Ettore | 3 Dec 10:32 2013
Picon

Jsch with PK auth - Execute commands without login - Account SU only

Hi everyone,

I'm facing a challenge regarding the use of JSCH.

When the account I'm trying to connect to via the PK auth mechanism, has the 
restriction SU only, I can only execute commands and not log onto the box.

As far as I know, through JSCH API I do have to connect first to the box and 
then I can execute commands, which as I mentioned above it is forbidden in my 
case.

Is there a way in JSCH to achieve the "ssh userName <at> hostName shellCommand" 
without having first issue "ssh userName <at> hostName" namely the connect method, 
and then at the prompt shell:command ?

Thank you in advance.

Regards.

Linux RH E.E. 5 32bits

------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
Gerry Reno | 29 Nov 20:12 2013
Picon
Picon

ipv6: UnknownHostException on valid link-local address

Can someone provided me with a few pointers on getting ipv6 addresses working with JSch?

I'm starting off with link-local address (fe80::)

The target machine has this ipv6 address:  fe80::218:f8ff:fe0b:554b%eth0

So I've tried to connect using both:  fe80::218:f8ff:fe0b:554b  and  fe80::218:f8ff:fe0b:554b%eth0 
(with and without
the scope id / inf)

What I end up with is the following errors:

    ERROR: com.jcraft.jsch.JSchException java.net.ConnectException: failed to connect to
/fe80::218:f8ff:fe0b:554b (port
    22): connect failed: EINVAL (Invalid argument)

    ERROR: com.jcraft.jsch.JSchException java.net.UnknownHostException: Unable to resolve host
    "fe80::218:f8ff:fe0b:554b%eth0": No address associated with hostname

I am able to ping6 the address%inf:

    $ ping6 fe80::218:f8ff:fe0b:554b%eth0
    PING fe80::218:f8ff:fe0b:554b%eth0(fe80::218:f8ff:fe0b:554b) 56 data bytes
    64 bytes from fe80::218:f8ff:fe0b:554b: icmp_seq=1 ttl=64 time=0.380 ms
    64 bytes from fe80::218:f8ff:fe0b:554b: icmp_seq=2 ttl=64 time=0.233 ms
    64 bytes from fe80::218:f8ff:fe0b:554b: icmp_seq=3 ttl=64 time=0.284 ms

I am also able to login using openssh from the command line:

    $ ssh xxxxxxxx <at> fe80::218:f8ff:fe0b:554b%eth0
(Continue reading)

Davide Ferri | 20 Nov 01:49 2013
Picon

TCP Forward Block after some time

Hi All,
   we are using jsch (mostly port forwarding) without any issue during 
the last year. Today we deployed our app in a new environment which make 
a lot more traffic (with peak of about 120/140 mbps). After it transfer 
between 1 to 2 gb of data all data transfer freeze.
The forward is used by a standard rsync client that connect to a 
"remote" rsyncd daemon.
Did someone have any hit on how to solve this issue ? Below I've 
attached relevant data.

Thanks
Davide

----

The relevant output (netstat)
tcp   2193539      0 127.0.0.1:59016         127.0.0.1:7373 
ESTABLISHED
tcp6   65728      0 172.17.2.4:47297        172.17.2.180:22 
ESTABLISHED
tcp6       0 664832 127.0.0.1:7373          127.0.0.1:59016 
ESTABLISHED

The relevant stack trace:
"DirectTCPIP thread 172.17.2.180" prio=10 tid=0x00007fa9e800a800 
nid=0x5b07 runnable [0x00007faa65d03000]
    java.lang.Thread.State: RUNNABLE
	at java.net.SocketInputStream.socketRead0(Native Method)
	at java.net.SocketInputStream.read(SocketInputStream.java:152)
	at java.net.SocketInputStream.read(SocketInputStream.java:122)
(Continue reading)

BARTOL, LAURENT (LAURENT | 18 Nov 10:48 2013

help : Question about jsch blocked. (example on com.jcraft.jsch.ChannelSftp.cd)

Dear readers,

 

We used jsch to collect and distribute files 24/24 7/7

And we have notice sometime that the file collect or distribution is blocked.

It has already happened on some commands : “connect”, “cd”, “ls” and “pwd”  where our threads can be blocked.

 

MY QUESTIONS

============

Does the use of  a timeout at connection time can solve all these problems of “blocked thread” ?

  public void connect(int connectTimeout) throws JSchException{

 

Or do we have to set other parameters like …. setServerAliveCountMax to 0

session.setServerAliveCountMax(0);

C.f. Colin’s mail 2013-05-03 21:15

 

 

Thanks.
Laurent.

