I am able to run commands on remote machine using java jsch library.
Scenario is when I am executing a particular command from putty it is prompting for password and a reason to execute this command(for some security purpose).
Now I want to do the same executing that command and passing password and reason on propmt using java program only.
How can I achieve this?
"There is nothing code specific actually. I am executing a pbrun command in unix using putty with command "/opt/bin/pbrun username". which on entering prompt me for password and reason to login. As I am accessing it thorough putty I am able to pass values. I want to pass those value using java program."
Basically you cannot do that this way, SSH does not permit to pipe the password because of security reasons.
However, what you can do is (roughly) to generate a public/private keypair with ssh-keygen and place it to the host's .ssh/authorized_keys. Then you can SSH without a password, that is my usual solution for the problem (however, I'd love to hear any alternatives). There are plenty of tutorials on the topic, simply search for the "passwordless ssh" expressions.
It may sound trivial, but believe me, you will spend hours on configuring it :-). The ssh -x will be your friend (for one you'll need exact privileges on the key files and stuff like that).
Related
I want to write a program which controls a tool on a remote server. For that I want to create a SSH-Method to connect to the remote server and execute some commands to get some data. Sadly I don’t find a way to handle the SSH part properly.
Here is a flowchart showing what the method should be able to do:
First I want to connect via SSH to the remote server. I successfully tried that with “JSch”.
After that, the method should enter the command ls -l into the shell and wait for the response. Now it should parse the output, and act differently depending on the output.
If there is a folder with the name “folder123”, the next commands should be to change into this folder (cd folder123) and enter ls -l there again. This list of content then should be returned and the ssh connection can be closed.
If the folder doesn’t exist, the program should create one (mkdir folder123) and then return a code (-1).
In my main program I will use the new data to make some decisions and then going on.
I found ways with JSch to execute one command, like ls -l and even multiple commands and get the response back as a string. Sadly, I have to pass all commands in one block for that, so I have no way to make the decision in the middle of it. When I want to implement decision making, I have to close the connection first. That would lead to a lot of connection building overhead, especially when there will be more than one decision to make and I have multiple navigating steps between them.
So is there a way to make this decision while the connections stays establish, so I can directly enter the next command after it?
Edit:
I am just playing around by now. So my solution with the multiple commands is basically the answer from Mihail in this post
For this part of the task it would be more simple to use the ways DaveyDaveDave and Aaron proposed. But i have to do some more specific tasks.I thought it is the best to provide a simple example first, but here is another one which needs to use a program on the remote server:
Another Example
After the ssh connection is established (the only non-graphical way to access this server), I have to login in the tool (that is a one-liner the command line).
In the cmd, and through this in my ssh connection, i get an output after that. It shows some information about the user and ends with the word "END" and above that i have a return code. The function has to wait for the "END" and then parse the return code. Depending on it, the function should try again or enter the next command.
After the next command it has to do the same validation and when everything worked until now, the last output should be returned to the main program (in this it contains network elements and information about them).
Found an fitting answer for my problem in another Thread where I asked a more specific question.
Look here if you have similar problems:
Change System.in and read System.out programmly on the fly (Jsch)
Working with Unix server... My requirement is to read the name of the file that is there at /a/b/c/node01/d.ear location on a Unix server and I have do the same through a java program. The problem is that the directory a is a restricted directory and is accessible only to certain users. On the Unix side, I first issue a become command like become a, then supply the password and then using cd command, I reach the d.ear directory and then get to see the name of the file.
How do I do all of this via a Java program?
I don't mind if my Java program calls a shell script that accesses the restricted directory and then reach d.ear and fetch the name of the file and returns the same to the java program. Do we have a way of doing this? Maybe issuing the become command inside the script which is called from the Java program and the password which is asked after become command is supplied as a parameter while calling the script???
Is this approach doable? I am very new to Unix commands and JSch library. Kindly provide the code or any other alternate solutions...
Thanks!!!
As I have suggested you already, your become command seems to behave the same way (from an interface/API point of view) as common *nix su or sudo.
So, use the same solution as for those. There are many questions on Stack Overflow covering use of su/sudo with JSch.
