Jsch, private.ppk based login.
Currently i have following code to ssh login but getting exception due to does not provide key.
Following is my error i am getting
om.jcraft.jsch.JSchException: Auth cancel
JSch jsch = new JSch();
Session session = jsch.getSession(user_name, host, 22);
UserInfo ui = new SSHUserInfo(password, true);
session.setUserInfo(ui);
//connect to remove server
session.connect();
//sudo login bamboo
if (null != session && session.isConnected()) {
session.disconnect();
}
JSch jsch = new JSch();
// Here privateKey is a file path like "/home/me/.ssh/secret_rsa "
// passphrase is passed as a string like "mysecr"
jsch.addIdentity(privateKey, passphrase);
session = jsch.getSession(user, host, port);
session.setConfig("StrictHostKeyChecking", "no");
// Or yes, up to you. If yes, JSch locks to the server identity so it cannot
// be swapped by another with the same IP.
session.connect();
channel = session.openChannel("shell");
out = channel.getOutputStream();
channel.connect();
The file suffix ".ppk" means that you are trying to use Putty's private key, I guess.
JSch has supported the Putty's private keys since 0.1.49,
and if your key is ciphered, you must install "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files"[1] on your environment.
And then, if you are using Pageant usually, you may be interested in trying jsch-agent-proxy[2].
[1] http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
[2] https://github.com/ymnk/jsch-agent-proxy
Related
A message is displayed indicating that the process of waiting for the key to be updated times out when JSCH is used for SSH connection
Here is my configuration:
Properties config = new Properties();
config.put("StrictHostKeyChecking", "no");
//get the JSCH session
Session session = connectInfo.getJSch().getSession(serverConfig.getUsername(), serverConfig.getHost(), serverConfig.getPort());
session.setConfig(config);
//set password
session.setPassword(serverConfig.getPassword());
// Send null packet each 100s
session.setServerAliveInterval(100);
// Send 9999 max null packet
session.setServerAliveCountMax(9999);
// No connection timeout
session.connect(0);
ChannelExec channel = (ChannelExec) session.openChannel("exec");
channel.setCommand(command);
channel.setInputStream(null);
channel.setErrStream(System.err);
channel.connect();
InputStream inputStream = channel.getInputStream();
StringBuilder resultLines = new StringBuilder();
Here's the actual log#Martin Prikryl
I found the right answer!Error caused by my Linux server time inaccuracy,Synchronizing the exact time can solve this problem.
Just as this person, I've been struggling a bit with browsers caching SSL sessions. In short, if a client certificate is selected, there is no way to clear the state programmatically, except in IE using document.execCommand("ClearAuthenticationCache").
One of the answers mentions that making a request to "a URL on the same hostname that requires a client certificate but rejects all certificates" it would force the browser to clear the SSL session. How can I set up such an endpoint in IIS? Because I presume I need more than just a simple endpoint returning http status 403 or similar.
The SSL negotiation happens before the endpoint request is sent, so there is no way of "rejecting a certificate" based on the endpoint (you can perhaps force renegotiation, but I'm not sure IIS supports it).
But you can maybe set up the same hostname and a different port and disable client certificates there. Since the hostname matches (being the same...), I'd expect the browser to try them, and fail.
Short Answer: delete sslcert [ipport=]IP Address:port ref
If you want to script/automate it in code, you could do it in C# in two steps below, you would need to adapt the code to suit your needs
1. Get your certs
using (var store = new X509Store(StoreName.My, StoreLocation.LocalMachine))
{
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
// Get /Display a list of all the certificates
foreach (var x in store.Certificates)
{
// *** TODO
// add it to a drop down
// SomeDropDownListControl_IISCert.Items.Add(new SomeDropDownListControl_IISCert(x.FriendlyName, x.SerialNumber));
//or delete it, see Below
}
}
2. Build the command and pass the cert and delete it with the Shell Command
StringBuilder str = new StringBuilder();
ProcessStartInfo psi = new ProcessStartInfo() {CreateNoWindow = true, UseShellExecute = false, RedirectStandardOutput = true};
psi.FileName = "netsh";
psi.Arguments = $"http show sslcert ipport=0.0.0.0:{port}";
Process procShow = Process.Start(psi);
while (procShow != null && !procShow.StandardOutput.EndOfStream)
{
str.Append(procShow.StandardOutput.ReadLine());
}
Log.Warn(str.ToString);
// delete IPV4.
psi.Arguments = $"http delete sslcert ipport=0.0.0.0:{port}";
Process procDel = Process.Start(psi);
//exitCode = procDel.ExitCode;
We have been using Amplify and Cognito to register our users for an Angular6 application deployed to Lambda. The client wanted to transition from email to username as primary user identification. So we created a new user pool / client. I don't have visibility into the configuration settings, I was simply given new user pool, identity pool, and client id's. Then I changed the code for application signup to look like this:
return from(Auth.signUp({
'username': username, // was email
'password': password,
attributes: { // added these
'email': email,
'phone_number': phone_number,
'family_name': name,
'birthdate': DOB,
'custom:last_4_ssn': SSN // custom attribute
}}));
The response I'm getting with no other changes made is: Unable to verify secret hash for client. Google claims the problem is that secretAccess is currently an unsupported configuration, but the guy who has access to these services swears to me that nowhere is secretAccess configured in our setup.