 

 

===========================================================================

Here is some jstack examples of block

 

"Thread-258" prio=10 tid=0x000000000b01e800 nid=0x211e runnable [0x0000000067638000]

   java.lang.Thread.State: RUNNABLE

        at java.net.SocketInputStream.socketRead0(Native Method)

        at java.net.SocketInputStream.read(SocketInputStream.java:150)

        at java.net.SocketInputStream.read(SocketInputStream.java:121)

        at java.net.SocketInputStream.read(SocketInputStream.java:203)

        at com.jcraft.jsch.IO.getByte(IO.java:73)

        at com.jcraft.jsch.Session.connect(Session.java:263)

        at com.jcraft.jsch.Session.connect(Session.java:183)

        at fr.alcatel.cit.products.c3s.dataFlow.dpm.distributorFTP.SFTPClientWrapper.connect(SFTPClientWrapper.java:117)

        - locked <0x000000064f417bd0> (a fr.alcatel.cit.products.c3s.dataFlow.dpm.distributorFTP.SFTPClientWrapper)

        at fr.alcatel.cit.products.c3s.dataFlow.dpm.distributorFTP.SFTPClientWrapper.connect(SFTPClientWrapper.java:77)

        - locked <0x000000064f417bd0> (a fr.alcatel.cit.products.c3s.dataFlow.dpm.distributorFTP.SFTPClientWrapper)

        at fr.alcatel.cit.products.c3s.dataFlow.dpm.collectorFTP.CollectorFTPClient.connect(CollectorFTPClient.java:399)

        at fr.alcatel.cit.products.c3s.dataFlow.dpm.collectorFTP.CollectorFTPClient.reconnect(CollectorFTPClient.java:2284)

        at fr.alcatel.cit.products.c3s.dataFlow.dpm.collectorFTP.CollectorFTPClient.isFtpCollectorInstanceAuthorizedToCollect(CollectorFTPClient.java:660)

        at fr.alcatel.cit.products.c3s.dataFlow.dpm.collectorFTP.CollectorFTPClient.collectorProcedure(CollectorFTPClient.java:620)

        at fr.alcatel.cit.products.c3s.dataFlow.dpm.collectorFTP.CollectorFTPClient.access$1000(CollectorFTPClient.java:90)

        at fr.alcatel.cit.products.c3s.dataFlow.dpm.collectorFTP.CollectorFTPClient$ThreadForScan.run(CollectorFTPClient.java:228)

        at java.lang.Thread.run(Thread.java:722)

 

Other Example

 

Thread 30610: (state = BLOCKED)

- java.lang.Object.wait(long) <at> bci=0 (Compiled frame; information may be imprecise)
- java.io.PipedInputStream.read() <at> bci=142, line=310 (Compiled frame)

- java.io.PipedInputStream.read(byte[], int, int) <at> bci=43, line=361 (Compiled frame)
- com.jcraft.jsch.ChannelSftp.fill(byte[], int, int) <at> bci=17, line=2325 (Compiled frame)

- com.jcraft.jsch.ChannelSftp.header(com.jcraft.jsch.Buffer, com.jcraft.jsch.ChannelSftp$Header) <at> bci=12, line=2351 (Compiled frame)

- com.jcraft.jsch.ChannelSftp._realpath(java.lang.String) <at> bci=27, line=1810 (Compiled frame)

- com.jcraft.jsch.ChannelSftp.cd(java.lang.String) <at> bci=14, line=268 (Interpreted frame)

- dpm.distributorFTP.SFTPClientWrapper.cd(java.lang.String) <at> bci=22, line=142 (Compiled frame)

- dpm.collectorFTP.CollectorFTPClient.scanServer() <at> bci=225, line=776 (Compiled frame)

- dpm.collectorFTP.CollectorFTPClient.collectorProcedure() <at> bci=144, line=612 (Interpreted frame)

- dpm.collectorFTP.CollectorFTPClient.access$1000(dpm.collectorFTP.CollectorFTPClient) <at> bci=1, line=90 (Compiled frame)

- dpm.collectorFTP.CollectorFTPClient$ThreadForScan.run() <at> bci=28, line=226 (Compiled frame)

- java.lang.Thread.run() <at> bci=11, line=619 (Interpreted frame)

 

------------------------------------------------------------------------------
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
Gerry Reno | 16 Nov 07:54 2013
Picon
Picon

session.connect() NullPointerException

Using JSch 1.5.0

I'm seeing a NullPointerExcepton every so often from Session.java on valid params.

