Ant scp和sshexec任务的已知主机 [英] knownhosts for Ant scp and sshexec tasks

问题描述

我的问题类似于在这里提出的问题: Ant scp任务失败

My question is similar to the one asked here: Ant scp task failure

构建失败com.jcraft.jsch.JSchException:拒绝HostKey:....

BUILD FAILED com.jcraft.jsch.JSchException: reject HostKey: ....

我的问题是为什么在我的已知主机文件中找不到密钥?

无论我使用哪种known_hosts文件，主机密钥都会被拒绝.通过ssh连接可以很好地工作，并添加相关条目，但是也许jsch无法读取OpenSSH生成的known_hosts文件?

No matter what kind of known_hosts file I have, the host key is rejected. Connecting via ssh works perfectly fine, and adds the relevant entries, but maybe jsch is unable to read known_hosts files generated by OpenSSH?

Ant文档提到，knownhosts文件需要采用SSH2格式，而不是SSH1.具有讽刺意味的是，来自OpenSSH的SSH2格式的known_hosts文件应该为 ~/.ssh/known_hosts2 ，但已知主机的默认值为~/.ssh/known_hosts.

The Ant docs mention that the knownhosts file needs to be in SSH2 format, not SSH1. Ironically, the SSH2 format known_hosts file from OpenSSH is supposed to be ~/.ssh/known_hosts2, but the default value for knownhosts is ~/.ssh/known_hosts.

由SSH2创建的已知主机文件位于~/.ssh2/knownhosts/中，因此可以安全地将其排除在期望的格式之外.到目前为止，我还无法获得OpenSSH来创建 known_hosts2 文件，并且手册页也没有太大帮助.那么，文档实际上意味着该文件必须采用SSH2格式是什么?

The known hosts files created by SSH2 are in ~/.ssh2/knownhosts/, so it's probably safe to count that out for the expected format. So far I've been unable to get OpenSSH to create a known_hosts2 file, and the man pages aren't much help there either. So what do the docs actually mean that the file needs to be in SSH2 format?

我已经尝试过dsa和rsa键，但都没有作用(都与OpenSSH一起使用).

I've tried dsa and rsa keys, and neither work (both work with OpenSSH).

我搜索了两天，发现的唯一答案是"set trust="true".是的，这可以使任务正常运行，但是对安全性视而不见.

I've searched for two days and the only answers I've found are 'set trust="true'. Yes, that gets the task working, but not without turning a blind eye to security.

推荐答案

这是我发现的适用于jch的最新版本的格式:

Here's a format I found that works with more recent versions of jch:

[xx.xx.xx.xx]:22 ssh-rsa .......

在旧版本中，它就像:

xx.xx.xx.xx ssh-rsa ......

即没有方括号，没有端口号. (不确定使用端口22时端口号是否必要，但我在为SSH分配了非默认端口的服务器上对其进行了测试.并且，如果不太明显，xx.xx.xx.xx应该是IP地址服务器名称，主机名或其他名称.

i.e. no square brackets and no port number. (Not sure if the port number is necessary if you're using port 22, but I tested it with a server with a non-default port assigned for SSH. And, in case it's not obvious, xx.xx.xx.xx should be the IP address of the server, or hostname or whatever.)

我通过获取JCraft/jsch库为我生成了known_hosts文件来找到了这种格式.如果您访问 www.jcraft.com ，则可以下载jsch源代码的zip和一些示例.要么建立源来制作一个罐子，要么下载现成的罐子.我解压缩了zip下载文件，然后将jar文件放入了相同的目录.

I found this format by getting the JCraft/jsch library to generate the known_hosts file for me. If you visit www.jcraft.com you can download a zip of the jsch source code, and some examples. Either build the source to make a jar, or download the ready-made jar as well. I unzipped the zip download and then plopped the jar file in that same directory.

有一个包含KnownHosts.java的examples文件夹.您需要编译该文件，然后运行它-它会询问您您的known_hosts文件(只需先在默认位置(~/.ssh/known_hosts)中创建一个空文件，然后选择该文件.然后它将询问您有关连接到服务器...输入这些内容，例如sshusername@xx.xx.xx.xx，程序将尝试连接，然后为您填充known_hosts文件.

There's an examples folder containing KnownHosts.java. You need to compile that file and then run it - it will ask you for your known_hosts file (just create an empty file in the default location first (~/.ssh/known_hosts) and select that. It will then ask you for details to connect to a server... Enter those, for example sshusername@xx.xx.xx.xx, and the program will try to connect and then fill the known_hosts file for you.

为方便像我这样的Windows用户，这些用户永远不记得如何从命令行执行操作，这是您编译并运行该KnownHosts.java文件所需要的:

For convenience for blundering Windows users like me who can never remember how to do stuff from the command line, here's what you need to compile and run that KnownHosts.java file:

首先，导航至目录(已将其解压缩并将jar文件放入其中，如上所述).

First, navigate to the directory (having unzipped it and put the jar file inside, as I described above).

然后运行:

javac -cp jsch-0.1.49.jar examples/KnownHosts.java

编译KnownHosts.java.然后:

to compile KnownHosts.java. And then:

java -cp "examples;jsch-0.1.49.jar" KnownHosts

运行它.按照上面的说明进行操作，您应该拥有一个有效的known_hosts文件.

to run it. Follow through the instructions above and you should have a working known_hosts file.

最后一点要注意:KnownHosts程序假定端口为22.我对其进行了编辑，以允许输入类似sshusername@xx.xx.xx.xx:8888的内容，因此我可以指定具有自定义端口的服务器并使其按上述方式工作.在KnownHosts.java的源代码中，我查找了这样的行:

One final note: the KnownHosts program assumes a port of 22. I edited it to allow me to enter something like sshusername@xx.xx.xx.xx:8888 so I could specify a server with a custom port and have it work as described above. In the source of KnownHosts.java I looked for a line like:

Session session=jsch.getSession(user, host, 22);

并替换为:

int port = 22;
final int colonIndex = host.indexOf(':');
if (colonIndex > -1) {
    final String[] split = host.split(":");
    host = split[0];
    port = Integer.parseInt(split[1]);
}
Session session=jsch.getSession(user, host, port);

，然后按上面的命令进行编译和运行.

and then compiled and ran as above.

这篇关于Ant scp和sshexec任务的已知主机的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！