stackoom
  简体   繁体   中英

SSHJ - Keypair login to EC2 instance

 原文  2012-02-14 20:15:06       java/ ssh/ amazon-ec2/ sshj

Question

I have a pem file that looks like the one in SSHJ tests (though I don't see it being referenced): https://github.com/shikhar/sshj/blob/master/src/test/resources/hostkey.pem . Simply trying to auth in via the pem file to an EC2 instance (read as string), but having trouble. Anyone done this? 

    SSHClient ssh = new SSHClient();
    ssh.connect("ec2-XXXXXXX.compute-1.amazonaws.com");
    ssh.authPublickey("ubuntu", getPemAsString("/Users/me/ec2.pem"));
    final Session session = ssh.startSession();
    session.exec("echo -e \"test\" >> /home/ubuntu/testfile");

Error is below: 

INFO [main] (TransportImpl.java:152) - Client identity string: SSH-2.0-SSHJ_0_8
INFO [main] (TransportImpl.java:161) - Server identity string: SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
INFO [main] (KeyExchanger.java:195) - Sending SSH_MSG_KEXINIT
INFO [reader] (KeyExchanger.java:357) - Received SSH_MSG_KEXINIT
INFO [reader] (AbstractDHG.java:110) - Sending SSH_MSG_KEXDH_INIT
INFO [reader] (KeyExchanger.java:370) - Received kex followup data
INFO [reader] (AbstractDHG.java:120) - Received SSH_MSG_KEXDH_REPLY
ERROR [reader] (TransportImpl.java:570) - Dying because - net.schmizz.sshj.transport.TransportException: [HOST_KEY_NOT_VERIFIABLE] Could not verify `ssh-rsa` host key with fingerprint `xx:0a:xx:b5:c2:fd:44:1d:e0:e4:fc:d8:5f:f8:dd:f6` for `ec2-XXXX.compute-1.amazonaws.com` on port 22
INFO [reader] (TransportImpl.java:302) - Setting active service to null-service
ERROR [main] (Promise.java:171) - <<kex done>> woke to: net.schmizz.sshj.transport.TransportException: [HOST_KEY_NOT_VERIFIABLE] Could not verify `ssh-rsa` host key with fingerprint `xx:0a:xx:b5:c2:fd:44:1d:e0:e4:fc:xx:5f:f8:dd:f6` for `ec2-XXXX.compute-1.amazonaws.com` on port 22

EDIT: Still no luck. Must be doing something wrong with the private key AWS generates for login? 

 SSHClient ssh = new SSHClient(); 
 ssh.connect("ec2-XXX.compute-1.amazonaws.com"); 
 ssh.addHostKeyVerifier("dd:9c:XX:fa:6a:XX:32:6a:2b:c3:e7:bd:2b:15:26:5f:76:b6:‌​c4:fe"); 
 ssh.authPublickey("ubuntu", getRSAPrivateKeyAsString("mypem")); // Must be wrong?

 final Session session = ssh.startSession(); 
 session.exec("echo -e \"test\" >> /home/ubuntu/testfile");

3 answers

solution1
 3  2013-04-04 00:07:47

The example given for connecting to EC2 did not initially work for me until I added the BouncyCastleProvider to the java.security.Security class. The simple example that worked for me (written in Groovy for simplicity) is: 

@Grab(group='net.schmizz', module='sshj', version='0.8.1')
@Grab(group='org.bouncycastle', module='bcprov-jdk16', version='1.46')

import net.schmizz.sshj.*
import net.schmizz.sshj.userauth.keyprovider.*
import net.schmizz.sshj.common.*
import net.schmizz.sshj.transport.verification.PromiscuousVerifier
import net.schmizz.sshj.connection.channel.direct.Session
import net.schmizz.sshj.connection.channel.direct.Session.Command

import java.security.*
import java.util.concurrent.TimeUnit

Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

client = new SSHClient()
client.addHostKeyVerifier(new PromiscuousVerifier())
client.connect("ec2-XXX-XXX-XXX-XXX.compute-1.amazonaws.com")

PKCS8KeyFile keyFile = new PKCS8KeyFile()
keyFile.init(new File("/dev/ec2/key/mykey.pem"))
client.authPublickey("ubuntu",keyFile) 

final Session session = client.startSession()
final Command cmd = session.exec("whoami")
String response = IOUtils.readFully(cmd.getInputStream()).toString()
cmd.join(10, TimeUnit.SECONDS)

println response   //ubuntu

session.close()
client.disconnect()

solution2
 3  2012-02-20 09:55:28

I have successfully connected to an Amazon EC2 instance using the following: 

final SSHClient ssh = new SSHClient();
ssh.addHostKeyVerifier("XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX");

ssh.connect("host");

PKCS8KeyFile keyFile = new PKCS8KeyFile();
keyFile.init(new File("server_pem.pem"));
ssh.auth("ec2-user", new AuthPublickey(keyFile));

try {
    final Session session = ssh.startSession();
    try {
        final Command command = session.exec("whoami");
        String response = IOUtils.readFully(command.getInputStream()).toString();
        command.join(10, TimeUnit.SECONDS);
        return response;
    } finally {
        session.close();
    }
} finally {
    ssh.disconnect();
}

solution3
 2  2012-02-14 21:52:49

It's not the user authentication that's tripping you, it's the host key verification :)

Something like client.addHostKeyVerifier("xx:0a:xx:b5:c2:fd:44:1d:e0:e4:fc:xx:5f:f8:dd:f6") before connecting.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Connecting to and AWS EC2 instance using SSHJ Create/associate ssh keypair to an ec2 instance with the CDK Create and download an AWS ec2 keypair using jclouds with the help of access, secret key Find all the attached volumes for an EC2 instance EC2 Instance cannot be accessed publicly Why is SimpUserRegistry not working properly on EC2 Instance Deploy Java maven project on ec2 instance Get public IP of EC2 spot instance Create Amazon EC2 Instance with API AWS EC2 Instances: Launch Multiple Instance
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM