKey key;
+        try {
+            key = kProv.getPrivate();
+        } catch (IOException ioe) {
+            throw new UserAuthException("Problem getting private key", ioe);
+        }
+
+        final String kt = KeyType.fromKey(key).toString();
+        Signature sigger = Factory.Named.Util.create(params.getTransport().getConfig().getSignatureFactories(), kt);
+        if (sigger == null)
+            throw new UserAuthException("Could not create signature instance for " + kt + " key");
+
+        sigger.init(null, key);
+        sigger.update(new Buffer.PlainBuffer().putString(params.getTransport().getSessionID()) //
+                .putBuffer(reqBuf) // & rest of the data for sig
+                .getCompactData());
+        reqBuf.putSignature(kt, sigger.sign());
+        return reqBuf;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/password/AccountResource.java b/src/main/java/net/schmizz/sshj/userauth/password/AccountResource.java
new file mode 100644
index 00000000..cd828907
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/password/AccountResource.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.userauth.password;
+
+public class AccountResource extends Resource<String> {
+
+    public AccountResource(String user, String host) {
+        super(user + "@" + host);
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/password/PasswordFinder.java b/src/main/java/net/schmizz/sshj/userauth/password/PasswordFinder.java
new file mode 100644
index 00000000..c4db7fab
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/password/PasswordFinder.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.userauth.password;
+
+/** An interface for servicing requests for plaintext passwords. */
+public interface PasswordFinder {
+
+    /**
+     * Request password for specified resource.
+     * <p/>
+     * This method may return {@code null} when the request cannot be serviced, e.g. when the user cancels a password
+     * prompt. The consequences of returning {@code null} are specific to the requestor.
+     *
+     * @param resource the resource for which password is being requested
+     *
+     * @return the password or {@code null}
+     */
+    char[] reqPassword(Resource<?> resource);
+
+    /**
+     * If password turns out to be incorrect, indicates whether another call to {@link #reqPassword(Resource)} should be
+     * made.
+     * <p/>
+     * This method is geared at interactive implementations, and stub implementations may simply return {@code false}.
+     *
+     * @param resource
+     *
+     * @return whether to retry requesting password for a particular resource
+     */
+    boolean shouldRetry(Resource<?> resource);
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/password/PasswordUtils.java b/src/main/java/net/schmizz/sshj/userauth/password/PasswordUtils.java
new file mode 100644
index 00000000..f8ffbad0
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/password/PasswordUtils.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.userauth.password;
+
+import java.util.Arrays;
+import java.util.Map;
+
+/** Static utility method and factories */
+public class PasswordUtils {
+
+    /**
+     * Blank out a character array
+     *
+     * @param pwd the character array
+     */
+    public static void blankOut(char[] pwd) {
+        if (pwd != null)
+            Arrays.fill(pwd, ' ');
+    }
+
+    /**
+     * @param password the password as a char[]
+     *
+     * @return the constructed {@link net.schmizz.sshj.userauth.password.PasswordFinder}
+     */
+    public static PasswordFinder createOneOff(final char[] password) {
+        if (password == null)
+            return null;
+        else
+            return new PasswordFinder() {
+                public char[] reqPassword(Resource<?> resource) {
+                    char[] cloned = password.clone();
+                    blankOut(password);
+                    return cloned;
+                }
+
+                public boolean shouldRetry(Resource<?> resource) {
+                    return false;
+                }
+            };
+    }
+
+    public static PasswordFinder createResourceBased(final Map<Resource<?>, String> passwordMap) {
+        return new PasswordFinder() {
+            public char[] reqPassword(Resource<?> resource) {
+                return passwordMap.get(resource).toCharArray();
+            }
+
+            public boolean shouldRetry(Resource<?> resource) {
+                return false;
+            }
+
+        };
+    }
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/password/PrivateKeyFileResource.java b/src/main/java/net/schmizz/sshj/userauth/password/PrivateKeyFileResource.java
new file mode 100644
index 00000000..c34cd340
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/password/PrivateKeyFileResource.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.userauth.password;
+
+public class PrivateKeyFileResource extends Resource<String> {
+
+    public PrivateKeyFileResource(String path) {
+        super(path);
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/userauth/password/Resource.java b/src/main/java/net/schmizz/sshj/userauth/password/Resource.java
new file mode 100644
index 00000000..a8e00436
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/userauth/password/Resource.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.userauth.password;
+
+/** A password-protected resource */
+public abstract class Resource<H> {
+
+    private final H detail;
+
+    public Resource(H handle) {
+        this.detail = handle;
+    }
+
+    public H getDetail() {
+        return detail;
+    }
+
+    @Override
+    public String toString() {
+        return "[" + getClass().getSimpleName() + "] " + detail;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/xfer/AbstractFileTransfer.java b/src/main/java/net/schmizz/sshj/xfer/AbstractFileTransfer.java
new file mode 100644
index 00000000..75c8fd52
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/xfer/AbstractFileTransfer.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.xfer;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public abstract class AbstractFileTransfer {
+
+    /** Logger */
+    protected final Logger log = LoggerFactory.getLogger(getClass());
+
+    public static final ModeGetter defaultModeGetter = new DefaultModeGetter();
+    public static final ModeSetter defaultModeSetter = new DefaultModeSetter();
+
+    private volatile ModeGetter modeGetter = defaultModeGetter;
+    private volatile ModeSetter modeSetter = defaultModeSetter;
+
+    public void setModeGetter(ModeGetter modeGetter) {
+        this.modeGetter = (modeGetter == null) ? defaultModeGetter : modeGetter;
+    }
+
+    public ModeGetter getModeGetter() {
+        return this.modeGetter;
+    }
+
+    public void setModeSetter(ModeSetter modeSetter) {
+        this.modeSetter = (modeSetter == null) ? defaultModeSetter : modeSetter;
+    }
+
+    public ModeSetter getModeSetter() {
+        return this.modeSetter;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/xfer/DefaultModeGetter.java b/src/main/java/net/schmizz/sshj/xfer/DefaultModeGetter.java
new file mode 100644
index 00000000..ed124a73
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/xfer/DefaultModeGetter.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.xfer;
+
+import java.io.File;
+import java.io.IOException;
+
+/**
+ * Default implementation of {@link ModeGetter} that supplies file permissions as {@code "0644"}, directory permissions
+ * as {@code "0755"}, and does not supply mtime and atime.
