I'm trying to ssh into ubuntu using exec, but for some reason when I execute from the code I get the error
port 22: Connection refused
In the code I use concat to put the strings together, but I know they're put together properly because I print them out and if I copy and paste them into the command line then it will ssh properly.
My code tries:
p1= Runtime.getRuntime().exec(run1);
p1.waitfor();
where
run1 = "ssh -o StrictHostKeyChecking=no -v -i key " + "ubuntu#"+ DNS + " sudo mke2fs -F -j "+device;
Any ideas?
You are initiating the connection, so for it to be refused it means that the machine you are attempting to ssh into is denying you ssh access.
Log into that machine by whatever means you have and verify that the ssh server is running. If it is, then verify that the firewall is not blocking port 22; because, sometimes the ssh server is running but the firewall won't allow network access to the ssh server due to a port blocking rule.
--- Edited after question in comments ---
Is there a difference between ssh in the command line and using exec? Because I can
connect to the server through the command line, which I assume is still using port 22.
So if I can ssh that way does that mean port 22 is working?
There are a few possibilities. Java comes with a Security Manager which only serves to deny programs access to machine resources. This is why it is possible to safely run applet code, which is downloaded from remote servers, as the Security Manager denies permission to access the hard drive or make connections to other machines. In the applet sandbox, it does allow connections back to the originating web server (to download more code and images).
However, the lack of a security exception directs the suspicion away from the Security Manager. The fact that the message uses the words "Connection refused" is a strong indicator that the SSH server you are connecting to won't accept a connection from you.
Perhaps by operating on the command line, the ssh command is using a different environment or configuration. I would see if the command is aliased, of if the ssh connection makes some assumption about key pairs. If nothing seems to be out of line with the command, I would check that your program is connection with ssh version 2 (version 1 is not allowed by many due to a security hole).
Then I would also hunt around for possible differences in name resolution. You might be resolving the hostname in the command line differently than you are resolving it from the Java program. This could mean that the Java program is attempting connection to a different machine, one which doesn't have a secure shell server running.
Either way, it seems that you'll have to do a bit of debugging to isolate if it is a true coding problem or an environmental issue.
If you are getting Connection refused, the SSHD is not running or you are being blocked by Firewall (or similiar).
Related
I work with several IBM i systems. One of them needs me to set an SSH connection before opening an 5250 session. I use the command: ssh -i Keys_rsa L 50023:localhost:23 USER#HOST and after open a 5250 session pointing to IP 127.0.0.1 and it works... But i have a java program that gets some data from the server that cant connect. I need an example of connecting and setting ports. I use JTOpen/JT400 AS400 object but i think i need to move to a SecureAS400 object... Can anyone help?
We are implementing an university project: a car-pooling service in Java.
We need to solve a problem linked "how to manage a postgres server":
the PostgreSQL Database is configured in a lab server called "golem" (130.136.4.sth) reachable only through terminals in the same subnet (130.136.4.0).
We have four account (ours) through we can establish a ssh connection to an host.
Is it possible to make SQL queries through SSH towards Postgres DB in JAVA?
Thank you :)
Davide
If this is just for development, you can use ssh port forwarding to access the database as if it was installed locally. How port forwarding is enabled depends on the client software you use, openssh for example has a command line switch for it (-L):
ssh user#host -L localport:remotehost:remoteport
This command would make the remoteport on remotehost, though accessible only through host, available on localport on your computer.
Take a look at the other suggested answers as they seem easier to accomplish what you need.
However, if you really need to implement the command submission with Java for your lab assignment, you can take a look at the JSch (Java Secure Channel) library found here: http://www.jcraft.com/jsch/ Examples are here http://www.jcraft.com/jsch/examples/
With it you can submit ssh commands and perform any kind of operation via a Java API
If you run "ssh" followed by any command that command gets executed on the remote host. So you should be able to run pre-baked queries in batch mode via ssh.
Consider doing key-gen and key exchanges to enable passwordless ssh execution.
Example (this just dumps a directory listing to your terminal):
ssh me#mybox ls
I'm currently trying to create an automated test using Java that runs some commands in a remote server the problem is that this remote server has a firewall. Manually I can ssh into the first server (firewall) using putty. Then I enter the details to the Server I wish to execute the commands. I've seen some article with code that mention how to use java code (jsch.jar) that I can ssh into a remote client but I haven't found a good enough explanation when a firewall is present. Can someone give me an explanation of what I should be trying to do and with some code snippet if possible
Not a complete answer, just an idea.
OpenSSH has a feature called ProxyCommand. It allows one to automatically issue a command on a target system, presumably another ssh.
So I have several entries of this sort in my .ssh/config:
Host the.private.host.behind.firewall.net
Hostname 10.0.100.106
User username_on_the_private_host
Compression yes
ProxyCommand ssh the.firewall.net nc -q 1 %h %p
Now I can issue ssh the.private.host.behind.firewall.net and first get to the SSH authentication on the.firewall.net, and then to the second authentication on the target host.
Likely Java implements SSH protocol on its own, but perhaps you could create a construction like this one.