eg:

    session = jsch.getSession(TEST-2003\Administrator, 192.168.2.108, 22222)

    E/AndroidRuntime(17889): FATAL EXCEPTION: Thread-1684
    E/AndroidRuntime(17889): java.lang.NullPointerException
    E/AndroidRuntime(17889):     at com.jcraft.jsch.Session.checkHost(Session.java:802)
    E/AndroidRuntime(17889):     at com.jcraft.jsch.Session.connect(Session.java:342)
    E/AndroidRuntime(17889):     at com.jcraft.jsch.Session.connect(Session.java:183)

I can log in with command line ssh using these same params both from Linux and from same Android.

    $ ssh -p 22222 'TEST-2003\Administrator' <at> 192.168.2.108
    The authenticity of host '192.168.2.108 (192.168.2.108)' can't be established.
    DSA key fingerprint is d4:e9:39:58:95:03:23:24:5a:e9:f7:df:29:b6:d5:d5.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '192.168.2.108' (DSA) to the list of known hosts.
    TEST-2003\Administrator@...'s password:

    Microsoft Windows [Version
    5.2.3790]                                                                                           
    (C) Copyright 1985-2003 Microsoft
    Corp.                                                                                        

    C:\Documents and
    Settings\Administrator>exit                                                                                   
    Connection to 192.168.2.108
    closed.                                                                                            
    $ 

------------------------------------------------------------------------------
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
rakstar | 13 Nov 12:28 2013

Algorithm negotiation fail Exception while doing SFTP

Hi Team,

I trying below code to start a SFTP session for file transfer(from linux to windows server).

        String dstDirectory = "****";

        JSch jsch = new JSch();

session = jsch.getSession("*****", "******", 22);

        session.setConfig("StrictHostKeyChecking", "yes");

        session.setPassword("******");

        session.connect();


        channel = session.openChannel("sftp");

        channel.connect();

        sftpChannel = (ChannelSftp) channel;

        sftpChannel.put(file, dstDirectory);

        sftpChannel.exit();

        session.disconnect();


Getting the below exceptions while connecting,

Exception in thread "main" com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:559)
at com.jcraft.jsch.Session.connect(Session.java:299)
at com.jcraft.jsch.Session.connect(Session.java:162)
at sample.SFTP.main(SFTP.java:35)

I even tried with StrictHostKeyChecking=no, but does not help.
Please let me know if there are any more configurations to be set in the code for this.

Thanks,
Rakesh
------------------------------------------------------------------------------
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
Gerry Reno | 10 Nov 21:30 2013
Picon
Picon

addIdentity: on android getting invalid privatekey: [B <at> 428ff138 with known good RSA key

Using JSch 1.50

I'm trying to get publickey auth working on  arm android.

I have password auth working fine already.

So I added addIdentity( keypath ) but it always errors even with known good RSA key.

I tested the key both on the phone using ConnectBot and on two linux machines using openssh.

The key works fine from all three.

When I use the addIdentity method and pass the key path I'm always getting an error, invalid privatekey: [B <at> 428ff138

Is there something else I need to add besides addIdentity to make this work?

------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most 
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
Kishor.Golapelliwar | 3 Nov 05:31 2013

AUTO: Kishor Golapelliwar is out of the office (returning 08-11-2013)


I am out of the office until 08-11-2013.

I am on Personal leave from 05-11-2013  to 07-11-2013.
Anjali Chaurasia will be handling all request for above mentioned duration.
I wont be able to access mails and will have limited connectivity over
phone.
Please drop a message in case of emergency.

Note: This is an automated response to your message  "JSch-users Digest,
Vol 87, Issue 1" sent on 11/3/2013 7:43:21 AM.

This is the only notification you will receive while this person is away.

------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
Gerry Reno | 3 Nov 03:13 2013
Picon
Picon

hostKeyRepository.check always returning NOT FOUND

Even if I hardcode and cut and paste the exact key from my known_hosts, the hostKeyRepository.check will
only return
NOT_FOUND

int repoHostKeyCheck = hostKeyRepository.check( sessionHost, hostKey.getKey().getBytes() );