+ */
+public class DefaultModeGetter implements ModeGetter {
+
+    public long getLastAccessTime(File f) {
+        return 0;
+    }
+
+    public long getLastModifiedTime(File f) {
+        // return f.lastModified() / 1000;
+        return 0;
+    }
+
+    public int getPermissions(File f) throws IOException {
+        if (f.isDirectory())
+            return 0755;
+        else if (f.isFile())
+            return 0644;
+        else
+            throw new IOException("Unsupported file type: " + f);
+    }
+
+    public boolean preservesTimes() {
+        return false;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/xfer/DefaultModeSetter.java b/src/main/java/net/schmizz/sshj/xfer/DefaultModeSetter.java
new file mode 100644
index 00000000..995791d6
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/xfer/DefaultModeSetter.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.xfer;
+
+import java.io.File;
+import java.io.IOException;
+
+
+/** Default implementation of {@link ModeSetter} that does not set any permissions or preserve mtime and atime. */
+public class DefaultModeSetter implements ModeSetter {
+
+    public void setLastAccessedTime(File f, long t) throws IOException {
+        // can't do ntn
+    }
+
+    public void setLastModifiedTime(File f, long t) throws IOException {
+        // f.setLastModified(t * 1000);
+    }
+
+    public void setPermissions(File f, int perms) throws IOException {
+        // TODO: set user's rwx permissions; can't do anything about group and world
+    }
+
+    public boolean preservesTimes() {
+        return false;
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/xfer/FilePermission.java b/src/main/java/net/schmizz/sshj/xfer/FilePermission.java
new file mode 100644
index 00000000..8450a737
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/xfer/FilePermission.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.xfer;
+
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+
+public enum FilePermission {
+
+    /** read permission, owner */
+    USR_R(00400),
+    /** write permission, owner */
+    USR_W(00200),
+    /** execute/search permission, owner */
+    USR_X(00100),
+    /** read permission, group */
+    GRP_R(00040),
+    /** write permission, group */
+    GRP_W(00020),
+    /** execute/search permission, group */
+    GRP_X(00010),
+    /** read permission, others */
+    OTH_R(00004),
+    /** write permission, others */
+    OTH_W(00002),
+    /** execute/search permission, group */
+    OTH_X(00001),
+    /** set-user-ID on execution */
+    SUID(04000),
+    /** set-group-ID on execution */
+    SGID(02000),
+    /** on directories, restricted deletion flag */
+    STICKY(01000),
+    // Composite:
+    /** read, write, execute/search by user */
+    USR_RWX(USR_R, USR_W, USR_X),
+    /** read, write, execute/search by group */
+    GRP_RWX(GRP_R, GRP_W, GRP_X),
+    /** read, write, execute/search by other */
+    OTH_RWX(OTH_R, OTH_W, OTH_X);
+
+    private final int val;
+
+    private FilePermission(int val) {
+        this.val = val;
+    }
+
+    private FilePermission(FilePermission... perms) {
+        int val = 0;
+        for (FilePermission perm : perms)
+            val |= perm.val;
+        this.val = val;
+    }
+
+    public static Set<FilePermission> fromMask(int mask) {
+        List<FilePermission> perms = new LinkedList<FilePermission>();
+        for (FilePermission p : FilePermission.values())
+            if ((mask & p.val) == p.val)
+                perms.add(p);
+        return new HashSet<FilePermission>(perms);
+    }
+
+    public static int toMask(Set<FilePermission> perms) {
+        int mask = 0;
+        for (FilePermission p : perms)
+            mask |= p.val;
+        return mask;
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/xfer/FileTransfer.java b/src/main/java/net/schmizz/sshj/xfer/FileTransfer.java
new file mode 100644
index 00000000..0e4a69da
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/xfer/FileTransfer.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.xfer;
+
+import java.io.IOException;
+
+public interface FileTransfer {
+
+    void upload(String localPath, String remotePath) throws IOException;
+
+    void download(String remotePath, String localPath) throws IOException;
+
+    ModeGetter getModeGetter();
+
+    void setModeGetter(ModeGetter modeGetter);
+
+    ModeSetter getModeSetter();
+
+    void setModeSetter(ModeSetter modeSetter);
+
+}
diff --git a/src/main/java/net/schmizz/sshj/xfer/FileTransferUtil.java b/src/main/java/net/schmizz/sshj/xfer/FileTransferUtil.java
new file mode 100644
index 00000000..20cedb3c
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/xfer/FileTransferUtil.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.xfer;
+
+import java.io.File;
+import java.io.IOException;
+
+public class FileTransferUtil {
+
+    public static File getTargetDirectory(File f, String dirname) throws IOException {
+        if (f.exists())
+            if (f.isDirectory()) {
+                if (!f.getName().equals(dirname))
+                    f = new File(f, dirname);
+            } else
+                throw new IOException(f + " - already exists as a file; directory required");
+
+        if (!f.exists() && !f.mkdir())
+            throw new IOException("Failed to create directory: " + f);
+
+        return f;
+    }
+
+    public static File getTargetFile(File f, String filename) throws IOException {
+        if (f.isDirectory())
+            f = new File(f, filename);
+
+        if (!f.exists()) {
+            if (!f.createNewFile())
+                throw new IOException("Could not create: " + f);
+        } else if (f.isDirectory())
+            throw new IOException("A directory by the same name already exists: " + f);
+
+        return f;
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/xfer/ModeGetter.java b/src/main/java/net/schmizz/sshj/xfer/ModeGetter.java
new file mode 100644
index 00000000..d422fd63
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/xfer/ModeGetter.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.xfer;
+
+import java.io.File;
+import java.io.IOException;
+
+/** An interface for retrieving information about file permissions and times. */
+public interface ModeGetter {
+
+    /**
+     * Returns last access time for {@code f}.
+     *
+     * @param f the file
+     *
+     * @return time in seconds since Unix epoch
+     *
+     * @throws IOException
+     */
+    long getLastAccessTime(File f) throws IOException;
+
+    /**
+     * Returns last modified time for {@code f}.
+     *
+     * @param f the file
+     *
+     * @return time in seconds since Unix epoch
+     *
+     * @throws IOException
+     */
+    long getLastModifiedTime(File f) throws IOException;
+
+    /**
+     * Returns the permissions for {@code f}.
+     *
+     * @param f the file
+     *
+     * @return permissions in octal format, e.g. 0644
+     *
+     * @throws IOException
+     */
+    int getPermissions(File f) throws IOException;
+
+    /** Whether this implementation can provide mtime and atime information. */
+    boolean preservesTimes();
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/xfer/ModeSetter.java b/src/main/java/net/schmizz/sshj/xfer/ModeSetter.java
new file mode 100644
index 00000000..b4a7d406
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/xfer/ModeSetter.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.xfer;
+
+import java.io.File;
+import java.io.IOException;
+
+/** An interface for setting file permissions and times. */
+public interface ModeSetter {
+
+    /**
+     * Set the last access time for {@code f}.
+     *
+     * @param f the file
+     * @param t time in seconds since Unix epoch
+     *
+     * @throws IOException
+     */
+    void setLastAccessedTime(File f, long t) throws IOException;
+
+    /**
+     * Set the last modified time for {@code f}.
+     *
+     * @param f the file
+     * @param t time in seconds since Unix epoch
+     *
+     * @throws IOException
+     */
+    void setLastModifiedTime(File f, long t) throws IOException;
+
+    /**
+     * Set the permissions for {@code f}.
