Chathuri Wimalasena | 17 Apr 16:40 2014
Picon

Using cached login.conf when creating the session

Hi Devs, 

We are using  JSch to connect to a host using kerberos ticket. In our case, we have to support multiple user login. We are generating kerberos ticket using apache mod_auth_kerb and use that ticket in login.conf file and create a session when connecting to that server. It seems everything works fine for single user mode, but when it comes to multiple user mode, it uses session in the cache. We update the login.conf file for each user. But it seems when the session is created, it uses previous user's login.conf file to create the session. 

Any idea why this is happening and any recommendations to get rid of this ? Appreciate your help on this.

Thanks..
Chathuri
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
Sachith Withana | 14 Apr 20:40 2014
Picon

SocketTimeoutException in connecting to the KDC

Hi all,

can someone please explain to me what would cause this error?
The client tries to connect to the server and it times out.

here's the pastebin link for the full stack trace: http://pastebin.com/5ywPfRpN
--
Thanks,
Sachith Withana

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
aarthit 2014 | 10 Apr 15:28 2014
Picon

Session hang when connected with openSSH


Hi All,

 

We are using Jsch-0.1.51 for establishing SSH sessions with our product. We face the following issue:

          

The shell hangs and we are not able to enter any commands or text in the screen.

 

We tested the following scenarios and these are our observations:

 

S/No

OS/target

SSH version

SSH server stack

Result

1

Scientific Linux release 6.0

1.5

Openssh 5.3

SSH session establishment fails with the message “Invalid server’s version string”

2

Scientific Linux release 6.4

1.5

OpenSSH 5.3

SSH session establishment fails with the message “Invalid server’s version string”

3

Linux-CentOS release 5.5

2.0

OpenSSH 4.3

Authentication succeeds and  session gets established. The SSH shell prompt is also received.

The session freezes there and doesn’t work.

4

Scientific Linux 6.0

2.0

Libssh 0.6.1

Authentication succeeds and the session is established the shell prompt is also received but the session freezes.

 

For the above 1st 3 cases The establishment of the SSH session is not consistent ,out of 10 trials we could see only twice the session is getting established all the other attempts resulted in a failure.

 

The 4th case did not give us a successful session In any of the instances.

In the 1st two cases we changed the version to 2 and checked and in that we see the result that session gets established but freezes.

 

This problem of session hang is consistent when the client is run from a windows XP machine  running with java version like

java version "1.6.0_20" . java version "1.6.0_01" .

 

When run from a windows 7 PC with java version "1.6.0_22" we see out of 10 times we see 2 times the session gets established and other times it is not getting established.

 

 

Kindly let us know , why do we see the discrepancy in establishing the sessions. And most of the times we are not seeing a successful shell. Do we have to change any settings in the jsch config file. Or any other modifications has to be done. Kindly let us know if any solution is available for this and the reason for the above behavior

 

 

Thanks

Aarthi






------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
Danisment Gazi Unal | 9 Apr 22:32 2014

How to connect to RMX agent over SSH without port forwarding ?


Hello!

I want to make RMX connection secured by SSH. But, I dont want to define a
local port and use a port forwarding.

There is a sample for mysql-JDBC at
http://sourceforge.net/p/jsch/mailman/message/30844955/ .

How can I do the same for RMX ?

Thanks in advance...

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
langoustator | 7 Apr 08:07 2014
Picon

Channel not connected

Hi,

I'm trying to send a few commands to a bunch of cisco switch using jcsh shell channel.

Most of the times (98/100) it works flawlessly, but there are some sessions that hang (and it's not always
the same switch that is being accessed). Here is the 
piece of code:

JSch jsch=new JSch();
jsch.setConfig("StrictHostKeyChecking","no");
Session session=jsch.getSession(user,hostIP,22);
session.setPassword(password);
session.setServerAliveInterval(1000);
session.connect(30000);
ChannelShell channel = (ChannelShell) session.openChannel("shell");
OutputStream inputstream_for_the_channel = channel.getOutputStream();
PrintStream commander = new PrintStream(inputstream_for_the_channel, true);

FileWriter fw= new FileWriter(directory + filename+".txt");

InputStream outputstream_from_the_channel = channel.getInputStream();
BufferedReader br = new BufferedReader(new InputStreamReader(outputstream_from_the_channel));
String line;
System.out.println(session.isConnected());
channel.connect();
System.out.println(session.isConnected());

//sends commands to the switch
commander.println("terminal length 0"); 
String commandstemp[] = commands.split("\n");
for(int i = 0;i>>>>>>> When it hangs it's here, the bufferedReader is not ready and the session is not
connected anymore

while((!br.ready()) && (i<2)){
Thread.sleep(2000);
i=i+1;
System.out.println("not ready");
System.out.println(session.isConnected());
}
if(i==2){
channel.disconnect();
System.out.println(channel.isConnected());
}
line=br.readLine();
Pattern p = Pattern.compile("^.*>exit$");
Matcher m = p.matcher(line);
b = m.matches();
fw.write(line+"\n");
}
session.disconnect();

A successfull attempt will output:
Before channel.connect(), session is connected : true
After channel.connect(), session is connected : true

An unsuccessfull one:

Before channel.connect(), session is connected : true
After channel.connect(): session is connected : true
After checking if the bufferedreader is ready, session is connected : false

Questions:

Is there anything I'm doing seriously wrong (I'm not a dev so forgive my horrible coding)?
Is there anything I can do to get more info about what's happening when it hangs?