log:
V/MyApp(16481): SESSION     : 192.168.2.109 ssh-rsa f0:70:f0:6e:f3:bc:74:bc:81:74:a3:42:11:07:87:49
AAAAB3NzaC1yc2EAAAABIwAAAQEAuwn4nvREfJ86S7suUVlrmyGBGkph1xfY1+UIh8lp4xP2WJPjXfVPdh/asFxYYkUNJWpJTtvZMfs4JGZZ1CP5UlWA6zB6lfjn0OvqCre8dZSV/6Nx2YwX1sGcV++IwEnMM3XnoWbqVAjSkI2e5EBWgD0CnOeFthvPdWQz4ywNqDLEbNDxHfmKR79cXJteCiC/+WRX5wNJQTlOMzOAuJEOXyroHoTaZ3nkgvaj45XIbKXdFL5oZGJshE7cJGbmQ7K7IDa+AA6UzlWnaUivu2svu0WwfJPOyVjtr69AS8ga0MTDH2Qn6Yqs0yxw7Z9JX2EQL4l0lF99T7u/3Bm5/3YxMw==

V/MyApp(16481): HOSTKEY REPO: 192.168.2.106 ssh-dss 8b:7b:84:97:c7:a1:e8:73:00:c3:9b:19:e1:11:7f:78
AAAAB3NzaC1kc3MAAACBAIVUq/q9Q7OiA1qVud6n3va/5Xrm2oSz6+lgfiKJY9bEoXC2K0gbx4Csyp2SE3GjPcVMW5O42Eh+fiOWR7EQrJEzR8iiH4129SjzePRXNV73VIrSdzzcTugfUzVm56BL3H+EzLYpRBioS44QVGePxCMED7EoC3V4CjHVaoFo5So3AAAAFQD/iA8C9mEEw0jWjhukSICuhRkuqwAAAIA+OO0Ia6MIwGh91i0JoKjgmPPxIPhFBx1MOpv2GmrEPmieubDQpmqiCG/jH6Kr39uewJiR06uBfXZdj9IFbWCW4dhL57jyEWqBY40m6HlzmKDSjZwMtGZLtvIJ+hFK0a4qBZaUNeeMNG1OtmxdHpnynE3YVBE2f6eyD7LyF18DUQAAAIBpnbWZy3ptzc3VCvrWcNBIa1oOKODvWlAdqXgpJ7mu01DTIVDUDLbe72XYBhr2v2rHRO91JmkA6qe+UFGiXtBCyFY3ehXzzSvmLrMOXZgR3aPh92conoE3VyUq7rf92IyJWp9N6zEio85L7zKZC6sXw6KUZtd3x5P1qiiUwc+kbg==
V/MyApp(16481): HOSTKEY REPO CHECK: NOT FOUND
V/MyApp(16481): HOSTKEY REPO CHECK: 1

V/MyApp(16481): HOSTKEY REPO: 192.168.2.109 ssh-rsa f0:70:f0:6e:f3:bc:74:bc:81:74:a3:42:11:07:87:49
AAAAB3NzaC1yc2EAAAABIwAAAQEAuwn4nvREfJ86S7suUVlrmyGBGkph1xfY1+UIh8lp4xP2WJPjXfVPdh/asFxYYkUNJWpJTtvZMfs4JGZZ1CP5UlWA6zB6lfjn0OvqCre8dZSV/6Nx2YwX1sGcV++IwEnMM3XnoWbqVAjSkI2e5EBWgD0CnOeFthvPdWQz4ywNqDLEbNDxHfmKR79cXJteCiC/+WRX5wNJQTlOMzOAuJEOXyroHoTaZ3nkgvaj45XIbKXdFL5oZGJshE7cJGbmQ7K7IDa+AA6UzlWnaUivu2svu0WwfJPOyVjtr69AS8ga0MTDH2Qn6Yqs0yxw7Z9JX2EQL4l0lF99T7u/3Bm5/3YxMw==
V/MyApp(16481): HOSTKEY REPO CHECK: NOT FOUND
V/MyApp(16481): HOSTKEY REPO CHECK: 1

This is bytes, right?  No encoding.

What could be the problem?

------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
Shai Ayal | 31 Oct 19:44 2013
Picon

Keyboard-interactive authentication

Hi,

Thanks for jsch -- I use it in my open source android application SPT - persistent SSH tunnels for android.

Recently a user asked about supporting keyboard-interactive authentication (as opposed to the already supported password authentication mode).


Thanks again,
Shai
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
Danisment Gazi Unal | 17 Oct 16:47 2013

SFTP put to multiple destinations ?


Hello,

is there a way to send a file to multiple destinations by cascading
transmission ?

For example, If I send a file to server A, file should be sent to Server A,
and sent to Server B from Server A.

Source --> Server A --> Server B

I can not send directly from Source to Server A and Server B. I have to
offload transmissions to destinations.

Thanks in advance....

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk

Gmane