我可以使用 Jsch 来伪造与本地主机的 ssh 连接吗?
我花了很多时间开发一个应用程序,该应用程序将使用 JSch 并通过 ssh 连接到远程计算机以执行一些命令行操作。但是我了解到这些操作也可以在本地主机上执行(我的应用程序在本地主机上运行)。现在...我懒得重写所有代码,老实说我感觉很糟糕,因为我真的很喜欢 JSch。有没有办法欺骗 JSch 连接到 localhost,或者以某种方式告诉它只使用 localhost,即使代码另有说明? :)
PS,如果不可能,为什么常规 Proccess 类不像 JSch 那样支持 setOutputStream 和 setErrStream,而只支持 getInputStream 和 getErrorStream ?
I spent a lot of time developing an application that would use JSch and connect to a remote machine thru ssh to perform some command-line operations. However I learned that these operations can be performed at the localhost as well (my app is running on localhost). Now... I am too lazy to rewrite all the code and honestly I feel bad since I got really attached to JSch. Is there a way to trick JSch to connect to localhost instead or tell it in some way to just use localhost even though the code says otherwise? :)
P.S. in case it's not possible, how come the regular Proccess class doesnt support setOutputStream and setErrStream like JSch does, but only getInputStream and getErrorStream ??
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
只要您的本地计算机正在运行 SSH 服务器(并且您的应用程序具有必要的登录凭据),您也可以使用 JSch 连接到本地计算机 - 只需指示
localhost(或127.0.0.1)作为连接的主机名。不过,这会产生一些开销,因为您正在加密和解密所有数据,这对于本地执行某些命令来说并不是真正必要的。 (另一方面,这将允许您以另一个用户身份运行命令,否则您将需要诸如
sudo或su或RunAs< /code> 在 Windows 下。)JSch 在相应的
get...方法之上实现了setOutputStream和setErrStream- 它使用类似于内部有一个 PipedInputStream 和一个单独的线程,用于铲除这些流之间的数据。由于 JSch 是开源的,您可以简单地查看这是如何完成的(如果我没记错的话,在
Channel类中),然后将相关方法复制到您的类中,该类对执行相同的操作>处理。您可以使用
none密码,例如不加密。默认情况下,所有通用客户端和服务器都禁用此功能(因为它破坏了 SSH 的一半目的),但通过正确的配置,您可以启用它。在 JSch 中,您可以使用(此配置选项是客户端支持的所有选项的列表 - 请参阅 所有支持值的
setConfig文档。服务器通常会选择第一个它也支持此列表之一。要强制不加密(或取消连接),请仅列出无。)我不知道如何在 SSH 服务器中启用此功能 - 请阅读服务器的文档。 (如果可能的话,仅对本地主机启用它。)
推荐的使用方法是仅在身份验证后切换到无密码(因此身份验证仍然是加密的),但对于本地主机,这可能不会有必要。 (更改配置后,您可以使用
session.rekey()切换密码(和密钥)。)As long as your local machine has an SSH server running (and your application has the necessary login credentials), you can use JSch to connect to your local machine, too - simply indicate
localhost(or127.0.0.1) as the host name for the connection.This will have some overhead, though, since you are encrypting and decrypting all the data, which is not really necessary to execute some command locally. (On the other hand, this would allow you to run the commands as another user, for which you otherwise would need something like
sudoorsu, orRunAsunder Windows.)JSch implements the
setOutputStreamandsetErrStreamon top of the correspondingget...methods - it uses something similar to a PipedInputStream internally and a separate thread which shovels the data between those streams.As JSch is open source, you can simply look how this is done (in the
Channelclass, if I remember right), and copy the relevant methods to your class which does the same things for aProcess.You can use the
nonecipher, e.g. no encryption. This is by default disabled in all general-purpose clients and servers (as it defeats half of the purpose of SSH), but with the right configuration you can enable it. In JSch you can use(This configuration option is the list of all options the client supports - see the documentation of
setConfigfor all supported values. The server will normally select the first one of this list that it also supports. To force no encryption (or canceling the connection), list onlynone.)I don't know how to enable this in the SSH server - read your server's documentation. (And enable it only for localhost, if possible.)
The recommended way of using it is to switch to the
nonecipher only after authentication (so the authentication is still encrypted), but for localhost this might not be necessary. (You can usesession.rekey()to switch the cipher (and key) after changing the configuration.)