+     *
+     * @param f     the file
+     * @param perms permissions in octal format, e.g. "644"
+     *
+     * @throws IOException
+     */
+    void setPermissions(File f, int perms) throws IOException;
+
+    /** Whether this implementation is interested in preserving mtime and atime. */
+    boolean preservesTimes();
+
+}
diff --git a/src/main/java/net/schmizz/sshj/xfer/scp/SCPDownloadClient.java b/src/main/java/net/schmizz/sshj/xfer/scp/SCPDownloadClient.java
new file mode 100644
index 00000000..426dabbb
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/xfer/scp/SCPDownloadClient.java
@@ -0,0 +1,188 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.xfer.scp;
+
+import net.schmizz.sshj.common.IOUtils;
+import net.schmizz.sshj.common.SSHException;
+import net.schmizz.sshj.connection.channel.direct.SessionFactory;
+import net.schmizz.sshj.xfer.FileTransferUtil;
+import net.schmizz.sshj.xfer.ModeSetter;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.util.LinkedList;
+import java.util.List;
+
+/** Support for uploading files over a connected {@link net.schmizz.sshj.SSHClient} link using SCP. */
+public final class SCPDownloadClient extends SCPEngine {
+
+    private final ModeSetter modeSetter;
+
+    private boolean recursive = true;
+
+    SCPDownloadClient(SessionFactory host, ModeSetter modeSetter) {
+        super(host);
+        this.modeSetter = modeSetter;
+    }
+
+    /** Download a file from {@code sourcePath} on the connected host to {@code targetPath} locally. */
+    @Override
+    public synchronized int copy(String sourcePath, String targetPath) throws IOException {
+        return super.copy(sourcePath, targetPath);
+    }
+
+    public boolean getRecursive() {
+        return recursive;
+    }
+
+    public void setRecursive(boolean recursive) {
+        this.recursive = recursive;
+    }
+
+    @Override
+    void startCopy(String sourcePath, String targetPath) throws IOException {
+        init(sourcePath);
+
+        signal("Start status OK");
+
+        String msg = readMessage(true);
+        do
+            process(null, msg, new File(targetPath));
+        while ((msg = readMessage(false)) != null);
+    }
+
+    private void init(String source) throws SSHException {
+        List<Arg> args = new LinkedList<Arg>();
+        args.add(Arg.SOURCE);
+        args.add(Arg.QUIET);
+        if (recursive)
+            args.add(Arg.RECURSIVE);
+        if (modeSetter.preservesTimes())
+            args.add(Arg.PRESERVE_TIMES);
+        execSCPWith(args, source);
+    }
+
+    private long parseLong(String longString, String valType) throws SCPException {
+        try {
+            return Long.parseLong(longString);
+        } catch (NumberFormatException nfe) {
+            throw new SCPException("Could not parse " + valType + " from `" + longString + "`", nfe);
+        }
+    }
+
+    /* e.g. "C0644" -> 0644; "D0755" -> 0755 */
+
+    private int parsePermissions(String cmd) throws SCPException {
+        if (cmd.length() != 5)
+            throw new SCPException("Could not parse permissions from `" + cmd + "`");
+        return Integer.parseInt(cmd.substring(1), 8);
+    }
+
+    private void prepare(File f, int perms, String tMsg) throws IOException {
+        modeSetter.setPermissions(f, perms);
+
+        if (tMsg != null && modeSetter.preservesTimes()) {
+            String[] tMsgParts = tokenize(tMsg, 4); // e.g. T<mtime> 0 <atime> 0
+            modeSetter.setLastModifiedTime(f, parseLong(tMsgParts[0].substring(1), "last modified time"));
+            modeSetter.setLastAccessedTime(f, parseLong(tMsgParts[2], "last access time"));
+        }
+    }
+
+    private boolean process(String bufferedTMsg, String msg, File f) throws IOException {
+        if (msg.length() < 1)
+            throw new SCPException("Could not parse message `" + msg + "`");
+
+        switch (msg.charAt(0)) {
+
+            case 'T':
+                signal("ACK: T");
+                process(msg, readMessage(true), f);
+                break;
+
+            case 'C':
+                processFile(msg, bufferedTMsg, f);
+                break;
+
+            case 'D':
+                processDirectory(msg, bufferedTMsg, f);
+                break;
+
+            case 'E':
+                return true;
+
+            case (char) 1:
+                addWarning(msg.substring(1));
+                break;
+
+            case (char) 2:
+                throw new SCPException("Remote SCP command returned error: " + msg.substring(1));
+
+            default:
+                String err = "Unrecognized message: `" + msg + "`";
+                sendMessage((char) 2 + err);
+                throw new SCPException(err);
+        }
+
+        return false;
+    }
+
+    private void processDirectory(String dMsg, String tMsg, File f) throws IOException {
+        String[] dMsgParts = tokenize(dMsg, 3); // e.g. D0755 0 <dirname>
+
+        long length = parseLong(dMsgParts[1], "dir length");
+        if (length != 0)
+            throw new IOException("Remote SCP command sent strange directory length: " + length);
+
+        f = FileTransferUtil.getTargetDirectory(f, dMsgParts[2]);
+        prepare(f, parsePermissions(dMsgParts[0]), tMsg);
+
+        signal("ACK: D");
+
+        do {
+            ;
+        } while (!process(null, readMessage(), f));
+
+        signal("ACK: E");
+    }
+
+    private void processFile(String cMsg, String tMsg, File f) throws IOException {
+        String[] cMsgParts = tokenize(cMsg, 3);
+
+        long length = parseLong(cMsgParts[1], "length");
+
+        f = FileTransferUtil.getTargetFile(f, cMsgParts[2]);
+        prepare(f, parsePermissions(cMsgParts[0]), tMsg);
+
+        signal("Remote can start transfer");
+        final FileOutputStream fos = new FileOutputStream(f);
+        try {
+            transfer(scp.getInputStream(), fos, scp.getLocalMaxPacketSize(), length);
+        } finally {
+            IOUtils.closeQuietly(fos);
+        }
+        check("Remote agrees transfer done");
+        signal("Transfer done");
+    }
+
+    private String[] tokenize(String msg, int numPartsExpected) throws IOException {
+        String[] parts = msg.split(" ");
+        if (parts.length != numPartsExpected)
+            throw new IOException("Could not parse message received from remote SCP: " + msg);
+        return parts;
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/xfer/scp/SCPEngine.java b/src/main/java/net/schmizz/sshj/xfer/scp/SCPEngine.java
new file mode 100644
index 00000000..92fcb9dc
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/xfer/scp/SCPEngine.java
@@ -0,0 +1,201 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.xfer.scp;
+
+import net.schmizz.sshj.common.IOUtils;
+import net.schmizz.sshj.common.SSHException;
+import net.schmizz.sshj.connection.channel.direct.Session.Command;
+import net.schmizz.sshj.connection.channel.direct.SessionFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Queue;
+
+/** @see <a href="http://blogs.sun.com/janp/entry/how_the_scp_protocol_works">SCP Protocol</a> */
