java 如何让 JSch API 在没有密码的情况下登录到 Unix 服务器?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5947791/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can I make the JSch API log in to a Unix server without a password?
提问by sm1988
I'm trying to make a Java application, that executes shell scripts on a remote Unix server, using the JSchAPI.
我正在尝试制作一个 Java 应用程序,它使用JSchAPI在远程 Unix 服务器上执行 shell 脚本。
I was wondering if it's possible to login to the server without a password. If so - how? Should I generate a pair of authentication keys on the servers, then make the application read information from the key file?
我想知道是否可以在没有密码的情况下登录到服务器。如果是这样 - 如何?我应该在服务器上生成一对身份验证密钥,然后让应用程序从密钥文件中读取信息吗?
The Java application is on a Windows station.
Java 应用程序位于 Windows 工作站上。
回答by kimmo
Since it took awhile before made it work, here is a whole modified example:
由于花了一段时间才让它工作,这里是一个完整的修改示例:
JSch jsch=new JSch();
Session session=jsch.getSession("my_username", "my_host", my_port);
session.setConfig("PreferredAuthentications", "publickey");
jsch.setKnownHosts("~/.ssh/known_hosts");
jsch.addIdentity("~/.ssh/id_rsa");
session.setConfig("StrictHostKeyChecking", "no");
session.connect(30000);
Channel channel=session.openChannel("shell");
channel.setInputStream(System.in);
channel.setOutputStream(System.out);
channel.connect(3*1000);
Beware whether you have copied rsa or dsa key to the server and add a corresponding identity at line addIdentity - id_rsa or id_dsa.
请注意您是否已将 rsa 或 dsa 密钥复制到服务器并在行 addIdentity - id_rsa 或 id_dsa 添加相应的身份。
(cat .ssh/id_rsa.pub | ssh me@servername 'cat >> .ssh/).
(cat .ssh/id_rsa.pub | ssh me@servername 'cat >> .ssh/)。
回答by jlliagre
This is certainly doable. Have a look at the examples directory provided with jsch.
这当然是可行的。查看与 jsch 一起提供的示例目录。
UserAuthPubKey.java is showing how to authenticate with a public key and and KeyGen.java is chowing how to create the public and private keys.
UserAuthPubKey.java 展示了如何使用公钥进行身份验证,KeyGen.java 展示了如何创建公钥和私钥。
回答by DivvyJ
Once you have sorted out your keys there is a single line to enable connecting with a key rather than a password:
整理好密钥后,有一行可以使用密钥而不是密码进行连接:
JSch jsch = new JSch();
jsch.addIdentity(".ssh/privateKey.pem");
The addIdentity method takes a single argument that points at the location of your private key file on your machine.
addIdentity 方法接受一个参数,该参数指向您机器上的私钥文件的位置。
回答by Pa?lo Ebermann
As said by jlliagre, it is possible.
正如 jlliagre 所说,这是可能的。
Generate a key pair for your application, make the public key known to the server (often putting it in ~/.ssh/authorized_keysis a good way), and give both keysto the client JSch object, either as files or as byte[]. You might also want to change the PreferredAuthentications option to allow only public-key auth, to avoid asking for a password or trying something else.
为您的应用程序生成一个密钥对,让服务器知道公钥(通常将其放入~/.ssh/authorized_keys是一种好方法),并将两个密钥以文件或字节 [] 的形式提供给客户端 JSch 对象。您可能还想更改 PreferredAuthentications 选项以仅允许公钥身份验证,以避免要求输入密码或尝试其他操作。
Note:If you deliver your application to hosts not controlled by you, anyone which can access the application's files can use the private key to login to your server.
注意:如果您将应用程序交付给不受您控制的主机,任何可以访问应用程序文件的人都可以使用私钥登录到您的服务器。
Thus you should make sure the account can't do anything harmful, or that the client machine (your account and any privileged one) is under your (or only known friendlies') total control. (Encrypting the private key with a passphrase does not help if the passphrase is distributed with your program. Neither does putting it in the program's jar file.)
因此,您应该确保该帐户不会做任何有害的事情,或者客户端计算机(您的帐户和任何特权帐户)处于您(或仅已知的友好)完全控制之下。(如果密码短语随您的程序一起分发,则使用密码短语加密私钥无济于事。将其放入程序的 jar 文件中也无济于事。)
