SSHJ - 密钥对登录到EC2实例 [英] SSHJ - Keypair login to EC2 instance
问题描述
我有一个看起来像在SSHJ测试(虽然我没有看到它被引用)一个PEM文件:<一href="https://github.com/shikhar/sshj/blob/master/src/test/resources/hostkey.pem">https://github.com/shikhar/sshj/blob/master/src/test/resources/hostkey.pem 。只是想通过PEM文件到一个EC2实例(读作字符串),以权威性,但是遇到了麻烦。没有人这样做?
SSHClient SSH =新SSHClient();
ssh.connect(ec2-XXXXXXX.compute-1.amazonaws.com);
ssh.authPublickey(Ubuntu的,getPemAsString(/用户/我/ ec2.pem));
最后一次会议会话= ssh.startSession();
session.exec(回声-e \测试\&GT;&GT;的/ home / Ubuntu的/ testfile的);
错误是如下:
信息[主](TransportImpl.java:152) - 客户端的标识字符串:SSH-2.0-SSHJ_0_8
INFO [主](TransportImpl.java:161) - 服务器标识字符串:SSH-2.0-OpenSSH_5.8p1 Debian的7ubuntu1
INFO [主](KeyExchanger.java:195) - 发送SSH_MSG_KEXINIT
INFO [阅读器](KeyExchanger.java:357) - 接收SSH_MSG_KEXINIT
INFO [阅读器](AbstractDHG.java:110) - 发送SSH_MSG_KEXDH_INIT
INFO [阅读器](KeyExchanger.java:370) - KEX收到的随访数据
INFO [阅读器](AbstractDHG.java:120) - 接收SSH_MSG_KEXDH_REPLY
错误[阅读器](TransportImpl.java:570) - 死亡的原因 - net.schmizz.sshj.transport.TransportException:[HOST_KEY_NOT_VERIFIABLE]无法验证的ssh-rsa`主机密钥指纹'XX:0A:XX:B5:C2 :FD:44:1D:E0:E4:FC:D8:5F:F8:DD:f6`为`EC2-XXXX.compute-1.amazonaws.com`端口22
INFO [阅读器](TransportImpl.java:302) - 设置现役空服务
错误[主](Promise.java:171) - &LT;&LT; KEX完成&gt;&GT;醒来:net.schmizz.sshj.transport.TransportException:[HOST_KEY_NOT_VERIFIABLE]无法验证的ssh-rsa`指纹主机密钥`XX:0A:XX:B5:C2:FD:44:1D:E0:E4:FC :XX:5F:F8:DD:f6`为`EC2-XXXX.compute-1.amazonaws.com`端口22
编辑:仍然没有运气。必须做一些错误的私钥AWS生成登录?
SSHClient SSH =新SSHClient();
ssh.connect(ec2-XXX.compute-1.amazonaws.com);
ssh.addHostKeyVerifier(DD:9C:XX:FA:6A:XX:32:6A:2B:C3:E7:BD:2B:15:26:5F:76:B6:C4:FE);
ssh.authPublickey(Ubuntu的,getRSAPrivateKeyAsString(mypem)); //一定是错误的?
最后一次会议会话= ssh.startSession();
session.exec(回声-e \测试\&GT;&GT;的/ home / Ubuntu的/ testfile的);
给连接到EC2开始并没有为我工作,直到我说的BouncyCastleProvider到java.security.Security中的类的实例。这为我工作(Groovy编写的简单)简单的例子是:
@Grab(组='net.schmizz',模块='sshj',版本=0.8.1)
@Grab(组='org.bouncycastle',模块='bcprov-jdk16',版本='1.46')
进口net.schmizz.sshj。*
进口net.schmizz.sshj.userauth.keyprovider。*
进口net.schmizz.sshj.common。*
进口net.schmizz.sshj.transport.verification.PromiscuousVerifier
进口net.schmizz.sshj.connection.channel.direct.Session
进口net.schmizz.sshj.connection.channel.direct.Session.Command
进口java.security中。*
进口java.util.concurrent.TimeUnit中
Security.addProvider(新org.bouncycastle.jce.provider.BouncyCastleProvider());
客户端=新SSHClient()
client.addHostKeyVerifier(新PromiscuousVerifier())
client.connect(ec2-XXX-XXX-XXX-XXX.compute-1.amazonaws.com)
PKCS8KeyFile密钥文件=新PKCS8KeyFile()
keyFile.init(新文件(的/ dev / EC2 /按键/ mykey.pem))
client.authPublickey(Ubuntu的,密钥文件)
最后一次会议会话= client.startSession()
最后的命令CMD = session.exec(WHOAMI)
串响应= IOUtils.readFully(cmd.getInputStream())。的toString()
cmd.join(10,TimeUnit.SECONDS)
的println响应// Ubuntu的
session.close()
client.disconnect()
I have a pem file that looks like the one in SSHJ tests (though I don't see it being referenced): https://github.com/shikhar/sshj/blob/master/src/test/resources/hostkey.pem . Simply trying to auth in via the pem file to an EC2 instance (read as string), but having trouble. Anyone done this?
