如何使用JSch库在ec2连接中将.pem文件内容用作字符串

Question

Here is the code to get the connection to amazon instance using .pem file.

import com.jcraft.jsch.*;

public class JConnectEC2shell{
  public static void main(String[] arg){

    try{
      JSch jsch=new JSch();

      String user = "ec2-user";
      String host = "Enter Ip address of your instance";
      int port = 22;
      String privateKey = "D:\\privateKeyFile.pem";

      jsch.addIdentity(privateKey);
      System.out.println("identity added ");

      Session session = jsch.getSession(user, host, port);
      System.out.println("session created.");

      // disabling StrictHostKeyChecking may help to make connection but makes it insecure
      // see http://stackoverflow.com/questions/30178936/jsch-sftp-security-with-session-setconfigstricthostkeychecking-no
      // 
         java.util.Properties config = new java.util.Properties();
         config.put("StrictHostKeyChecking", "no");
         session.setConfig(config);

      session.connect();

      Channel channel=session.openChannel("shell");

      // Enable agent-forwarding.
      //((ChannelShell)channel).setAgentForwarding(true);

      channel.setInputStream(System.in);
      /*
      // a hack for MS-DOS prompt on Windows.
      channel.setInputStream(new FilterInputStream(System.in){
          public int read(byte[] b, int off, int len)throws IOException{
            return in.read(b, off, (len>1024?1024:len));
          }
        });
       */

      channel.setOutputStream(System.out);

      /*
      // Choose the pty-type "vt102".
      ((ChannelShell)channel).setPtyType("vt102");
      */

      /*
      // Set environment variable "LANG" as "ja_JP.eucJP".
      ((ChannelShell)channel).setEnv("LANG", "ja_JP.eucJP");
      */

      //channel.connect();
      channel.connect(3*1000);
    }
    catch(Exception e){
      System.out.println(e);
    }
  }
}

I want to set the private key in .pem file ( jsch.addIdentity(privateKey); ) as a string coming from the data base. Now it is a file name. Is this possible, any help would be appreciable. I have got this code from the link click here

Answer 1

The Jsch class provides this method which takes both the private and the public key as byte array:

addIdentity(String name, byte[]prvkey, byte[]pubkey, byte[] passphrase)

So you can read your database fields into a String and then pass it, eg

// read db columns
String privateKey = ... 
String publicKey = ...
String passphrase = ...

final JSch jsch = new JSch();
jsch.addIdentity("my key", privateKey.getBytes(), publicKey.getBytes(), passphrase.getBytes());

Answer 2

I just put pem file name as the "my key" and pass the content of the pem file as a byte[] as follows. jsch.addIdentity("privateKeyFile.pem", pemString.getBytes(), null, null);

Note, I had to append " + System.getProperty("line.separator")" on the first line of the pem content. The other lines do not need the line separator but unless the first line ends in a separator, it errors out. eg "-----BEGIN RSA PRIVATE KEY-----" + System.getProperty("line.separator")

Answer 3

Calling JSCH

String pemFormat = addMarkers(connectionParams.getIdentity());
jsch.addIdentity("TunnelPrivateKey.pem", pemFormat.getBytes(), null, null);

Remove space and add Markers

private static String addMarkers(String identity) {
        identity = identity.replaceAll("\\s+", "");
        String lineBreak = "\r\n";
        StringBuilder key = new StringBuilder();
        key.append("-----BEGIN RSA PRIVATE KEY-----");
        key.append(lineBreak);
        for (int i = 0; i< identity.length(); i+=76) {
            int len = Math.min(i+76 , identity.length());
            key.append(identity.substring(i, len));
            key.append(lineBreak);
        }
        key.append("-----END RSA PRIVATE KEY-----");
        return key.toString();
}