用于 Ant scp 和 sshexec 任务的 knownhosts [英] knownhosts for Ant scp and sshexec tasks

问题描述

我的问题类似于这里提出的问题:Ant scp 任务失败

My question is similar to the one asked here: Ant scp task failure

构建失败 com.jcraft.jsch.JSchException: 拒绝 HostKey: ....

BUILD FAILED com.jcraft.jsch.JSchException: reject HostKey: ....

我的问题是为什么在我的 knownhosts 文件中找不到密钥?

无论我拥有什么样的 known_hosts 文件，主机密钥都会被拒绝.通过 ssh 连接工作正常，并添加相关条目，但也许 jsch 无法读取 OpenSSH 生成的 known_hosts 文件?

No matter what kind of known_hosts file I have, the host key is rejected. Connecting via ssh works perfectly fine, and adds the relevant entries, but maybe jsch is unable to read known_hosts files generated by OpenSSH?

Ant 文档提到 knownhosts 文件需要采用 SSH2 格式，而不是 SSH1.具有讽刺意味的是，来自 OpenSSH 的 SSH2 格式 known_hosts 文件应该是 ~/.ssh/known_hosts2，但 knownhosts 的默认值是 ~/.ssh/known_hosts.

The Ant docs mention that the knownhosts file needs to be in SSH2 format, not SSH1. Ironically, the SSH2 format known_hosts file from OpenSSH is supposed to be ~/.ssh/known_hosts2, but the default value for knownhosts is ~/.ssh/known_hosts.

SSH2 创建的已知主机文件位于 ~/.ssh2/knownhosts/ 中，因此将其计算为预期格式可能是安全的.到目前为止，我一直无法让 OpenSSH 创建一个 known_hosts2 文件，而且手册页也没有太大帮助.那么这些文档实际上意味着该文件需要采用 SSH2 格式吗?

The known hosts files created by SSH2 are in ~/.ssh2/knownhosts/, so it's probably safe to count that out for the expected format. So far I've been unable to get OpenSSH to create a known_hosts2 file, and the man pages aren't much help there either. So what do the docs actually mean that the file needs to be in SSH2 format?

我已经尝试过 dsa 和 rsa 密钥，但都不起作用(都适用于 OpenSSH).

I've tried dsa and rsa keys, and neither work (both work with OpenSSH).

我已经搜索了两天，我找到的唯一答案是set trust="true".是的，这可以使任务正常工作，但并非没有视而不见安全.

I've searched for two days and the only answers I've found are 'set trust="true'. Yes, that gets the task working, but not without turning a blind eye to security.

推荐答案

这是我发现的一种格式，适用于较新版本的 jch:

Here's a format I found that works with more recent versions of jch:

[xx.xx.xx.xx]:22 ssh-rsa .......

在旧版本中是这样的:

xx.xx.xx.xx ssh-rsa ......

即没有方括号，也没有端口号.(如果您使用的是端口 22，则不确定端口号是否是必需的，但我使用为 SSH 分配了非默认端口的服务器对其进行了测试.而且，如果不明显，xx.xx.xx.xx 应该是服务器的 IP 地址，或主机名或其他.)

i.e. no square brackets and no port number. (Not sure if the port number is necessary if you're using port 22, but I tested it with a server with a non-default port assigned for SSH. And, in case it's not obvious, xx.xx.xx.xx should be the IP address of the server, or hostname or whatever.)

我通过获取 JCraft/jsch 库为我生成 known_hosts 文件找到了这种格式.如果您访问 www.jcraft.com，您可以下载 jsch 源代码的 zip 文件和一些示例.要么构建源以制作 jar，要么也下载现成的 jar.我解压了 zip 下载，然后将 jar 文件放入同一目录中.

I found this format by getting the JCraft/jsch library to generate the known_hosts file for me. If you visit www.jcraft.com you can download a zip of the jsch source code, and some examples. Either build the source to make a jar, or download the ready-made jar as well. I unzipped the zip download and then plopped the jar file in that same directory.

有一个 examples 文件夹，其中包含 KnownHosts.java.您需要编译该文件然后运行它 - 它会询问您的 known_hosts 文件(只需先在默认位置创建一个空文件 (~/.ssh/known_hosts) 并选择它.它然后将询问您连接到服务器的详细信息...输入这些，例如 sshusername@xx.xx.xx.xx，程序将尝试连接，然后填写 known_hosts 文件你.

There's an examples folder containing KnownHosts.java. You need to compile that file and then run it - it will ask you for your known_hosts file (just create an empty file in the default location first (~/.ssh/known_hosts) and select that. It will then ask you for details to connect to a server... Enter those, for example sshusername@xx.xx.xx.xx, and the program will try to connect and then fill the known_hosts file for you.

为了方便像我这样笨拙的 Windows 用户，他们永远不记得如何从命令行执行操作，以下是编译和运行 KnownHosts.java 文件所需的内容:

For convenience for blundering Windows users like me who can never remember how to do stuff from the command line, here's what you need to compile and run that KnownHosts.java file:

首先，导航到目录(解压后将 jar 文件放入其中，如上所述).

First, navigate to the directory (having unzipped it and put the jar file inside, as I described above).

然后运行:

javac -cp jsch-0.1.49.jar 示例/KnownHosts.java

编译KnownHosts.java.然后:

to compile KnownHosts.java. And then:

java -cp "examples;jsch-0.1.49.jar" 已知主机

运行它.按照上面的说明进行操作，您应该有一个可以工作的 known_hosts 文件.

to run it. Follow through the instructions above and you should have a working known_hosts file.

最后一点:KnownHosts 程序假定端口为 22.我编辑它以允许我输入类似 sshusername@xx.xx.xx.xx:8888 的内容，以便我可以指定服务器使用自定义端口并使其按上述方式工作.在KnownHosts.java 的源代码中，我查找了如下一行:

One final note: the KnownHosts program assumes a port of 22. I edited it to allow me to enter something like sshusername@xx.xx.xx.xx:8888 so I could specify a server with a custom port and have it work as described above. In the source of KnownHosts.java I looked for a line like:

Session session=jsch.getSession(user, host, 22);

并将其替换为:

int port = 22;
final int colonIndex = host.indexOf(':');
if (colonIndex > -1) {
    final String[] split = host.split(":");
    host = split[0];
    port = Integer.parseInt(split[1]);
}
Session session=jsch.getSession(user, host, port);

然后编译并运行如上.

这篇关于用于 Ant scp 和 sshexec 任务的 knownhosts的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！