SSHClient ssh = new SSHClient();
ssh.connect("ec2-XXXXXXX.compute-1.amazonaws.com");
ssh.authPublickey("ubuntu", getPemAsString("/Users/me/ec2.pem"));
final Session session = ssh.startSession();
session.exec("echo -e \"test\" >> /home/ubuntu/testfile");
Error is below:
INFO [main] (TransportImpl.java:152) - Client identity string: SSH-2.0-SSHJ_0_8
INFO [main] (TransportImpl.java:161) - Server identity string: SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
INFO [main] (KeyExchanger.java:195) - Sending SSH_MSG_KEXINIT
INFO [reader] (KeyExchanger.java:357) - Received SSH_MSG_KEXINIT
INFO [reader] (AbstractDHG.java:110) - Sending SSH_MSG_KEXDH_INIT
INFO [reader] (KeyExchanger.java:370) - Received kex followup data
INFO [reader] (AbstractDHG.java:120) - Received SSH_MSG_KEXDH_REPLY
ERROR [reader] (TransportImpl.java:570) - Dying because - net.schmizz.sshj.transport.TransportException: [HOST_KEY_NOT_VERIFIABLE] Could not verify `ssh-rsa` host key with fingerprint `xx:0a:xx:b5:c2:fd:44:1d:e0:e4:fc:d8:5f:f8:dd:f6` for `ec2-XXXX.compute-1.amazonaws.com` on port 22
INFO [reader] (TransportImpl.java:302) - Setting active service to null-service
ERROR [main] (Promise.java:171) - <<kex done>> woke to: net.schmizz.sshj.transport.TransportException: [HOST_KEY_NOT_VERIFIABLE] Could not verify `ssh-rsa` host key with fingerprint `xx:0a:xx:b5:c2:fd:44:1d:e0:e4:fc:xx:5f:f8:dd:f6` for `ec2-XXXX.compute-1.amazonaws.com` on port 22
EDIT: Still no luck. Must be doing something wrong with the private key AWS generates for login?
SSHClient ssh = new SSHClient();
ssh.connect("ec2-XXX.compute-1.amazonaws.com");
ssh.addHostKeyVerifier("dd:9c:XX:fa:6a:XX:32:6a:2b:c3:e7:bd:2b:15:26:5f:76:b6:c4:fe");
ssh.authPublickey("ubuntu", getRSAPrivateKeyAsString("mypem")); // Must be wrong?
final Session session = ssh.startSession();
session.exec("echo -e \"test\" >> /home/ubuntu/testfile");
The example given for connecting to EC2 did not initially work for me until I added the BouncyCastleProvider to the java.security.Security class. The simple example that worked for me (written in Groovy for simplicity) is:
@Grab(group='net.schmizz', module='sshj', version='0.8.1')
@Grab(group='org.bouncycastle', module='bcprov-jdk16', version='1.46')
import net.schmizz.sshj.*
import net.schmizz.sshj.userauth.keyprovider.*
import net.schmizz.sshj.common.*
import net.schmizz.sshj.transport.verification.PromiscuousVerifier
import net.schmizz.sshj.connection.channel.direct.Session
import net.schmizz.sshj.connection.channel.direct.Session.Command
import java.security.*
import java.util.concurrent.TimeUnit
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
client = new SSHClient()
client.addHostKeyVerifier(new PromiscuousVerifier())
client.connect("ec2-XXX-XXX-XXX-XXX.compute-1.amazonaws.com")
PKCS8KeyFile keyFile = new PKCS8KeyFile()
keyFile.init(new File("/dev/ec2/key/mykey.pem"))
client.authPublickey("ubuntu",keyFile)
final Session session = client.startSession()
final Command cmd = session.exec("whoami")
String response = IOUtils.readFully(cmd.getInputStream()).toString()
cmd.join(10, TimeUnit.SECONDS)
println response //ubuntu
session.close()
client.disconnect()
这篇关于SSHJ - 密钥对登录到EC2实例的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!