+abstract class SCPEngine {
+
+    static enum Arg {
+        SOURCE('f'), SINK('t'), RECURSIVE('r'), VERBOSE('v'), PRESERVE_TIMES('p'), QUIET('q');
+
+        private final char a;
+
+        private Arg(char a) {
+            this.a = a;
+        }
+
+        @Override
+        public String toString() {
+            return "-" + a;
+        }
+    }
+
+    static final String SCP_COMMAND = "scp";
+
+    static final char LF = '\n';
+
+    final Logger log = LoggerFactory.getLogger(getClass());
+
+    final SessionFactory host;
+    final Queue<String> warnings = new LinkedList<String>();
+
+    Command scp;
+    int exitStatus;
+
+    SCPEngine(SessionFactory host) {
+        this.host = host;
+    }
+
+    public int copy(String sourcePath, String targetPath) throws IOException {
+        cleanSlate();
+        try {
+            startCopy(sourcePath, targetPath);
+        } finally {
+            exit();
+        }
+        return exitStatus;
+    }
+
+    public int getExitStatus() {
+        return exitStatus;
+    }
+
+    public Queue<String> getWarnings() {
+        return warnings;
+    }
+
+    public boolean hadWarnings() {
+        return !warnings.isEmpty();
+    }
+
+    void addWarning(String warning) {
+        log.warn(warning);
+        warnings.add(warning);
+    }
+
+    void check(String what) throws IOException {
+        int code = scp.getInputStream().read();
+        switch (code) {
+            case -1:
+                String stderr = scp.getErrorAsString();
+                if (!stderr.isEmpty())
+                    stderr = ". Additional info: `" + stderr + "`";
+                throw new SCPException("EOF while expecting response to protocol message" + stderr);
+            case 0: // OK
+                log.debug(what);
+                return;
+            case 1:
+                addWarning(readMessage());
+                break;
+            case 2:
+                throw new SCPException("Remote SCP command had error: " + readMessage());
+            default:
+                throw new SCPException("Received unknown response code");
+        }
+    }
+
+    void cleanSlate() {
+        exitStatus = -1;
+        warnings.clear();
+    }
+
+    void execSCPWith(List<Arg> args, String path) throws SSHException {
+        StringBuilder cmd = new StringBuilder(SCP_COMMAND);
+        for (Arg arg : args)
+            cmd.append(" ").append(arg);
+        cmd.append(" ").append((path == null || path.equals("")) ? "." : path);
+        scp = host.startSession().exec(cmd.toString());
+    }
+
+    void exit() {
+        if (scp != null) {
+
+            IOUtils.closeQuietly(scp);
+
+            if (scp.getExitStatus() != null) {
+                exitStatus = scp.getExitStatus();
+                if (scp.getExitStatus() != 0)
+                    log.warn("SCP exit status: {}", scp.getExitStatus());
+            } else
+                exitStatus = -1;
+
+            if (scp.getExitSignal() != null)
+                log.warn("SCP exit signal: {}", scp.getExitSignal());
+        }
+
+        scp = null;
+    }
+
+    String readMessage() throws IOException {
+        return readMessage(true);
+    }
+
+    String readMessage(boolean errOnEOF) throws IOException {
+        StringBuilder sb = new StringBuilder();
+        int x;
+        while ((x = scp.getInputStream().read()) != LF)
+            if (x == -1) {
+                if (errOnEOF)
+                    throw new IOException("EOF while reading message");
+                else
+                    return null;
+            } else
+                sb.append((char) x);
+        log.debug("Read message: {}", sb);
+        return sb.toString();
+    }
+
+    void sendMessage(String msg) throws IOException {
+        log.debug("Sending message: {}", msg);
+        scp.getOutputStream().write((msg + LF).getBytes());
+        scp.getOutputStream().flush();
+        check("Message ACK received");
+    }
+
+    void signal(String what) throws IOException {
+        log.debug("Signalling: {}", what);
+        scp.getOutputStream().write(0);
+        scp.getOutputStream().flush();
+    }
+
+    abstract void startCopy(String sourcePath, String targetPath) throws IOException;
+
+    void transfer(InputStream in, OutputStream out, int bufSize, long len) throws IOException {
+        final byte[] buf = new byte[bufSize];
+        long count = 0;
+        int read = 0;
+
+        final long startTime = System.currentTimeMillis();
+
+        while (count < len && (read = in.read(buf, 0, (int) Math.min(bufSize, len - count))) != -1) {
+            out.write(buf, 0, read);
+            count += read;
+        }
+        out.flush();
+
+        final double sizeKiB = count / 1024.0;
+        final double timeSeconds = (System.currentTimeMillis() - startTime) / 1000.0;
+        log.info(sizeKiB + " KiB transferred  in {} seconds ({} KiB/s)", timeSeconds, (sizeKiB / timeSeconds));
+
+        if (read == -1)
+            throw new IOException("Had EOF before transfer completed");
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/xfer/scp/SCPException.java b/src/main/java/net/schmizz/sshj/xfer/scp/SCPException.java
new file mode 100644
index 00000000..93d4812b
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/xfer/scp/SCPException.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.xfer.scp;
+
+import net.schmizz.sshj.common.SSHException;
+
+public class SCPException extends SSHException {
+    public SCPException(String message) {
+        super(message);
+    }
+
+    public SCPException(String message, Throwable cause) {
+        super(message, cause);
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/net/schmizz/sshj/xfer/scp/SCPFileTransfer.java b/src/main/java/net/schmizz/sshj/xfer/scp/SCPFileTransfer.java
new file mode 100644
index 00000000..07cea3b3
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/xfer/scp/SCPFileTransfer.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.xfer.scp;
+
+import net.schmizz.sshj.connection.channel.direct.SessionFactory;
+import net.schmizz.sshj.xfer.AbstractFileTransfer;
+import net.schmizz.sshj.xfer.FileTransfer;
+
+import java.io.IOException;
+
+public class SCPFileTransfer extends AbstractFileTransfer implements FileTransfer {
+    private final SessionFactory sessionFactory;
+
+    public SCPFileTransfer(SessionFactory sessionFactory) {
+        this.sessionFactory = sessionFactory;
+    }
+
+    public SCPDownloadClient newSCPDownloadClient() {
+        return new SCPDownloadClient(sessionFactory, getModeSetter());
+    }
+
+    public SCPUploadClient newSCPUploadClient() {
+        return new SCPUploadClient(sessionFactory, getModeGetter());
+    }
+
+    public void download(String remotePath, String localPath) throws IOException {
+        newSCPDownloadClient().copy(remotePath, localPath);
+    }
+
+    public void upload(String localPath, String remotePath) throws IOException {
+        newSCPUploadClient().copy(localPath, remotePath);
