Scenerio: I'd like to run commands on remote machines from a Java program over ssh (I am using OpenSSH on my development machine). I'd also like to make the ssh connection by passing the password rather than setting up keys as I would with 'expect'.
Problem: When trying to do the 'expect' like password login the Process that is created with ProcessBuilder cannot seem to see the password prompt. When running regular non-ssh commands (e.g 'ls') I can get the streams and interact with them just fine. I am combining standard error and standard out into one stream with redirectErrorStream(true); so I am not missing it in standard error...When I run ssh with the '-v' option, I see all of the logging in the stream but I do not see the prompt. This is my first time trying to use ProcessBuilder for something like this. I know it would be easier to use Python, Perl or good ol' expect but my boss wants to utilize what we are trying to get back (remote log files and running scripts) within an existing Java program so I am kind of stuck.
Thanks in advance for the help!
The prompt might only be shown when ssh is connected to a TTY, which it isn't in the case of Java.
There's probably a way to supply the password on the command-line in your ssh application. That will be the way to get past the prompt.
Alternately, consider connecting directly to the host server from native Java code rather than running an external application. There's a million libraries that will do this.
Rather than using an external ssh program, why not use a Java ssh library:
Trilead
JTA
Are two I found with google - that'll avoid the problem that openssh will be working very hard to prevent entering the password on stdin - it'll be opening the terminal directly. expect has to work very hard to simulate a tty in order to work.
Why not use a Java ssh client? This one is BSD-licensed, and there are more clients listed here.
Most security minded programs don't use stdin/stdout for capturing passwords, they capture the TTY or some equivalent method.
Echoing others' suggestion to use a Java SSH library. But wanted to comment on Cohen's response. Sending your password over the command line when establishing the connection is insecure and also not permitted by many sshd servers (based on configuration).
You might want to look into setting up keys for this, so you can perform ssh commands between the machines without a password.
Basic steps
- use openssh to create a keypair (I've done RSA but I know there's a better method now)
- create a .ssh directory in your home folder on the SOURCE machine
- create a .ssh directory in your home folder on the TARGET machine
- keep your private key in your source machine's .ssh folder
- copy your public key into a file called authorized_keys in the target's .ssh folder
Some instructions can be found here
You can run commands using edtFTPj/PRO, as well as performing file transfers via SFTP. It's Java.
Related
Working with Unix server... My requirement is to read the name of the file that is there at /a/b/c/node01/d.ear location on a Unix server and I have do the same through a java program. The problem is that the directory a is a restricted directory and is accessible only to certain users. On the Unix side, I first issue a become command like become a, then supply the password and then using cd command, I reach the d.ear directory and then get to see the name of the file.
How do I do all of this via a Java program?
I don't mind if my Java program calls a shell script that accesses the restricted directory and then reach d.ear and fetch the name of the file and returns the same to the java program. Do we have a way of doing this? Maybe issuing the become command inside the script which is called from the Java program and the password which is asked after become command is supplied as a parameter while calling the script???
Is this approach doable? I am very new to Unix commands and JSch library. Kindly provide the code or any other alternate solutions...
Thanks!!!
As I have suggested you already, your become command seems to behave the same way (from an interface/API point of view) as common *nix su or sudo.
So, use the same solution as for those. There are many questions on Stack Overflow covering use of su/sudo with JSch.
There's even an official JSch example Sudo.java:
http://www.jcraft.com/jsch/examples/Sudo.java.html
In short:
Execute become command
Feed a password to its input
Assuming the become starts a new shell (as su or sudo do), you feed the commands to be executed in the elevated environment to become input (the same was as the password).
I am able to run commands on remote machine using java jsch library.
Scenario is when I am executing a particular command from putty it is prompting for password and a reason to execute this command(for some security purpose).
Now I want to do the same executing that command and passing password and reason on propmt using java program only.
How can I achieve this?
"There is nothing code specific actually. I am executing a pbrun command in unix using putty with command "/opt/bin/pbrun username". which on entering prompt me for password and reason to login. As I am accessing it thorough putty I am able to pass values. I want to pass those value using java program."
Basically you cannot do that this way, SSH does not permit to pipe the password because of security reasons.
However, what you can do is (roughly) to generate a public/private keypair with ssh-keygen and place it to the host's .ssh/authorized_keys. Then you can SSH without a password, that is my usual solution for the problem (however, I'd love to hear any alternatives). There are plenty of tutorials on the topic, simply search for the "passwordless ssh" expressions.
It may sound trivial, but believe me, you will spend hours on configuring it :-). The ssh -x will be your friend (for one you'll need exact privileges on the key files and stuff like that).
I was looking for a solution where(using a java GUI) I can log in to a remote unix server, "sudo su" in, and run other commands based on a user's input on the java GUI. Is there an easy way to do it with only the SDK(no external libraries) or are there external libraries that allow for sending single commands(as though you were in a shell) without the need to build a shell script?(I am trying to create a command-line GUI in java, and am wondering what approach I should take for the backend of this tool . . .)
JSCH http://www.jcraft.com/jsch/ is used by Maven and is quite good
I don't know how to connect to RMAN in Java. Simple request don't work when I use command non-SQL, like RMAN etc... I'm gonna to make program like "ORACLE Secure BackUP", but how they connected to RMAN??
I don't believe that there is a published API for interacting with RMAN other than the command line. So if you wanted to create a program like Oracle Secure Backup that used RMAN, you'd probably have to invoke the RMAN executable from Java. Which means that you'd probably also have to parse the output of the various RMAN commands in order to provide feedback to the user.
If you want to go down this path, you'd want to use the Runtime class in Java. Here is an example of calling an external program from Java.
I need help regarding how to Automate download logs from server via ssh file transfer to local machine.Currently I am downloading logs via login to ssh tool and select the path of the logs and select all the logs and then drag and drop them to local drive but this takes time on VPN.
Is there any way to create batch file or run any Java program to downloads all logs just in one line command or single execution automatically.I have tried to check this google but with scp and ftp command I am not able to proceed further.Please suggest.
If you're on Windows, I'd recommend WinSCP's easy scripting.
Just write your script of where to connect, where to navigate to, what to collect and where to copy your file in your machine. You can even copy to another server. All in one script. Examples are easy to follow in the link.
You can also run a simple script that does the work in one line:
winscp.exe /console /command "option batch on" "open rahul#logsserver.com" "get 02012011logs.txt d:\" "exit"
What is the OS you are using for your client? If your client machine is *nix variant, you could write a simple bash script, which when paired with SSH Keys, will allow you your one command downloader.
For a windows variant, you could do similar with a batch script, schedule tasks and pscp w/ pagent saving a private key in memory.
Of course none of this deals with starting up or tearing down the vpn.
Write a batch file that uses pscp to download the files you need. Set up public-key authentication to skip password entry. Enable ssh compression for faster download. Automate it via cron. Theoretically one should be able to use the vpn only for the batch file, practically very difficult to set up that way.
The best option for you would be to write a cron job that copies the log using scp on the regular intervals you want.
However, if you do want to do it in Java. Go for JSch.
Side-note: none of the options above gets you rid of the VPN. You will have to be on VPN to get file transferred, if it's required. So, stay connected to VPN while you are transferring your files in whatever way you like.
Edit
You should update your question with the platform that you're using. My previous answer was assuming that you're on Unix based.
If you are using Windows, you can write a batch script that uses PSCP to transfer the files to your local machine. You can set it as Scheduled Task in Windows to run periodically.