Scenario
I'm in a Java project where we have to communicate with the CLIs of other machines. Unfortunately, we can't connect to these other machines directly and another bad luck is that they only support telnet. So we have the following setup, which is carved in stone (of course):
application <---- telnet or ssh ----> gateway <---- telnet ----> machine_001
(10.0.0.1) (192.168.1.1) (192.168.2.1)
(192.168.2.2)
( ... )
It's possible to connect via SSH or telnet to the gateway manually (e.g. using PuTTY), telnet from this shell to one of the machines and work with its CLI. As we want the communication to happen automatically, the application must be able to talk to the machines by itself; so I need a programmatic solution.
What I've tried so far
After some research on the internet I've found a library called JSch which looked promising, but I've encountered an evil problem. When the applications connects to the gateway, the telnet command and therefore the whole CLI of the target machine is one single command from application's viewpoint. So I'd have to struggle with a non-terminating InputStream, unsynchronized OutputStream and Threads if necessary.
The next try was to establish a SSH tunnel from L127.0.0.1:1234 to 192.168.2.1:23 (via the gateway), but with this configuration it's not possible to telnet to 127.0.0.1:1234 (neither programmatically nor manually).
The actual question
How can I get my application to talk to the machines via the gateway using telnet?
I have a lot of experience with jconsole.exe and JVisualVM.exe , in the JDK1.6 and have connected thousands of times from a Windows JVM over to a Windows JVM on another machine via JMX.remote but it fails when I try to monitor a java instance that is running on a Linux host (from a Windows host and I tried JMX listener on redhat and SUSE at Amazon EC2). I also tried using jconsole.exe and get a similar error.
Is there any reason anyone can think of , why this kind of JMX connection would have a problem. Any ideas I can try? Has anyone "actually" done this and can say it will work if I persevere?
The error I get from JVisualVM (on the remote connect attempt) is something like this:
"Cannot connect using service:jmx:rmi:///jndi/rmi://<jmx service ip>:8001/jmxrmi"
My remote JMX service config is like this:
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=8001
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.hostname=<jmx service ip>
Found a similar question at this link but it didn't answer my question.
I verified that "iptables" is not enabled as a service and is not on and so I don't imaging there is any sort of firewall blockage. Also, both the windows and linux machine are on a 10.0.0.0 private internal subnet together. I am able to telnet into the port 8001 to verify its there , and its listening (netstat -ap) on the linux machine.
See the system property java.rmi.server.hostname. On your Linux server JVM, set this system property to be the public IP of the host. Then use the public IP in you client JMX URL.
I think your problem is that the RMI implementation is kind of hard to work with through firewalls and such as it requires more than the port you specify to work. Things you typically wouldn't notice if you connect to your own machine or a machine on the same network.
This post describes the problems you will run into quite well
If I were you, I would try to setup jmxmp as an alternative protocol. To do so you need to add the jmxremote_optional.jar (free from Oracle, download "JMX Remote API 1.0.1_04 Reference Implementation" from here) to both the server and the jvisualvm classpath but it is worth it.
If you google for jmxmp you will find quite a few examples on how to set things up, one of my first hits are http://pub.admc.com/howtos/jmx/distributed-chapt.html#jmxmp-sect which may be a bit too code oriented but I add it here anyway because it explains the things like like most with jmxmp in a few good sentences.
How to define the server side endpoint is depending on what you are running. Most app servers will let you type in a jmxmp enabled jmx service url but if the server is written from scratch you might have to set it up yourself in code instead of using the -D switches to java you are used to.
Give it a try and return with more specific questions about it if you run into problems.
Edit:
After you have added the jar to the classpath, the only thing you have to do in your code (assuming you are not using a server app that already handles it for you) is the following (omitting declarations, exception handling and such as you will figure it out anyway):
url=new JMXServiceURL(jmxurl);
this.server = JMXConnectorServerFactory.newJMXConnectorServer(url, null, ManagementFactory.getPlatformMBeanServer());
this.server.start();
Have you tried creating an SSH tunnel to the Linux box from your Windows machine? http://oldsite.precedence.co.uk/nc/putty.html
Or if you have cygwin, just try ssh -f your-user#remote-server.com -L 7777:remote-server.com:123 -N where 7777 is the port on YOUR windows machine, and 123 is the port on the remote Linux box that listens to JMX commands.
With either of the above, you can use jconsole or visualvm on your Windows box and connect to localhost:7777.
I know iptables is disabled, but just confirm that JMX is working fine at that port by SSHing into the Linux box and trying to use commandline JMX mode of jconsole for localhost (on the Linux box).
I have actually just tackled this problem myself and figured it out.
I would wager that the problem is the RMI connections - you can't predict which ports it will use and so you can't get it to work with a firewall.
The workaround is to use an SSH proxy:
SSH to the box where your application is running but use the -D option like this:
ssh user#remoteHost -D 9999
As you are on Windows, you can use Cygwin to run the command above, or you can do the same thing with Putty through the GUI (guide here: http://blog.ashurex.com/2012/03/15/creating-ssh-proxy-tunnel-putty/)
This will start a socks proxy on your local machine on port 9999.
Open JVisualVM and in the preferences, under 'network' configure it to use a socks proxy at localhost, on port 9999.
If you do the above, you should then be able to connect to the remote machine as normal and since all the RMI traffic is now going over the SSH proxy, it is punched through the firewall and works nicely.
Good luck :-)