+    }
+
+}
diff --git a/src/main/java/net/schmizz/sshj/xfer/scp/SCPUploadClient.java b/src/main/java/net/schmizz/sshj/xfer/scp/SCPUploadClient.java
new file mode 100644
index 00000000..8deabb0e
--- /dev/null
+++ b/src/main/java/net/schmizz/sshj/xfer/scp/SCPUploadClient.java
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.schmizz.sshj.xfer.scp;
+
+import net.schmizz.sshj.common.IOUtils;
+import net.schmizz.sshj.common.SSHException;
+import net.schmizz.sshj.connection.channel.direct.SessionFactory;
+import net.schmizz.sshj.xfer.ModeGetter;
+
+import java.io.File;
+import java.io.FileFilter;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.LinkedList;
+import java.util.List;
+
+/** Support for uploading files over a connected link using SCP. */
+public final class SCPUploadClient extends SCPEngine {
+
+    private final ModeGetter modeGetter;
+
+    private FileFilter fileFilter;
+
+    SCPUploadClient(SessionFactory host, ModeGetter modeGetter) {
+        super(host);
+        this.modeGetter = modeGetter;
+    }
+
+    /** Upload a file from {@code sourcePath} locally to {@code targetPath} on the remote host. */
+    @Override
+    public synchronized int copy(String sourcePath, String targetPath) throws IOException {
+        return super.copy(sourcePath, targetPath);
+    }
+
+    public void setFileFilter(FileFilter fileFilter) {
+        this.fileFilter = fileFilter;
+    }
+
+    @Override
+    protected synchronized void startCopy(String sourcePath, String targetPath) throws IOException {
+        init(targetPath);
+        check("Start status OK");
+        process(new File(sourcePath));
+    }
+
+    private File[] getChildren(File f) throws IOException {
+        File[] files = fileFilter == null ? f.listFiles() : f.listFiles(fileFilter);
+        if (files == null)
+            throw new IOException("Error listing files in directory: " + f);
+        return files;
+    }
+
+    private void init(String target) throws SSHException {
+        List<Arg> args = new LinkedList<Arg>();
+        args.add(Arg.SINK);
+        args.add(Arg.RECURSIVE);
+        if (modeGetter.preservesTimes())
+            args.add(Arg.PRESERVE_TIMES);
+        execSCPWith(args, target);
+    }
+
+    private void process(File f) throws IOException {
+        if (f.isDirectory())
+            sendDirectory(f);
+        else if (f.isFile())
+            sendFile(f);
+        else
+            throw new IOException(f + " is not a regular file or directory");
+    }
+
+    private void sendDirectory(File f) throws IOException {
+        log.info("Entering directory `{}`", f.getName());
+        preserveTimeIfPossible(f);
+        sendMessage("D0" + getPermString(f) + " 0 " + f.getName());
+
+        for (File child : getChildren(f))
+            process(child);
+
+        sendMessage("E");
+        log.info("Exiting directory `{}`", f.getName());
+    }
+
+    private void sendFile(File f) throws IOException {
+        log.info("Sending `{}`...", f.getName());
+        preserveTimeIfPossible(f);
+        final InputStream src = new FileInputStream(f);
+        try {
+            sendMessage("C0" + getPermString(f) + " " + f.length() + " " + f.getName());
+            transfer(src, scp.getOutputStream(), scp.getRemoteMaxPacketSize(), f.length());
+            signal("Transfer done");
+            check("Remote agrees transfer done");
+        } finally {
+            IOUtils.closeQuietly(src);
+        }
+    }
+
+    private void preserveTimeIfPossible(File f) throws IOException {
+        if (modeGetter.preservesTimes())
+            sendMessage("T" + modeGetter.getLastModifiedTime(f) + " 0 " + modeGetter.getLastAccessTime(f) + " 0");
+    }
+
+    private String getPermString(File f) throws IOException {
+        return Integer.toOctalString(modeGetter.getPermissions(f) & 07777);
+    }
+
+}
diff --git a/src/test/java/net/schmizz/sshj/SmokeTest.java b/src/test/java/net/schmizz/sshj/SmokeTest.java
new file mode 100644
index 00000000..4bd06aca
--- /dev/null
+++ b/src/test/java/net/schmizz/sshj/SmokeTest.java
@@ -0,0 +1,108 @@
+package net.schmizz.sshj;/*
+ * Copyright 2010 Shikhar Bhushan
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import net.schmizz.sshj.transport.TransportException;
+import net.schmizz.sshj.userauth.UserAuthException;
+import net.schmizz.sshj.util.BogusPasswordAuthenticator;
+import org.apache.log4j.BasicConfigurator;
+import org.apache.log4j.ConsoleAppender;
+import org.apache.log4j.PatternLayout;
+import org.apache.sshd.SshServer;
+import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.net.ServerSocket;
+
+import static org.junit.Assert.assertTrue;
+
+/* Kinda basic right now */
+
+public class SmokeTest {
+    static {
+        BasicConfigurator.configure(new ConsoleAppender(new PatternLayout("%d [%-15.15t] %-5p %-30.30c{1} - %m%n")));
+    }
+
+    private SSHClient ssh;
+    private SshServer sshd;
+
+    private final String hostname = "localhost";
+    private int port;
+
+    private static final String hostkey = "src/test/resources/hostkey.pem";
+    private static final String fingerprint = "ce:a7:c1:cf:17:3f:96:49:6a:53:1a:05:0b:ba:90:db";
+
+    @Before
+    public void setUp() throws IOException {
+        ServerSocket s = new ServerSocket(0);
+        port = s.getLocalPort();
+        s.close();
+
+        sshd = SshServer.setUpDefaultServer();
+        sshd.setPort(port);
+        sshd.setKeyPairProvider(new FileKeyPairProvider(new String[]{hostkey}));
+        // sshd.setShellFactory(new EchoShellFactory());
+        sshd.setPasswordAuthenticator(new BogusPasswordAuthenticator());
+        sshd.start();
+
+        ssh = new SSHClient();
+        ssh.addHostKeyVerifier(hostname, port, fingerprint);
+    }
+
+    @After
+    public void tearUp() throws IOException, InterruptedException {
+        ssh.disconnect();
+        sshd.stop();
+    }
+
+    @Test
+    public void testAuthenticate() throws IOException {
+        connect();
+        authenticate();
+        assertTrue(ssh.isAuthenticated());
+    }
+
+    @Test
+    public void testConnect() throws IOException {
+        connect();
+        assertTrue(ssh.isConnected());
+    }
+
+    // @Test
+    // // TODO -- test I/O
+    // public void testShell() throws IOException
+    // {
+    // connect();
+    // authenticate();
+    //        
+    // Shell shell = ssh.startSession().startShell();
+    // assertTrue(shell.isOpen());
+    //        
+    // shell.close();
+    // assertFalse(shell.isOpen());
+    // }
+
+    private void authenticate() throws UserAuthException, TransportException {
+        ssh.authPassword("same", "same");
+    }
+
+    private void connect() throws IOException {
+        ssh.connect(hostname, port);
+    }
+
+}
diff --git a/src/test/java/net/schmizz/sshj/keyprovider/OpenSSHKeyFileTest.java b/src/test/java/net/schmizz/sshj/keyprovider/OpenSSHKeyFileTest.java
new file mode 100644
index 00000000..b53e2839
--- /dev/null
+++ b/src/test/java/net/schmizz/sshj/keyprovider/OpenSSHKeyFileTest.java