There's even an official JSch example Sudo.java:
http://www.jcraft.com/jsch/examples/Sudo.java.html
In short:
Execute become command
Feed a password to its input
Assuming the become starts a new shell (as su or sudo do), you feed the commands to be executed in the elevated environment to become input (the same was as the password).
I'm using a bash script to start a java program/process. The bash script prompts for username and password and should supply these to the java process. I don't want to supply these as parameters for the java program so they can be seen as clear text using the shell "ps" command. So I don't want any of the following:
- java MyClass <clearTextPassword>
- java -Dpass=<clearTextPassword>
Are there any recommended ways to supply the password to the java process from a shell script?
Thanks in advance for any suggestions.
Best regards Trym
if you have coded the program yourself, its better to design your program such that it promts the user for password and use Console class's readPassword() to read the password from the command line
In this cases I create a file on disk (encrypted or not depending on your level of security need). I modify the permission so that only controlled user can read it when executing the program
You could store the password in a properties file (you have different options when it comes to securing it. You can also forgo a password entirely and use a public Key
You could pass a hashed version of the password. For example, provide a timestamp, and a MD5 of timestamp and password concatenated together. This is of course if you have control over the process code and can work with an hashed version.
I don't know how to connect to RMAN in Java. Simple request don't work when I use command non-SQL, like RMAN etc... I'm gonna to make program like "ORACLE Secure BackUP", but how they connected to RMAN??
I don't believe that there is a published API for interacting with RMAN other than the command line. So if you wanted to create a program like Oracle Secure Backup that used RMAN, you'd probably have to invoke the RMAN executable from Java. Which means that you'd probably also have to parse the output of the various RMAN commands in order to provide feedback to the user.
If you want to go down this path, you'd want to use the Runtime class in Java. Here is an example of calling an external program from Java.
Scenerio: I'd like to run commands on remote machines from a Java program over ssh (I am using OpenSSH on my development machine). I'd also like to make the ssh connection by passing the password rather than setting up keys as I would with 'expect'.
Problem: When trying to do the 'expect' like password login the Process that is created with ProcessBuilder cannot seem to see the password prompt. When running regular non-ssh commands (e.g 'ls') I can get the streams and interact with them just fine. I am combining standard error and standard out into one stream with redirectErrorStream(true); so I am not missing it in standard error...When I run ssh with the '-v' option, I see all of the logging in the stream but I do not see the prompt. This is my first time trying to use ProcessBuilder for something like this. I know it would be easier to use Python, Perl or good ol' expect but my boss wants to utilize what we are trying to get back (remote log files and running scripts) within an existing Java program so I am kind of stuck.
Thanks in advance for the help!
The prompt might only be shown when ssh is connected to a TTY, which it isn't in the case of Java.
There's probably a way to supply the password on the command-line in your ssh application. That will be the way to get past the prompt.
Alternately, consider connecting directly to the host server from native Java code rather than running an external application. There's a million libraries that will do this.
Rather than using an external ssh program, why not use a Java ssh library:
Trilead
JTA
Are two I found with google - that'll avoid the problem that openssh will be working very hard to prevent entering the password on stdin - it'll be opening the terminal directly. expect has to work very hard to simulate a tty in order to work.
Why not use a Java ssh client? This one is BSD-licensed, and there are more clients listed here.
Most security minded programs don't use stdin/stdout for capturing passwords, they capture the TTY or some equivalent method.
Echoing others' suggestion to use a Java SSH library. But wanted to comment on Cohen's response. Sending your password over the command line when establishing the connection is insecure and also not permitted by many sshd servers (based on configuration).
You might want to look into setting up keys for this, so you can perform ssh commands between the machines without a password.
Basic steps
- use openssh to create a keypair (I've done RSA but I know there's a better method now)
- create a .ssh directory in your home folder on the SOURCE machine
- create a .ssh directory in your home folder on the TARGET machine
- keep your private key in your source machine's .ssh folder
- copy your public key into a file called authorized_keys in the target's .ssh folder
Some instructions can be found here
You can run commands using edtFTPj/PRO, as well as performing file transfers via SFTP. It's Java.