Solved

How to construct an ssh tunnel inside a java program

Posted on 2012-12-26

Java

2 solutions

Medium Priority

1,374 Views

Last Modified: 2013-01-01

How to have a java program do the same thing as the ssh unix command (0) where the userName does not have a password associated with it?

(0) The unix command that works
ssh -i ~/.ssh/pemFile.pem -L 8000:ec2-0-0-0-0.compute-1.amazonaws.com:8000 userName@ec2-0-0-0-0.compute-1.amazonaws.com

(1) The pem file
-----BEGIN RSA PRIVATE KEY-----
SOMETEXSOMETEXTALJDLAJFAJFLADSFJASDFFDA
ALDFJALFJASLDFASFDASJDLFJASLDFJAJSSDLF
-----END RSA PRIVATE KEY-----

(2) Java program that currently does not work ( i think i need a user info object or something also I do not have both a cert and key in my pem file do I need to generate one of these?)
public static void main (String args []) throws Exception {
            String pemPath = "/Users/username/.ssh/pemFile.pem";
            String ec2 = "userName@ec2-0-0-0-0.compute-1.amazonaws.com";
            SSLSocketFactory factory = null;
             factory = getSocketFactoryPEM(pemPath);
            InetAddress remote = InetAddress.getByName(ec2);
            InetAddress local = InetAddress.getByName("localhost");

            Socket socket = factory.createSocket(remote, 8000, local, 8000);
      }

      public static SSLSocketFactory getSocketFactoryPEM(String pemPath) throws Exception {

       Security.addProvider(new BouncyCastleProvider());

       SSLContext context = SSLContext.getInstance("TLS");

       byte[] certAndKey = getBytesFromFile(new File(pemPath));

       String delimiter = "-----BEGIN RSA PRIVATE KEY-----";
       String[] tokens = new String(certAndKey).split(delimiter);

       byte[] certBytes = tokens[0].concat(delimiter).getBytes();
       //byte[] keyBytes = tokens[1].getBytes();

       PEMReader reader;

       reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(certBytes)));
       X509Certificate cert = (X509Certificate)reader.readObject();

       //reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(keyBytes)));
       //PrivateKey key = (PrivateKey)reader.readObject();

       KeyStore keystore = KeyStore.getInstance("JKS");
       keystore.load(null);
       keystore.setCertificateEntry("cert-alias", cert);
       //keystore.setKeyEntry("key-alias", key, "changeit".toCharArray(), new Certificate[] {cert});

       KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
       kmf.init(keystore, "changeit".toCharArray());

       KeyManager[] km = kmf.getKeyManagers();

       context.init(km, null, null);

       return context.getSocketFactory();
      }

Comment

Question by:RichardSDetsch

[X]

Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

Help others & share knowledge
Earn cash & points
Learn & ask questions

Join The Community

8 Comments

LVL 25

Expert Comment

by:Tomas Helgi Johannsson

ID: 387231162012-12-27

Hi!

Here are some examples to look at
http://www.example-code.com/java/ssh.asp
http://www.beanizer.org/site/index.php/en/Articles/Java-ssh-tunneling-with-jsch.html

Hope this helps.

Regards,
Tomas Helgi

Assisted Solution

by:RichardSDetsch

RichardSDetsch earned 0 total points

ID: 387238972012-12-27

Thanks for the links they are helpful. I will try them tonight.

Here are some of my thoughts before though.

A. The JSCH does not show me what to do with the pem file and also I do not know what to put in the userInfo object, note the unix command (0) above does not require any user input after running. If there is a command in JSCH like I see "addIdentity" what format should I give my pem file do I have to trim the -----BEGIN RSA PRIVATE KEY----- and make it byte array form.

B. If I do privKey = key.loadText("myPrivateKey.pem"); can I just give it my pem the way it is. For the below how can I verify that a public key is in the remote ~/.ssh directory and if it is not there can I generate it from the pem file? Does it have to exist for my unix command (0) to work?