@@ -0,0 +1,118 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package net.schmizz.sshj.keyprovider;
+
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
+import net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile;
+import net.schmizz.sshj.userauth.password.PasswordFinder;
+import net.schmizz.sshj.userauth.password.PasswordUtils;
+import net.schmizz.sshj.userauth.password.Resource;
+import net.schmizz.sshj.util.KeyUtil;
+import org.apache.sshd.common.util.SecurityUtils;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.GeneralSecurityException;
+import java.util.Arrays;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+
+public class OpenSSHKeyFileTest {
+
+    static final String g = "23b0484f5ad9cba2b3dba7129419fbec7f8c014e22d3b19de4ebbca20d0ebd2e9f5225dabdd48de75f87e3193377fb1072c08433f82f6e6e581a319d4fc7d283cdcd2ae2000fe572c0a800fd47b7590d6a6afe3df54aedd57696c6538029daebf11d9e277edc0c7e905e237d3b9e6a6f674d83da5cc0131ac0be2e55ac69730e";
+    static final String p = "92b746cf7c0e9ea35fd9b09b0c3dbdfde453468984698ff168fefef3f0457d29bcf81c88830ac1099223d00745423e44cdef66f4cdc3fad1d95ce2868b3e885c1d518c9fcda597d5c373f05f6f323553f60bd992404183dab41d82ab6d3b3ecf2dfc3c136fa67c4312ec0b7bbac77a634e1eb5dd9a62efd0ddab477d0b49c0b9";
+    static final String q = "96a05e07b9e52d6f1137d11d5d270b568b94162f";
+    static final String x = "8981aebb71c60b5951f0ab3ed1a00b5307742f43";
+    static final String y = "7e845aada202d31004c52ab170cbe62ce9a962b9f4acbc67a57f62eb090a67b3faa53d38050f87b2b66ddf1185472f27842c3e3e58d025f9148a28f49ebdfb6efefee8ee10fe84a2d56535dddb301dfee15538108639e8a0ec7aa237ddb999f35b6a5c6b875052998233374163ad031f974d29c2631394436ae186b418348193";
+
+    boolean readyToProvide;
+
+    final char[] correctPassphrase = "test_passphrase".toCharArray();
+    final char[] incorrectPassphrase = new char[]{' '};
+
+    final PasswordFinder onlyGivesWhenReady = new PasswordFinder() {
+        public char[] reqPassword(Resource resource) {
+            if (!readyToProvide)
+                throw new AssertionError("Password requested too soon");
+
+            return correctPassphrase;
+        }
+
+        public boolean shouldRetry(Resource resource) {
+            return false;
+        }
+    };
+
+    int triesLeft = 3;
+
+    final PasswordFinder givesOn3rdTry = new PasswordFinder() {
+        public char[] reqPassword(Resource resource) {
+            if (triesLeft == 0)
+                return correctPassphrase;
+            else {
+                triesLeft--;
+                return incorrectPassphrase;
+            }
+        }
+
+        public boolean shouldRetry(Resource resource) {
+            return triesLeft >= 0;
+        }
+    };
+
+    @Test
+    public void blankingOut() throws IOException, GeneralSecurityException {
+        FileKeyProvider dsa = new OpenSSHKeyFile();
+        dsa.init(new File("src/test/resources/id_dsa"), PasswordUtils.createOneOff(correctPassphrase));
+        assertEquals(KeyUtil.newDSAPrivateKey(x, p, q, g), dsa.getPrivate());
+
+        char[] blank = new char[correctPassphrase.length];
+        Arrays.fill(blank, ' ');
+        assertArrayEquals(blank, correctPassphrase);
+    }
+
+    @Test
+    public void getters() throws IOException, GeneralSecurityException {
+        FileKeyProvider dsa = new OpenSSHKeyFile();
+        dsa.init(new File("src/test/resources/id_dsa"), onlyGivesWhenReady);
+        assertEquals(dsa.getType(), KeyType.DSA);
+        assertEquals(KeyUtil.newDSAPublicKey(y, p, q, g), dsa.getPublic());
+        readyToProvide = true;
+        assertEquals(KeyUtil.newDSAPrivateKey(x, p, q, g), dsa.getPrivate());
+    }
+
+    @Test
+    public void retries() throws IOException, GeneralSecurityException {
+        FileKeyProvider dsa = new OpenSSHKeyFile();
+        dsa.init(new File("src/test/resources/id_dsa"), givesOn3rdTry);
+        assertEquals(KeyUtil.newDSAPrivateKey(x, p, q, g), dsa.getPrivate());
+    }
+
+    @Before
+    public void setup() throws UnsupportedEncodingException, GeneralSecurityException {
+        if (!SecurityUtils.isBouncyCastleRegistered())
+            throw new AssertionError("bouncy castle needed");
+    }
+
+}
\ No newline at end of file
diff --git a/src/test/java/net/schmizz/sshj/keyprovider/PKCS8KeyFileTest.java b/src/test/java/net/schmizz/sshj/keyprovider/PKCS8KeyFileTest.java
new file mode 100644
index 00000000..90a8fb46
--- /dev/null
+++ b/src/test/java/net/schmizz/sshj/keyprovider/PKCS8KeyFileTest.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package net.schmizz.sshj.keyprovider;
+
+import net.schmizz.sshj.common.KeyType;
+import net.schmizz.sshj.common.SecurityUtils;
+import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
+import net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile;
+import net.schmizz.sshj.util.KeyUtil;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.GeneralSecurityException;
+
+import static org.junit.Assert.assertEquals;
+
+public class PKCS8KeyFileTest {
+
+    static final FileKeyProvider rsa = new PKCS8KeyFile();
+
+    static final String modulus = "a19f65e93926d9a2f5b52072db2c38c54e6cf0113d31fa92ff827b0f3bec609c45ea84264c88e64adba11ff093ed48ee0ed297757654b0884ab5a7e28b3c463bc9074b32837a2b69b61d914abf1d74ccd92b20fa44db3b31fb208c0dd44edaeb4ab097118e8ee374b6727b89ad6ce43f1b70c5a437ccebc36d2dad8ae973caad15cd89ae840fdae02cae42d241baef8fda8aa6bbaa54fd507a23338da6f06f61b34fb07d560e63fbce4a39c073e28573c2962cedb292b14b80d1b4e67b0465f2be0e38526232d0a7f88ce91a055fde082038a87ed91f3ef5ff971e30ea6cccf70d38498b186621c08f8fdceb8632992b480bf57fc218e91f2ca5936770fe9469";
+    static final String pubExp = "23";
+    static final String privExp = "57bcee2e2656eb2c94033d802dd62d726c6705fabad1fd0df86b67600a96431301620d395cbf5871c7af3d3974dfe5c30f5c60d95d7e6e75df69ed6c5a36a9c8aef554b5058b76a719b8478efa08ad1ebf08c8c25fe4b9bc0bfbb9be5d4f60e6213b4ab1c26ad33f5bba7d93e1cd65f65f5a79eb6ebfb32f930a2b0244378b4727acf83b5fb376c38d4abecc5dc3fc399e618e792d4c745d2dbbb9735242e5033129f2985ca3e28fa33cad2afe3e70e1b07ed2b6ec8a3f843fb4bffe3385ad211c6600618488f4ac70397e8eb036b82d811283dc728504cddbe1533c4dd31b1ec99ffa74fd0e3883a9cb3e2315cc1a56f55d38ed40520dd9ec91b4d2dd790d1b";
+
+    @Before
+    public void setUp() throws UnsupportedEncodingException, GeneralSecurityException {
+        if (!SecurityUtils.isBouncyCastleRegistered())
+            throw new AssertionError("bouncy castle needed");
+        rsa.init(new File("src/test/resources/id_rsa"));
+    }
+
+    @Test
+    public void testKeys() throws IOException, GeneralSecurityException {
+        assertEquals(KeyUtil.newRSAPublicKey(modulus, pubExp), rsa.getPublic());
+        assertEquals(KeyUtil.newRSAPrivateKey(modulus, privExp), rsa.getPrivate());
+    }
+
+    @Test
+    public void testType() throws IOException {
+        assertEquals(rsa.getType(), KeyType.RSA);
+    }
+
+}
diff --git a/src/test/java/net/schmizz/sshj/transport/verification/KnownHostsTest.java b/src/test/java/net/schmizz/sshj/transport/verification/KnownHostsTest.java
