I have embedded a JSCH SSH Java applet in a web page and need to know if it's possible to run a script (of any language like PHP) to automate logging in and running commands. I have heard of expect4j and java robot but cannot see any way to implement it. Keep in mind, I'm not great with Java so I don't know everything about it. Any help is appreciated.
JSch is an SSH client library, and by itself only allows programmatically steered connections to another server. The user interaction has to be build around it by users of the library.
The JCTerm applet provided on the website also contains a terminal emulator in form of a Java GUI. If you only want to automatically execute some command (and maybe show its output in the web page), you could do everything on the server side, and don't need the applet with its terminal emulator. (You would need either some PHP-Java bridge on the server side or some Java-enabled webserver with a Servlet or similar, though.)
(If the web server would be the same machine as the server you'll run the command on you wouldn't even need the SSH connection, but could execute the stuff directly.)
If the server can't do anything (i.e. a "static server"), an applet is the way to go, yes. You can either modify JCTerm or create a new applet from scratch (using JCTerm's connection code as an example on how to connect to to the server).
If you don't have to fear any malicious users in your LAN (i.e. between web server and user, the SSH server doesn't matter), you can embedd the password (or preferably a private key for public-key authentication) into the applet's jar file, and pass it to the library for connection. (You should also include the server's public key for easier checking.)
Provide the command(s) to a ChannelExec (instead of a ChannelShell), this makes it easier to provide input (if necessary) and capture the output. Pipe the output in a text area, or simply use a green/red label saying if the command was successfully executed.
(I might have a look at this in the next days and try to do it. No promise, though.)
Related
So, I want to create my own SSH Client, not just sending commands but a full on ssh client for me to use like you would use PuTTy or mobaxterm, can someone here point me in the right direction.
Things I tried / thought of:
- Using Jsch to send and execute commands (If its possible I would love to know if this is able to be done without using Jsch).
SSH is a protocol that is defined to run on top of TCP, and you can make TCP connections in java using the java.net.Socket class.
So, yes, it can be done.
You'd have to implement the protocol yourself (or use JSch to do it, but given that all these tools already exist, and it's security, where in general relying on widely used tools is orders of magnitude more intelligent than relying on hand-written stuff, given that a security bug is very hard to test for – I assume this is some sort of exercise in sheer dogged arrogance, or, more likely, a learning exercise, which'd mean that you wouldn't want to use jsch here).
ssh works by sending any number of streams across the network, encrypted. By default, there is one stream (a two-way stream), with the user's shell being on one end (so, the /bin/bash executable, for example), and a terminal (where what you type forms the input, and any output is echoed to the terminal window) on the other.
ssh does NOT wait for you type a command then run it; that's /bin/bash doing this. This is basic linux info and has no direct bearing on ssh (the protocol), that's just what you're used to, because sshd (the linux executable that forms an ssh server) by default hooks your terminal up to the target server's shell executable. Usually bash.
Given that you know nothing of this, this sounds like a project that's a bit too far fetched as a starter experiment, but I'm going by incomplete information to make this assessment.
I'd start by making a trivial telnet client and server. telnet is at this point extremely outdated but it is basically ssh without the multiplexing of streams nor the encryption. If you can't write a telnet client, you can't write an ssh client either. And you can still start telnet servers on linux machines for testing purposes.
Once you've got that down, start figuring out the crypto and the multiplexing*.
*) With ssh you can, whilst having a shell open, also port forward and such; check out the -R and -L and -D options in standard ssh. Each such option allows for another stream to be sent along. (whilst you're sending shell commands and seeing their results, at the same time, over the same ssh connection, you are, say, sending a print job to a printer in the network of the other machine). Sending multiple streams through a single connection is called 'multiplexing', and it is part of the ssh specification.
I am working on some machine learning for chemical modelling in python. I need to run a java app (from command line through python subprocess.call) and a python webserver. Is this possible on AWS EC2?
I currently have this setup running on my mac but I am curious on how to set it up on aws.
Thanks in advance!
Since you're just making a command line call to the Java app, the path of least resistance would just be to make that call from another server using ssh. You can easily adapt the command you've been using with subprocess.call to use ssh -- more or less, subprocess.call(['ssh', '{user}#{server}', command]) (although have fun figuring out the quotation marks). As an aside on those lines, I usually find using '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' stabilizes scripted SSH calls in my environment.
The more involved thing will be setting up the environments to properly run the components you need. You'll need to set up ssh configs so that your django app can ssh over and set up -- probably with private key verification. Then, you'll need to make sure that your EC2 security groups are set up to allow the ssh access to your java server on port 22, where sshd listens by default.
None of this is that hairy, but all the same, it might be stabler to just wrap your Java service in a HTTP server that your Django app can hit. Anyway, hope this is helpful.
