SFTP到没有密码/密钥对的远程位置 [英] SFTP to a remote location without a password/key pair

问题描述

我们正在尝试在基于Spring的环境中提供SFTP适配器，以将文件从本地服务器传输到本地或远程服务器.但是，我们没有为远程位置的用户配置任何密码. apache-commons VFS或Jsch之类的所有实现都需要密码或私钥对来进行文件传输.我们现在无法为用户配置密码，因为这将需要对其他API进行多次更改才能从中获取用户信息.

We are trying to provide an SFTP adapter in a Spring based environment to transfer files from local to either local or remote server.But, we dont have any password configured for the users in the remote location. All implementations like apache-commons VFS or Jsch require password or private key pairs to do file transfer. We cannot configure a password to the users now as that would need multiple changes in other APIs from which we get the user infromation.

您如何建议我们解决这个问题?

How do you suggest we tackle it?

推荐答案

出于自动化目的，您可以使用SFTP/SSH，而无需任何密码.您可以选择2种方式.

You can use SFTP/SSH without any password needed, for automated purposes. 2 ways, your choice.

1-制作一个密钥对，其中秘密密钥具有空白密码.使用ssh-keygen:

1 - Make a key pair, where the secret key has a blank password. Use ssh-keygen:

$ ssh-keygen -f myInsecureKey

$ ssh-keygen -f myInsecureKey

当提示您输入秘密(私有)密钥密码(密码)时，只需按回车即可.然后，使用公钥(myInsecureKey.pub)并将其传输到服务器，进入远程帐户主目录中的.ssh目录.必须将其命名为"authorized_keys"(如果已经存在)，追加新密钥(使用编辑器查看您的操作).不过请注意，您的秘密密钥现在已经完全裸了，所以您应该调整权限或保护它.

when it prompts for the secret (private) key passphrase (password), just hit return. Then take the public key (myInsecureKey.pub) and txfer it to the server, into the .ssh dir in the remote account's home directory. Must name it 'authorized_keys', if it already exists, append your new key (use an editor to see what you're doing). Beware, though, that your secret key is now totally naked so you should adjust permissions or something to guard it.

2-使用带有常规SSH密钥对的代理".它涉及到一点，但是一旦开始，它就很酷，并且非常适合交互使用.在unix/mac上，命令ssh-agent将在客户端计算机上运行个人密钥服务器.它列出了一些您需要提供的shell命令.像这样:

2 - Use an 'agent' with a regular SSH keypair. It's a bit involved, but once you get it going, it's cool, and great for interactive use. On unix/mac, the command ssh-agent will run a personal secret-key-server on your client machine. It cranks out some shell commands that you need to source. Like this:

$ ssh-agent>〜/.ssh/.myAgentContactInfo

$ ssh-agent > ~/.ssh/.myAgentContactInfo

$ source〜/.ssh/.myAgentContactInfo

$ source ~/.ssh/.myAgentContactInfo

每个外壳程序都必须执行最后一步才能使用代理；将其放在您的.profile中，这样您打开的新外壳窗口就可以了.我认为每个用户都需要他们自己的代理.

Every shell must do the last step to use the agent; put it in your .profile so new shell windows you open up will be good to go. I think each user needs their own agent.

然后使用任何秘密密钥加载它: $ ssh-add mySecretKey 该步骤将需要您的sec密钥密码，但是之后，您就不需要密码了.

Then you load it up with whatever secret keys: $ ssh-add mySecretKey That step will demand your sec key password, but after that, you're password-free.

这两种方法都适用于ssh和sftp，也许适用于ssh库(我从未尝试过).

Both these methods work with ssh and sftp, and maybe work with the ssh libraries (i never tried them).

这篇关于SFTP到没有密码/密钥对的远程位置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！