Thanks

Lang

___________________________________________________________
Mode, hifi, maison,… J'achète malin. Je compare les prix avec Voila.fr http://shopping.voila.fr/
___________________________________________________________
Mode, hifi, maison,… J'achète malin. Je compare les prix avec Voila.fr http://shopping.voila.fr/

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees_APR
_______________________________________________
JSch-users mailing list
JSch-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users
Sachith Withana | 2 Apr 17:29 2014
Picon

Allowing multiple users to use Kerberos

Hi all,

I need to configure my Kerberos application to be used by multiple users ( it's hosted). 
So I have to provide the ticket location for each user when a new session is created for that user.

I'm using the login.conf to provide the user ticket location,  it's not a good solution to be used with multiple users since I'd have to generate login.conf files on the fly.

is there a good way of providing the user ticket cache without providing it through a static conf file to JSCH?

problem scenario:
login to a site using certain credentials, the the ticket will be generated for you to be used with the java application. it's all automated. 

--
Thanks,
Sachith Withana

------------------------------------------------------------------------------
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
Atsuhiko Yamanaka | 18 Mar 15:23 2014

ANNOUNCE: JSch 0.1.51

Hi there,

JSch 0.1.51 has been released.
It is available at
  http://sourceforge.net/projects/jsch/files/jsch/0.1.51/jsch-0.1.51.zip/download
and its md5sum is 89d0ff6d36040622da0a482e51d87725
And you can get its byte code in jar file format at
  http://sourceforge.net/projects/jsch/files/jsch.jar/0.1.51/jsch-0.1.51.jar/download
and its md5sum is de3a2b0d03295f167fea1904939443cf

Changes since version 0.1.50:
- bugfix: reproducibility of "verify: false".   FIXED.
          The hundreds of thousands connections had caused that exception.
- bugfix: resource leaks at the failure of making local port forwarding. FIXED.
- bugfix: NPE in connecting to the non-standard TCP port.  FIXED.
          This problem had appeared if a host-key does not exist in
          "known_host" file.
- bugfix: TCP connection may not be dropped if error messages from
          the remote are too long.                          FIXED.
- bugfix: SftpATTRS#getAtimeString() returns the wrong string. FIXED.
- bugfix: bytes to be added by SSH_MSG_CHANNEL_WINDOW_ADJUST must be in
          unsigned integer. FIXED.
- bugfix: Util#checkTilde() should not convert a tilde in
          "C:\PROGRA~1\". FIXED.
- bugfix: A long long command for ChannelExec will cause
          an ArrayIndexOutOfBoundsException. FIXED.
- bugfix: ChannelSftp should not send bulk request greedily even if the remote
          window has the enough space.  FIXED.
- bugfix: Util.createSocket() should throw an exception with 'cause'. FIXED.
- bugfix: failed to parse .ssh/config in the EBCDIC environment. FIXED.
- bugfix: com.jcraft.jsch.jcraft.HMACSHA1(used only for MacOSX) is not
          reusable.  FIXED.
- bugfix: NPE caused by the delayed response for channel opening
          requests. FIXED.
- bugfix: hung-up in uploading huge data to ProFTPd without the config
          'SFTPClientMatch "JSCH.*" channelWindowSize 1GB'  FIXED.
- bugfix: Cipher#init() may cause an infinite loop with 100% cpu use due to
          https://bugs.openjdk.java.net/browse/JDK-8028627  FIXED.
- bugfix: in some case, JSche#setKnowHosts(InputStream stream) may fail
          to close the given stream.  FIXED
- change: com.jcraft.jsch.jcraft.HMAC* will not be used.
          It seems Java6 on Mac OS X has fixed some memory leak bug in JCE,
          so there is no reason to use c.j.j.j.HMAC* introduced at 0.1.30.
- change: updating copyright messages; 2013 -> 2014
- change: allowed to create the symbolic/hard link to the relative path by
          ChannelSftp#symlink(String oldpath, String newpath)
          ChannelSftp#hardlink(String oldpath, String newpath)
- change: the availability of ciphers listed in "CheckCiphers" config will
          not be checked if they are not used.
- change: Util#fromBase64() will throw JSchException in stead of
          RuntimeException, if the given string is not in base64 format.
- feature: added the support for private keys in PKCS#8 format.
- feature: introduced the interface com.jcraft.jsch.PBKDF to abstract
           the implementation of Password-Based Key Derivation Function,
           and added its implementation com.jcraft.jsch.jce.PBKDF by using JCE.