My main goal: Collect specific information through the linux server on a windows machine. I want this program to ask the user for information needed and the program will log into the linux server with credentials "hard-coded" in the software and obtain the appropriate specific information the user requested.
My situation: This program will be used with different OSs (Mac, Windows, Linux, etc.). I have written a Perl script that does the task I want, but to run the script, you have to be on the linux server, but I want the user to not have to log into the linux server. I do have PuTTy on my computer which is what I use to log into the linux server. I don't know if that will be useful.
My program steps:
1) Once the user opens the program, a GUI will display different elements that the user interacts with. These elements ask for information that will aid in obtaining the specific information through the linux server.
2) Connect to the linux server. This is the tricky part. If I'm coding in Java, for example, making a normal application with Swing and I'm running on a windows machine, how can I connect straight to a linux server, enter commands, and obtain output information and send it to a text file?
3) Take the information that would have been outputed to the terminal screen and send it to a text file on the linux server and/or locally.
4) Finishing touches.....(closing the terminal, telling the user success or fail, etc.).
Like I said above, I have written a Perl script that you can run and will obtain all the information and send the output to a text file and do every thing I want it to do, but I want this to be more interactive and "user-friendly" and not have to make the user log into the linux server, but simply just open a program and click a few buttons. The program will log into (This login info would be the same username and password every time) to linux server, send the required information to a text file, and do everything for them.
Thanks in advance!!
Plink program from Putty site should be able to do what you want. See http://the.earth.li/~sgtatham/putty/0.62/htmldoc/Chapter7.html#plink Problem would be with SSH fingerprint, that has to be confirmed first time from putty itself, not from plink.
I am writing an eclipse plugin using java as language. The plugin is an interface to a tool present in the server. The user writes text in eclipse. The server should parse it and give an output. This should be displayed back in eclipse.
The above simple steps must be performed by my application. Currently, I have the backend tool to parse is ready. The front-end in eclipse has a dummy GUI ready. My problem is with connection between the server and eclipse plugin.
How can I send text in eclipse (say when a user presses a button present in the interface) to the server. I know the server details and like server address on the LAN and userid/password.
Which interfaces/ what type of programming should i use to accomplish this.
EDIT:
Here is how i run my command on the server:
mycommand -f [filename] [optional arguments]
My frontend has the GUI ready in eclipse to form the [optional arguments] part. Now i have to send the text to mycommand and get its output.
To send/recieve messages, I would recommend you use Java RMI which is easy to implement.
Here's a tutorial on setting up the client and the server:
http://docs.oracle.com/javase/tutorial/rmi/index.html
I would use TelnetClient from Apache Commons Net to connect to the telnet server and do something
I spent a lot of time developing an application that would use JSch and connect to a remote machine thru ssh to perform some command-line operations. However I learned that these operations can be performed at the localhost as well (my app is running on localhost). Now... I am too lazy to rewrite all the code and honestly I feel bad since I got really attached to JSch. Is there a way to trick JSch to connect to localhost instead or tell it in some way to just use localhost even though the code says otherwise? :)
P.S. in case it's not possible, how come the regular Proccess class doesnt support setOutputStream and setErrStream like JSch does, but only getInputStream and getErrorStream ??
As long as your local machine has an SSH server running (and your application has the necessary login credentials), you can use JSch to connect to your local machine, too - simply indicate localhost (or 127.0.0.1) as the host name for the connection.
This will have some overhead, though, since you are encrypting and decrypting all the data, which is not really necessary to execute some command locally. (On the other hand, this would allow you to run the commands as another user, for which you otherwise would need something like sudo or su, or RunAs under Windows.)
JSch implements the setOutputStream and setErrStream on top of the corresponding get... methods - it uses something similar to a PipedInputStream internally and a separate thread which shovels the data between those streams.
As JSch is open source, you can simply look how this is done (in the Channel class, if I remember right), and copy the relevant methods to your class which does the same things for a Process.
Is there a way to tell JSch not to encrypt the data?
You can use the none cipher, e.g. no encryption. This is by default disabled in all general-purpose clients and servers (as it defeats half of the purpose of SSH), but with the right configuration you can enable it. In JSch you can use
session.setConfig("cipher.s2c", "none,..."); // server to client
session.setConfig("cipher.c2s", "none,..."); // client to server
(This configuration option is the list of all options the client supports - see the documentation of setConfig for all supported values. The server will normally select the first one of this list that it also supports. To force no encryption (or canceling the connection), list only none.)
I don't know how to enable this in the SSH server - read your server's documentation. (And enable it only for localhost, if possible.)
The recommended way of using it is to switch to the none cipher only after authentication (so the authentication is still encrypted), but for localhost this might not be necessary. (You can use session.rekey() to switch the cipher (and key) after changing the configuration.)