如何在没有密码的情况下使JSch API登录到Unix服务器?
[英]How can I make the JSch API log in to a Unix server without a password?
问题描述
I'm trying to make a Java application, that executes shell scripts on a remote Unix server, using the JSch API. 
我正在尝试使用JSch API创建一个Java应用程序,它在远程Unix服务器上执行shell脚本。
I was wondering if it's possible to login to the server without a password. 我想知道是否可以在没有密码的情况下登录服务器。 If so - how? 如果是这样 - 怎么样? Should I generate a pair of authentication keys on the servers, then make the application read information from the key file? 我应该在服务器上生成一对身份验证密钥,然后让应用程序从密钥文件中读取信息吗?
The Java application is on a Windows station. Java应用程序位于Windows工作站上。
4 个解决方案
解决方案1
4 2013-09-26 10:56:52
Since it took awhile before made it work, here is a whole modified example: 由于它花了一段时间才使它工作,这里有一个完整的修改示例:
JSch jsch=new JSch();
Session session=jsch.getSession("my_username", "my_host", my_port);
session.setConfig("PreferredAuthentications", "publickey");
jsch.setKnownHosts("~/.ssh/known_hosts");
jsch.addIdentity("~/.ssh/id_rsa");
session.setConfig("StrictHostKeyChecking", "no");
session.connect(30000);
Channel channel=session.openChannel("shell");
channel.setInputStream(System.in);
channel.setOutputStream(System.out);
channel.connect(3*1000);
Beware whether you have copied rsa or dsa key to the server and add a corresponding identity at line addIdentity - id_rsa or id_dsa. 请注意您是否已将rsa或dsa密钥复制到服务器并在addIdentity行添加相应的标识 - id_rsa或id_dsa。
(cat .ssh/id_rsa.pub | ssh me@servername 'cat >> .ssh/). (cat .ssh / id_rsa.pub | ssh me @ servername'cat >> .ssh /)。
解决方案2
3 2011-05-10 09:51:28
This is certainly doable. 这肯定是可行的。 Have a look at the examples directory provided with jsch. 看看jsch提供的examples目录。
UserAuthPubKey.java is showing how to authenticate with a public key and and KeyGen.java is chowing how to create the public and private keys. UserAuthPubKey.java展示了如何使用公钥进行身份验证,并且KeyGen.java正在如何创建公钥和私钥。
解决方案3
3 2012-02-22 11:35:08
Once you have sorted out your keys there is a single line to enable connecting with a key rather than a password: 一旦你整理了你的密钥,就可以通过一行来连接密钥而不是密码:
JSch jsch = new JSch();
jsch.addIdentity(".ssh/privateKey.pem");
The addIdentity method takes a single argument that points at the location of your private key file on your machine. addIdentity方法接受一个指向计算机上私钥文件位置的参数。
解决方案4
1 2011-05-10 23:40:48
As said by jlliagre, it is possible. 正如jlliagre所说,这是可能的。
Generate a key pair for your application, make the public key known to the server (often putting it in ~/.ssh/authorized_keys is a good way), and give both keys to the client JSch object, either as files or as byte[]. 为您的应用程序生成密钥对,使服务器知道公钥(通常将其放在~/.ssh/authorized_keys是一种好方法),并将两个密钥都提供给客户端JSch对象,可以是文件,也可以是byte [ ]。 You might also want to change the PreferredAuthentications option to allow only public-key auth, to avoid asking for a password or trying something else. 您可能还希望更改PreferredAuthentications选项以仅允许公钥验证,以避免要求输入密码或尝试其他操作。
Note: If you deliver your application to hosts not controlled by you, anyone which can access the application's files can use the private key to login to your server. 注意:如果您将应用程序交付给不受您控制的主机,则任何可以访问应用程序文件的人都可以使用私钥登录您的服务器。
Thus you should make sure the account can't do anything harmful, or that the client machine (your account and any privileged one) is under your (or only known friendlies ') total control. 因此,您应该确保帐户不能做任何有害的事情,或者客户端计算机(您的帐户和任何特权计算机)在您的(或仅知道的友情 )总控制之下。 (Encrypting the private key with a passphrase does not help if the passphrase is distributed with your program. Neither does putting it in the program's jar file.) (如果密码与程序一起分发,则使用密码加密私钥无效。也不会将其放入程序的jar文件中。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.