new file mode 100644
index 00000000..5e41a7df
--- /dev/null
+++ b/src/test/java/net/schmizz/sshj/transport/verification/KnownHostsTest.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package net.schmizz.sshj.transport.verification;
+
+import net.schmizz.sshj.util.KeyUtil;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.UnknownHostException;
+import java.security.GeneralSecurityException;
+import java.security.PublicKey;
+
+import static org.junit.Assert.assertTrue;
+
+public class KnownHostsTest {
+
+    // static {
+    // BasicConfigurator.configure(new ConsoleAppender(new PatternLayout("%d [%-15.15t] %-5p %-30.30c{1} - %m%n")));
+    // }
+
+    private OpenSSHKnownHosts kh;
+
+    @Before
+    public void setUp() throws IOException, GeneralSecurityException {
+        kh = new OpenSSHKnownHosts(new File("src/test/resources/known_hosts"));
+    }
+
+    @Test
+    public void testLocalhostEntry() throws UnknownHostException, GeneralSecurityException {
+
+    }
+
+    @Test
+    public void testSchmizzEntry() throws UnknownHostException, GeneralSecurityException {
+        final PublicKey key = KeyUtil
+                .newRSAPublicKey(
+                        "e8ff4797075a861db9d2319960a836b2746ada3da514955d2921f2c6a6c9895cbd557f604e43772b6303e3cab2ad82d83b21acdef4edb72524f9c2bef893335115acacfe2989bcbb2e978e4fedc8abc090363e205d975c1fdc35e55ba4daa4b5d5ab7a22c40f547a4a0fd1c683dfff10551c708ff8c34ea4e175cb9bf2313865308fa23601e5a610e2f76838be7ded3b4d3a2c49d2d40fa20db51d1cc8ab20d330bb0dadb88b1a12853f0ecb7c7632947b098dcf435a54566bcf92befd55e03ee2a57d17524cd3d59d6e800c66059067e5eb6edb81946b3286950748240ec9afa4389f9b62bc92f94ec0fba9e64d6dc2f455f816016a4c5f3d507382ed5d3365",
+                        "23");
+
+        assertTrue(kh.verify("schmizz.net", 22, key));
+        assertTrue(kh.verify("69.163.155.180", 22, key));
+    }
+
+}
diff --git a/src/test/java/net/schmizz/sshj/util/BogusPasswordAuthenticator.java b/src/test/java/net/schmizz/sshj/util/BogusPasswordAuthenticator.java
new file mode 100644
index 00000000..0bdff239
--- /dev/null
+++ b/src/test/java/net/schmizz/sshj/util/BogusPasswordAuthenticator.java
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package net.schmizz.sshj.util;
+
+import org.apache.sshd.server.PasswordAuthenticator;
+import org.apache.sshd.server.session.ServerSession;
+
+/** Successfully authenticates when username == password. */
+public class BogusPasswordAuthenticator implements PasswordAuthenticator {
+
+    public boolean authenticate(String username, String password, ServerSession s) {
+        return username.equals(password);
+    }
+
+}
diff --git a/src/test/java/net/schmizz/sshj/util/BufferTest.java b/src/test/java/net/schmizz/sshj/util/BufferTest.java
new file mode 100644
index 00000000..5a44f4de
--- /dev/null
+++ b/src/test/java/net/schmizz/sshj/util/BufferTest.java
@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package net.schmizz.sshj.util;
+
+import net.schmizz.sshj.common.Buffer;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.UnsupportedEncodingException;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+
+/** Tests {@link net.schmizz.sshj.common.SSHPacket} functionality */
+public class BufferTest {
+    private Buffer.PlainBuffer posBuf;
+    private Buffer.PlainBuffer handyBuf;
+
+    @Before
+    public void setUp() throws UnsupportedEncodingException, GeneralSecurityException {
+        // for position test
+        byte[] data = "Hello".getBytes("UTF-8");
+        posBuf = new Buffer.PlainBuffer(data);
+        handyBuf = new Buffer.PlainBuffer();
+    }
+
+    @Test
+    public void testDataTypes() {
+        // bool
+        assertEquals(handyBuf.putBoolean(true).readBoolean(), true);
+
+        // byte
+        assertEquals(handyBuf.putByte((byte) 10).readByte(), (byte) 10);
+
+        // byte array
+        assertArrayEquals(handyBuf.putBytes("some string".getBytes()).readBytes(), "some string".getBytes());
+
+        // mpint
+        BigInteger bi = new BigInteger("1111111111111111111111111111111");
+        assertEquals(handyBuf.putMPInt(bi).readMPInt(), bi);
+
+        // string
+        assertEquals(handyBuf.putString("some string").readString(), "some string");
+
+        // uint32
+        assertEquals(handyBuf.putInt(0xffffffffL).readLong(), 0xffffffffL);
+    }
+
+    @Test
+    public void testPassword() {
+        char[] pass = "lolcatz".toCharArray();
+        // test if put correctly as a string
+        assertEquals(new Buffer.PlainBuffer().putPassword(pass).readString(), "lolcatz");
+        // test that char[] was blanked out
+        assertArrayEquals(pass, "       ".toCharArray());
+    }
+
+    @Test
+    public void testPosition() throws UnsupportedEncodingException {
+        assertEquals(5, posBuf.wpos());
+        assertEquals(0, posBuf.rpos());
+        assertEquals(5, posBuf.available());
+        // read some bytes
+        byte b = posBuf.readByte();
+        assertEquals(b, (byte) 'H');
+        assertEquals(1, posBuf.rpos());
+        assertEquals(4, posBuf.available());
+    }
+
+    @Test
+    public void testPublickey() {
+        // TODO stub
+    }
+
+    @Test
+    public void testSignature() {
+        // TODO stub
+    }
+
+    @Test(expected = Buffer.BufferException.class)
+    public void testUnderflow() {
+        // exhaust the buffer
+        for (int i = 0; i < 5; ++i)
+            posBuf.readByte();
+        // underflow
+        posBuf.readByte();
+    }
+
+}
diff --git a/src/test/java/net/schmizz/sshj/util/KeyUtil.java b/src/test/java/net/schmizz/sshj/util/KeyUtil.java
new file mode 100644
index 00000000..2c59d248
--- /dev/null
+++ b/src/test/java/net/schmizz/sshj/util/KeyUtil.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package net.schmizz.sshj.util;
+
+import net.schmizz.sshj.common.SecurityUtils;
+
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.spec.DSAPrivateKeySpec;
+import java.security.spec.DSAPublicKeySpec;
+import java.security.spec.RSAPrivateKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+
+public class KeyUtil {
+
+    /** Creates a DSA private key. */
+    public static PrivateKey newDSAPrivateKey(String x, String p, String q, String g) throws GeneralSecurityException {
+        return SecurityUtils.getKeyFactory("DSA").generatePrivate(new DSAPrivateKeySpec //
+                (new BigInteger(x, 16), //
+                        new BigInteger(p, 16), //
+                        new BigInteger(q, 16), // 
+                        new BigInteger(g, 16)));
+    }
+
+    /** Creates a DSA public key. */
+    public static PublicKey newDSAPublicKey(String y, String p, String q, String g) throws GeneralSecurityException {
+        return SecurityUtils.getKeyFactory("DSA").generatePublic(new DSAPublicKeySpec //
+                (new BigInteger(y, 16), //
+                        new BigInteger(p, 16), //
+                        new BigInteger(q, 16), // 
+                        new BigInteger(g, 16)));
+    }
+
+    /** Creates an RSA private key. */