I apologize for not having access to the configuration, but is there any other possible reason to receive this error?
That error is probably originating from the fact that the app client you are connected to has an associated secret key. When you create a user pool app client, it generates a secret by default:
Right now, with React-Native Amplify you have to use an app client that does not have a secret key generated. So when you create a new app client with your desired attributes, make sure the "Generate client secret" box is unchecked.
The solution is to pass secret_hash along with the adminAuthInitiate Request. And to calculate the secret hash you can use the following method:
public static String calculateSecretHash(String userPoolClientId, String userPoolClientSecret, String userName) {
final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
SecretKeySpec signingKey = new SecretKeySpec(
userPoolClientSecret.getBytes(StandardCharsets.UTF_8),
HMAC_SHA256_ALGORITHM);
try {
Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
mac.init(signingKey);
mac.update(userName.getBytes(StandardCharsets.UTF_8));
byte[] rawHmac = mac.doFinal(userPoolClientId.getBytes(StandardCharsets.UTF_8));
return Base64.getEncoder().encodeToString(rawHmac);
} catch (Exception e) {
throw new RuntimeException("Error while calculating ");
}
}
How to Pass Secret_Hash
Map<String, String> authParams = new HashMap<>(2);
authParams.put("USERNAME", <username>);
authParams.put("PASSWORD", <password>);
authParams.put("SECRET_HASH", calculateSecretHash(cognitoClientId, cognitoClientSecret, <username>));
AdminInitiateAuthRequest authRequest = new AdminInitiateAuthRequest()
.withClientId(userPool.getClientId()).withUserPoolId(userPool.getUserPoolId())
.withAuthFlow(AuthFlowType.ADMIN_NO_SRP_AUTH).withAuthParameters(authParams);
AdminInitiateAuthResult result = cognito.adminInitiateAuth(authRequest);
auth = result.getAuthenticationResult();
I can't connect to a SSH host using the Gradle SSH Plugin with my private key.
Specifying the password in the build.gradle works fine:
remotes {
webServer {
host = '<IP>'
user = '<USER>'
password = '<PASSWORD>'
}
}
But to avoid writing my password in the build file, I've set my environment to connect using my private key without entering the password from shell:
ssh <user>#<ip>
This command works from the shell but I can't achieve this with the Gradle plugin. This is my configuration:
remotes {
webServer {
host = '<IP>'
user = '<USER>'
identity = file("${System.getProperty('user.home')}/.ssh/id_rsa")
}
}
The error is:
Caused by: com.jcraft.jsch.JSchException: USERAUTH fail at com.jcraft.jsch.UserAuthPublicKey.start(UserAuthPublicKey.java:119)
Since I'm able to connect from the shell, what's wrong with my configuration?
I fixed this by adding the agent = true property:
remotes {
webServer {
host = '54.233.77.171'
user = 'denis'
agent = true
identity = file("${System.getProperty('user.home')}/.ssh/id_rsa")
}
}
agent - If this is set, Putty Agent or ssh-agent will be used on
authentication
For more information: Connections settings
I tried this property after analyzing the class UserAuthPublicKey:
if(userinfo==null) throw new JSchException("USERAUTH fail");
I think JCraft only supports PEM keys - when generating the keys, you need to specify the format:
ssh-keygen -t rsa -m PEM
After i configured redis with password protected i get below error
Exception Occured
Exception Message --> NOAUTH Authentication required.
Exception Cause --> redis.clients.jedis.exceptions.JedisDataException: NOAUTH Authentication required.
File Name : SecurityInterceptor.java
Class Name : org.tcs.com.security.filter.SecurityInterceptor
Method Name : doFilter
redis.clients.jedis.exceptions.JedisDataException
indicates that jedis (a java Redis client) is used to connect with Redis server.
"NOAUTH Authentication required error"
indicates that the jedis connection requires password for authentication.
The following java code snippet shows how the password could be set:
JedisShardInfo shardInfo = new JedisShardInfo(redisHost, redisPort);
shardInfo.setPassword(redisPassword);
Jedis jedis = new Jedis(shardInfo);
jedis.connect();
Add your password property to the block in your Tomcat context.xml..
public JedisPool(final Config poolConfig, final String host, int port,
int timeout, final String password) {
this(poolConfig, host, port, timeout, password, Protocol.DEFAULT_DATABASE);
}
This method maybey help you.
The message is misleading. Proposal is
Error NOAUTH - Authentication required
String cacheHostname = "your cash host";
String cachekey = "your cash primary key";
JedisShardInfo shardInfo = new JedisShardInfo(cacheHostname, 6379);
shardInfo.setPassword(cachekey);
Jedis jedis = new Jedis(shardInfo);
jedis.auth(cachekey);
jedis.connect();
System.out.println( "Cache Response : " + jedis.ping());