// Authenticate with the SSH server using the login and
// private key. (The corresponding public key should've
// been installed on the SSH server beforehand.)
success = ssh.AuthenticatePk("myLogin",key);
if (success != true) {
System.out.println(ssh.lastErrorText());
return;
}

Thanks, Shane

LVL 25

Accepted Solution

by:Tomas Helgi Johannsson

Tomas Helgi Johannsson earned 1500 total points

ID: 387239782012-12-27

Here are some other links to look at
http://stackoverflow.com/questions/4194439/sending-commands-to-server-via-jsch-shell-channel

http://stackoverflow.com/questions/11787571/how-to-read-pem-file-to-get-private-and-public-key
http://stackoverflow.com/questions/7525679/how-to-get-the-java-security-privatekey-object-from-rsa-privatekey-pem-from-a-f

Regards,
Tomas Helgi

LVL 86

Expert Comment

by:CEHJ

ID: 387240802012-12-27

For the below how can I verify that a public key is in the remote ~/.ssh directory

If it's not there how would this work?

(0) The unix command that works

LVL 25

Expert Comment

by:Tomas Helgi Johannsson

ID: 387241882012-12-27

You will have to upload your keys to the remote server and put it into the .ssh directory for the ssh connection to work to that server.

Regards,
Tomas Helgi

LVL 86

Expert Comment

by:CEHJ

ID: 387242162012-12-27

You will have to upload your keys to the remote server and put it into the .ssh directory

That's already done (see my last comment)

In fact, it's conceivable you might have to do the reverse if you're using Jsch, as the load methods for keys seem to want to work only with a pair of files

Author Comment

by:RichardSDetsch

ID: 387251222012-12-27

Thanks the below works and was derived form http://stackoverflow.com/questions/7525679/how-to-get-the-java-security-privatekey-object-from-rsa-privatekey-pem-from-a-f

public static void main (String args []) throws Exception {
String pemPath = "/Users/userName/.ssh/pemFile.pem";
String ec2 = "ec2-xxxxxxxx-.compute-1.amazonaws.com";
Session session = connect(ec2, pemPath);
session.connect();
Thread.sleep(60000);
session.disconnect();
}

public static Session connect(String dnsName, String privKey) throws IOException {
JSch jSch = new JSch();

Session session = null;
try {
jSch.addIdentity(privKey);
session = jSch.getSession("someUser", dnsName, 22);
java.util.Properties config = new java.util.Properties();
config.put("StrictHostKeyChecking", "no");
session.setConfig(config);
System.out.println("Connecting SSH to " + dnsName + " - Please wait for few minutes... ");
System.out.println("Forwarding");
int assinged_port = session.setPortForwardingL(80, dnsName, 80);
System.out.println("localhost:"+assinged_port+" -> "+dnsName+":80");

} catch (JSchException e) {
e.printStackTrace();
}
return session;

}

Author Closing Comment

by:RichardSDetsch

ID: 387342492013-01-01

Thanks the below works and was derived form http://stackoverflow.com/questions/7525679/how-to-get-the-java-security-privatekey-object-from-rsa-privatekey-pem-from-a-f

public static void main (String args []) throws Exception {
            String pemPath = "/Users/userName/.ssh/pemFile.pem";
            String ec2 = "ec2-xxxxxxxx-.compute-1.amazonaws.com";
            Session session = connect(ec2, pemPath);
            session.connect();
Thread.sleep(60000);
            session.disconnect();
}

       public static Session connect(String dnsName, String privKey) throws IOException {
              JSch jSch = new JSch();

              Session session = null;
              try {
              jSch.addIdentity(privKey);
              session = jSch.getSession("scbeCoreDevUsEast1", dnsName, 22);
              java.util.Properties config = new java.util.Properties();
              config.put("StrictHostKeyChecking", "no");
              session.setConfig(config);
              System.out.println("Connecting SSH to " + dnsName + " - Please wait for few minutes... ");
              System.out.println("Forwarding");
                        int assinged_port = session.setPortForwardingL(8081, dnsName, 8080);
                        System.out.println("localhost:"+assinged_port+" -> "+dnsName+":8080");

              } catch (JSchException e) {
              e.printStackTrace();
              }
                  return session;

            }

Featured Post

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Beginning Java Programming: Import Projects to Eclipse IDE

Article by: Kevin

For beginner Java programmers or at least those new to the Eclipse IDE, the following tutorial will show some (four) ways in which you can import your Java projects to your Eclipse workbench. Introduction While learning Java can be done with…

Java

EE QA: Install and Configure Selenium, Java, Eclipse, and TestNG

Article by: Marlon

Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…

Arithmetic and Boolean Expressions in Java

Video by: Salmaan

Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…

Introduction to VisualVM (Part 1)

Video by: Amitkumar

This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.