+    public static PrivateKey newRSAPrivateKey(String modulus, String exponent) throws GeneralSecurityException {
+        return SecurityUtils.getKeyFactory("RSA").generatePrivate(new RSAPrivateKeySpec //
+                (new BigInteger(modulus, 16), //
+                        new BigInteger(exponent, 16)));
+    }
+
+    /** Creates an RSA public key. */
+    public static PublicKey newRSAPublicKey(String modulus, String exponent) throws GeneralSecurityException {
+        return SecurityUtils.getKeyFactory("RSA").generatePublic(new RSAPublicKeySpec //
+                (new BigInteger(modulus, 16), new BigInteger(exponent, 16)));
+    }
+
+}
diff --git a/src/test/resources/hostkey.pem b/src/test/resources/hostkey.pem
new file mode 100644
index 00000000..6b6974c7
--- /dev/null
+++ b/src/test/resources/hostkey.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDdfIWeSV4o68dRrKSzFd/Bk51E65UTmmSrmW0O1ohtzi6HzsDP
+jXgCtlTt3FqTcfFfI92IlTr4JWqC9UK1QT1ZTeng0MkPQmv68hDANHbt5CpETZHj
+W5q4OOgWhVvj5IyOC2NZHtKlJBkdsMAa15ouOOJLzBvAvbqOR/yUROsEiQIDAQAB
+AoGBANG3JDW6NoP8rF/zXoeLgLCj+tfVUPSczhGFVrQkAk4mWfyRkhN0WlwHFOec
+K89MpkV1ij/XPVzU4MNbQ2yod1KiDylzvweYv+EaEhASCmYNs6LS03punml42SL9
+97tOmWfVJXxlQoLiY6jHPU97vTc65k8gL+gmmrpchsW0aqmZAkEA/c8zfmKvY37T
+cxcLLwzwsqqH7g2KZGTf9aRmx2ebdW+QKviJJhbdluDgl1TNNFj5vCLznFDRHiqJ
+wq0wkZ39cwJBAN9l5v3kdXj21UrurNPdlV0n2GZBt2vblooQC37XHF97r2zM7Ou+
+Lg6MyfJClyguhWL9dxnGbf3btQ0l3KDstxMCQCRaiEqjAfIjWVATzeNIXDWLHXso
+b1kf5cA+cwY+vdKdTy4IeUR+Y/DXdvPWDqpf0C11aCVMohdLCn5a5ikFUycCQDhV
+K/BuAallJNfmY7JxN87r00fF3ojWMJnT/fIYMFFrkQrwifXQWTDWE76BSDibsosJ
+u1TGksnm8zrDh2UVC/0CQFrHTiSl/3DHvWAbOJawGKg46cnlDcAhSyV8Frs8/dlP
+7YGG3eqkw++lsghqmFO6mRUTKsBmiiB2wgLGhL5pyYY=
+-----END RSA PRIVATE KEY-----
diff --git a/src/test/resources/id_dsa b/src/test/resources/id_dsa
new file mode 100644
index 00000000..8e1759d9
--- /dev/null
+++ b/src/test/resources/id_dsa
@@ -0,0 +1,15 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9B6744BB12A8EA8F
+
+pzZw5s3zDVHYdejZxdTpaRx00Yd1grbJe6mIJGvZRB0Jm0hKXoOX71PUI814mc5+
+a5pzbyO98aciL/Eat5m3P692WQ0yOPMuphRnklsM3s4qrCjp2aRRbWvbyV/QV9bp
+Xz2yYvNqU3WJC3UJIaFFMvRo/lC/Wsz9OvHSSl3LnsXXhiOCeaE32etoOYdlk9ro
+N9NqDdaw28t9//iiHhuQK4afK6TZkU6DatFljJHILCC416Xh9+DDK9E+CDKzmlcw
+jSwtzgFKEhgrT0XKoZR9LJZDolT1YpFy7M3cFRYIuYvJfuLcjxVEldJE900QlaJS
+ybb6RxV6SRVwQYXTbIClcXes+oNJMv59DivAfajxECQC5sAynW/FnY1sz0igmz6D
+scclJuJIbawqiuV/Lv6bvgzMa/ZXL4b9JeJPuQELa7tCpvj4fpNk1IiftYISlwoT
+iG5pL8yLhPL4/fxGnKJzUPCA9mbwiloW2cAZZxTd+Utqmhemcl9gF0JGNR2XeYwS
+3obEjbkqMF0WR3AcVZU9B5d9SKUaAzTp4vu5yZtNVEIaiVlnI3hMwWMs2Jgahswo
+QF9MCPsRYsxLs7/u4a4qoQ==
+-----END DSA PRIVATE KEY-----
diff --git a/src/test/resources/id_dsa.pub b/src/test/resources/id_dsa.pub
new file mode 100644
index 00000000..b3330dd2
--- /dev/null
+++ b/src/test/resources/id_dsa.pub
@@ -0,0 +1 @@
+ssh-dss AAAAB3NzaC1kc3MAAACBAJK3Rs98Dp6jX9mwmww9vf3kU0aJhGmP8Wj+/vPwRX0pvPgciIMKwQmSI9AHRUI+RM3vZvTNw/rR2Vzihos+iFwdUYyfzaWX1cNz8F9vMjVT9gvZkkBBg9q0HYKrbTs+zy38PBNvpnxDEuwLe7rHemNOHrXdmmLv0N2rR30LScC5AAAAFQCWoF4HueUtbxE30R1dJwtWi5QWLwAAAIAjsEhPWtnLorPbpxKUGfvsf4wBTiLTsZ3k67yiDQ69Lp9SJdq91I3nX4fjGTN3+xBywIQz+C9ublgaMZ1Px9KDzc0q4gAP5XLAqAD9R7dZDWpq/j31Su3VdpbGU4Ap2uvxHZ4nftwMfpBeI307nmpvZ02D2lzAExrAvi5VrGlzDgAAAIB+hFqtogLTEATFKrFwy+Ys6aliufSsvGelf2LrCQpns/qlPTgFD4eytm3fEYVHLyeELD4+WNAl+RSKKPSevftu/v7o7hD+hKLVZTXd2zAd/uFVOBCGOeig7HqiN925mfNbalxrh1BSmYIzN0FjrQMfl00pwmMTlENq4Ya0GDSBkw== passphrase=test_passphrase
diff --git a/src/test/resources/id_rsa b/src/test/resources/id_rsa
new file mode 100644
index 00000000..8f5dbc48
--- /dev/null
+++ b/src/test/resources/id_rsa
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEoAIBAAKCAQEAoZ9l6Tkm2aL1tSBy2yw4xU5s8BE9MfqS/4J7DzvsYJxF6oQm
+TIjmStuhH/CT7UjuDtKXdXZUsIhKtafiizxGO8kHSzKDeitpth2RSr8ddMzZKyD6
+RNs7MfsgjA3UTtrrSrCXEY6O43S2cnuJrWzkPxtwxaQ3zOvDbS2tiulzyq0VzYmu
+hA/a4CyuQtJBuu+P2oqmu6pU/VB6IzONpvBvYbNPsH1WDmP7zko5wHPihXPClizt
+spKxS4DRtOZ7BGXyvg44UmIy0Kf4jOkaBV/eCCA4qH7ZHz71/5ceMOpszPcNOEmL
+GGYhwI+P3OuGMpkrSAv1f8IY6R8spZNncP6UaQIBIwKCAQBXvO4uJlbrLJQDPYAt
+1i1ybGcF+rrR/Q34a2dgCpZDEwFiDTlcv1hxx689OXTf5cMPXGDZXX5udd9p7Wxa
+NqnIrvVUtQWLdqcZuEeO+gitHr8IyMJf5Lm8C/u5vl1PYOYhO0qxwmrTP1u6fZPh
+zWX2X1p5626/sy+TCisCRDeLRyes+Dtfs3bDjUq+zF3D/DmeYY55LUx0XS27uXNS
+QuUDMSnymFyj4o+jPK0q/j5w4bB+0rbsij+EP7S//jOFrSEcZgBhhIj0rHA5fo6w
+NrgtgRKD3HKFBM3b4VM8TdMbHsmf+nT9DjiDqcs+IxXMGlb1XTjtQFIN2eyRtNLd
+eQ0bAoGBAMwgv3rGytRjVbR4TT77eF81svzitOJWRdfXuKB5gqM3jsPR08f1MEtZ
+44kaI5ByJ3mBDt/EwNgLRdmBddPrLu3so9VLdRmWKI+KNGxwkcxzJv1xXdicgw+w
+S5WgigJryuUbtdylXQTlRArLUKsXULk/MndhGiD+a4fZ3dUtktF9AoGBAMqxh6tr
+S0ao0rN4hc9I92gwPubD1+XQr9TJQEEqGv3g5O3BdfDrTvizfaeNArahrIqyO5SK
+7iDg0xcHqdxmVmmCJ8CkIWBPXLU6erQ1QNlBJmnzYn5lR0Ksx2h/myjeXztvJKEM
+q4xUjAEzWjmwxxU3Y6l3FokvgIU4kOVoE4JdAoGARfyZa+xizHnUPeAae/5yaclE
+rnmdGma43En2KGQsyj7vHpEVaSDdW6nKWuRj9wKRMPkMafpQvxnOzjsD06EXZ4RV
+bbN4mw7pVcj8B+wUuyAqoAmchMfya8dqXy+6SfkSXS4Sd4knNODkIPVAOqjoegcJ
+/QtZamXbuYyGkjuCy3sCgYBLSUEFJ9ohjymwX/cvvAQfYmCBmTLu9b2mzmhSt94j
+yI+Lgl8BtnxrANbmdjQ1NLxuB6+61IRVWtIP3kZnzj1aY4sbqq1PqHLkOkrVOFnq
+S2YKGJJMND8KIur67ZFm84J1KUgej61uow9uKQRBUEnx8AByJOsdAwPZteys+sVq
+7wKBgAc3BL6ttDVYlL8U8fgvTCGuIajItvOQQj1n8RKyRLblYXBKAtY+pbULzmF+
+HscRgJMcwEIosEbTzzBNEVQm6dS6R/Q534C00Fpsw1z/PFTI8AOdUzTROGjuN8Fg
+YZoqMQLhk/PB8V4l7yJmPrE971RmJBBDlLDt6hZwOYEI2yF4
+-----END RSA PRIVATE KEY-----
diff --git a/src/test/resources/id_rsa.pub b/src/test/resources/id_rsa.pub
new file mode 100644
index 00000000..6c50ee23
--- /dev/null
+++ b/src/test/resources/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAoZ9l6Tkm2aL1tSBy2yw4xU5s8BE9MfqS/4J7DzvsYJxF6oQmTIjmStuhH/CT7UjuDtKXdXZUsIhKtafiizxGO8kHSzKDeitpth2RSr8ddMzZKyD6RNs7MfsgjA3UTtrrSrCXEY6O43S2cnuJrWzkPxtwxaQ3zOvDbS2tiulzyq0VzYmuhA/a4CyuQtJBuu+P2oqmu6pU/VB6IzONpvBvYbNPsH1WDmP7zko5wHPihXPCliztspKxS4DRtOZ7BGXyvg44UmIy0Kf4jOkaBV/eCCA4qH7ZHz71/5ceMOpszPcNOEmLGGYhwI+P3OuGMpkrSAv1f8IY6R8spZNncP6UaQ== no-passphrase
diff --git a/src/test/resources/known_hosts b/src/test/resources/known_hosts
new file mode 100644
index 00000000..5846275f
--- /dev/null
+++ b/src/test/resources/known_hosts
@@ -0,0 +1,3 @@
+schmizz.net,69.163.155.180 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6P9Hlwdahh250jGZYKg2snRq2j2lFJVdKSHyxqbJiVy9VX9gTkN3K2MD48qyrYLYOyGs3vTttyUk+cK++JMzURWsrP4piby7LpeOT+3Iq8CQNj4gXZdcH9w15Vuk2qS11at6IsQPVHpKD9HGg9//EFUccI/4w06k4XXLm/IxOGUwj6I2AeWmEOL3aDi+fe07TTosSdLUD6INtR0cyKsg0zC7Da24ixoShT8Oy3x2MpR7CY3PQ1pUVmvPkr79VeA+4qV9F1JM09WdboAMZgWQZ+XrbtuBlGsyhpUHSCQOya+kOJ+bYryS+U7A+6nmTW3C9FX4FgFqTF89UHOC7V0zZQ==
+Above we have a plain line, Below we have a hashed line, This is a garbage line.
+|1|dy7xSefq6NmJms6AzANG3w45W28=|SSCTlHs4pZbc2uaRoPvjyEAHE1g= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAu64GJcCkdtckPGt8uKTyhG1ShT1Np1kh10eE49imQ4Nh9Y/IrSPzDtYUAazQ88ABc2NffuOKkdn2qtUwZ1ulfcdNfN3oTim3BiVHqa041pKG0L+onQe8Bo+CaG5KBLy/C24eNGM9EcfQvDQOnq1eD3lnR/l8fFckldzjfxZgar0yT9Bb3pwp50oN+1wSEINJEHOgMIW8kZBQmyNr/B+b7yX+Y1s1vuYIP/i4WimCVmkdi9G87Ga8w7GxKalRD2QOG6Xms2YWRQDN6M/MOn4tda3EKolbWkctEWcQf/PcVJffTH4Wv5f0RjVyrQv4ha4FZcNAv6RkRd9WkiCsiTKioQ==