ssh 私钥/公钥身份验证示例

发布于 2024-09-18 06:11:52 字数 1010 浏览 11 评论 0原文

谁能给我一个 sshj 中私钥/公钥身份验证的示例?

在 sshj 中,命令行相当于什么,

ssh -i /path/to/mykey.private username@host

我尝试过(省略了错误处理),

final SSHClient ssh = new SSHClient();
ssh.loadKnownHosts();
ssh.connect("host");
ssh.authPublickey("username", "/path/to/mykey.private");
final Session session = ssh.startSession();
...

但在日志语句中我看到了,

DEBUG net.schmizz.sshj.SSHClient - Attempting to load key from: /path/to/mykey.private
WARN  net.schmizz.sshj.SSHClient - Could not load keys due to: {}
net.schmizz.sshj.common.SSHException: No provider available forUnknown key file
    at net.schmizz.sshj.SSHClient.loadKeys(SSHClient.java:482) ~[sshj-0.3.0.jar:na]
...
Exception in thread "main" 10:49:55.943 [reader] DEBUG
net.schmizz.sshj.transport.Reader - Stopping
net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication methods

谢谢, 埃弗里特

Can anyone give me an example of private/public key authentication in sshj?

In sshj what's the command line equivalent of,

ssh -i /path/to/mykey.private username@host

I tried (error handling omitted),

final SSHClient ssh = new SSHClient();
ssh.loadKnownHosts();
ssh.connect("host");
ssh.authPublickey("username", "/path/to/mykey.private");
final Session session = ssh.startSession();
...

but in the log statements I see,

DEBUG net.schmizz.sshj.SSHClient - Attempting to load key from: /path/to/mykey.private
WARN  net.schmizz.sshj.SSHClient - Could not load keys due to: {}
net.schmizz.sshj.common.SSHException: No provider available forUnknown key file
    at net.schmizz.sshj.SSHClient.loadKeys(SSHClient.java:482) ~[sshj-0.3.0.jar:na]
...
Exception in thread "main" 10:49:55.943 [reader] DEBUG
net.schmizz.sshj.transport.Reader - Stopping
net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication methods

Thanks,
Everett

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

女皇必胜 2024-09-25 06:11:52

尝试像这样使用 KeyPairWrapper :

KeyPair kp = ... // read keypair from file
ssh.authPublickey(user, new KeyPairWrapper(keypair));

通过 BouncyCastle 提供程序,您可以使用类似的方法从 PKCS8 PEM 中提取密钥对(对混乱的代码表示歉意)

/**
 * Takes a PEM-encoded PKCS8 key-containing InputStream and returns the KeyPair within. Only the first keypair is considered
 * 
 * @return
 * @throws IOException if the stream is not a valid PKCS8 wrapped keypair
 */
public static KeyPair readKeypair(final InputStream is, final char[] password) throws IOException {
    PasswordFinder passwordFinder = password != null ? new StaticPasswordFinder(password) : null;

    KeyPair kp = null;
    try {
        // read the stream as a PEM encoded
        try {

            final PEMReader pem = new PEMReader(new InputStreamReader(is), passwordFinder);
            try {
                // Skip over entries in the file which are not KeyPairs
                do {
                    final Object o = pem.readObject();

                    if (o == null)
                        break; // at end of file
                    else if (o instanceof KeyPair)
                        kp = (KeyPair) o;
                } while (kp == null);
            }
            finally {
                pem.close();
            }
        }
        catch (EncryptionException e) {
            throw new IOException("Error reading PEM stream: " + e.getMessage(), e);
        }
    }
    finally {
        is.close();
    }

    // Cast the return to a KeyPair (or, if there is no [valid] return, throw an exception)
    if (kp != null)
        return kp;
    else
        throw new IOException("Stream " + is + " did not contain a PKCS8 KeyPair");
}

Try using KeyPairWrapper like this:

KeyPair kp = ... // read keypair from file
ssh.authPublickey(user, new KeyPairWrapper(keypair));

With the BouncyCastle provider you can use something like this to extract a KeyPair from a PKCS8 PEM (apologies for the messy code)

/**
 * Takes a PEM-encoded PKCS8 key-containing InputStream and returns the KeyPair within. Only the first keypair is considered
 * 
 * @return
 * @throws IOException if the stream is not a valid PKCS8 wrapped keypair
 */
public static KeyPair readKeypair(final InputStream is, final char[] password) throws IOException {
    PasswordFinder passwordFinder = password != null ? new StaticPasswordFinder(password) : null;

    KeyPair kp = null;
    try {
        // read the stream as a PEM encoded
        try {

            final PEMReader pem = new PEMReader(new InputStreamReader(is), passwordFinder);
            try {
                // Skip over entries in the file which are not KeyPairs
                do {
                    final Object o = pem.readObject();

                    if (o == null)
                        break; // at end of file
                    else if (o instanceof KeyPair)
                        kp = (KeyPair) o;
                } while (kp == null);
            }
            finally {
                pem.close();
            }
        }
        catch (EncryptionException e) {
            throw new IOException("Error reading PEM stream: " + e.getMessage(), e);
        }
    }
    finally {
        is.close();
    }

    // Cast the return to a KeyPair (or, if there is no [valid] return, throw an exception)
    if (kp != null)
        return kp;
    else
        throw new IOException("Stream " + is + " did not contain a PKCS8 KeyPair");
}
画骨成沙 2024-09-25 06:11:52

您需要包含大多数关键类型的 BouncyCastle 库。这是 Maven 依赖项:

org.bouncycastle
bcprov-jdk16
1.46

You need to include BouncyCastle lib for most key types. Here's the Maven dependency:

org.bouncycastle
bcprov-jdk16
1.46

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文