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
Usha Ladkani | 12 Mar 13:26 2014
Picon

ERROR : com.jcraft.jsch.JSchException: Session.connect: java.io.IOException: End of IO Stream Read

Hi,

I am connecting to SFTP server using jsch-0.1.49 client.
Using algorithm hmac-sha2-256 , But it is failing with below error.
Could you please suggest why its happening.



INFO: Connecting to 9.126.142.193 port 2222
INFO: Connection established
INFO: Remote version string: SSH-2.0-${POM.ARTIFACTID}-${POM.VERSION}
INFO: Local version string: SSH-2.0-JSCH-0.1.49
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: aes256-ctr is not available.
INFO: aes192-ctr is not available.
INFO: aes256-cbc is not available.
INFO: aes192-cbc is not available.
INFO: arcfour256 is not available.
INFO: CheckKexes: diffie-hellman-group14-sha1
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
INFO: kex: server: ssh-rsa
INFO: kex: server: aes128-cbc,3des-cbc
INFO: kex: server: aes128-cbc,3des-cbc
INFO: kex: server: hmac-md5,hmac-sha1,hmac-md5-96,hmac-sha1-96,hmac-sha2-256,hmac-sha2-512
INFO: kex: server: hmac-md5,hmac-sha1,hmac-md5-96,hmac-sha1-96,hmac-sha2-256,hmac-sha2-512
INFO: kex: server: none
INFO: kex: server: none
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
INFO: kex: client: ssh-rsa,ssh-dss
INFO: kex: client: 3des-cbc,aes128-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO: kex: client: hmac-sha2-256
INFO: kex: client: hmac-sha2-256
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: kex: server->client aes128-cbc hmac-sha2-256 none
INFO: kex: client->server 3des-cbc hmac-sha2-256 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: ssh_rsa_verify: signature true
WARN: Permanently added '9.126.142.193' (RSA) to the list of known hosts.
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: Disconnecting from 9.126.142.193 port 2222
com.jcraft.jsch.JSchException: Session.connect: java.io.IOException: End of IO Stream Read
        at com.jcraft.jsch.Session.connect(Session.java:534)
        at com.jcraft.jsch.Session.connect(Session.java:162)
        at com.ibm.bcg.sftpclient.impl.JSCHMain.main(JSCHMain.java:44)
com.jcraft.jsch.JSchException: Session.connect: java.io.IOException: End of IO Stream Read

Thanks and Regards,
Usha
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
Sachith Withana | 10 Mar 15:53 2014
Picon

SSH key forwading

Hi all,

Does JSCH support SSH key forwarding capability?

Problem would be to copy a file from one server to another using my public key. 

I did it using the terminal. I'm wondering how to implement that through jCraft.

Any help is appreciated!


--
Thanks,
Sachith Withana

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
Mark.Glass | 24 Feb 21:56 2014

Dropped Connections using JSCH

We are using JSCH in an application compiled with Oracle JDK 1.6

We obtain, occasionally, a connection refused exception.

Are there any known issues with JSCH regarding dropped connections?

If so, is there a best-practice for the tool that will avoid this problem?

Thank you.
_________________________________________________________________
This communication (including any attachments) contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please do not distribute, copy or use this communication or the information. Instead, if you have received this communication in error, please notify the sender immediately and then destroy any copies of it.
Due to the nature of the Internet, the sender is unable to ensure the
integrity of this message and does not accept any liability or responsibility for any errors or omissions (whether as the result of this message having been intercepted or otherwise) in the contents of this message. Any views expressed in this communication are those of the individual sender, except where the sender specifically states them to be the views of the company.
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
Sachith Withana | 20 Feb 17:43 2014
Picon

Kerberos Jsch Help

Hi all,

I need to get kerberos working through Java. ( SSH using the kerberos ticket)
Currently it works with the terminal ( ssh host command) using the gssapi-with-mic

But I'm having trouble getting it working with the JSCH library in Java.
Here's the code snippet I tried. ( pastebin:  http://pastebin.com/sX8pUQSq)

Any suggestion is highly appreciated ..!!

JSch jsch = new JSch();
        jsch.setLogger(new MyLogger());

        System.setProperty("java.security.krb5.conf", "/Users/swithana/git/KerberosConnector/src/main/resources/krb5.conf");
        System.setProperty("java.security.auth.login.config", "/Users/swithana/git/KerberosConnector/src/main/resources/mylogin.conf");
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "true");


        try {
            jsch.addIdentity(privateKey,paraphrase);
            jsch.setKnownHosts("/Users/swithana/.ssh/known_hosts");

            Session session = jsch.getSession(user, host, 22);
            Properties config = new java.util.Properties();
            config.put("StrictHostKeyChecking", "no");
            config.put("PreferredAuthentications",
                    "gssapi-with-mic,publickey,password,keyboard-interactive");

            session.setConfig(config);
            session.connect(20000);

            Channel channel = session.openChannel("exec");
            ((ChannelExec) channel).setCommand( command);
            channel.setInputStream(null);
            ((ChannelExec) channel).setErrStream(System.err);

--
Thanks,
Sachith Withana

------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users

Gmane