Hi,

you probably want to use 0 (thus automatic free port) instead of a specific port (i.e. 8822) so that you can't run in the situation that the port is taken by a different application.

Alternatively you can use nc/netcat on the gateway. That has the advantage that you don't have a open port on the client machine which might be a security problem in a multi-user environment.

This can be done by using the following Proxy class. You then connect the session by:
session.setProxy(new NCProxy(username,host,22,jsch));

If you don't have nc on the gateway but /dev/tcp you can use: http://www.rschulz.eu/2008/09/ssh-proxycommand-without-netcat.html 

Roland


class NCProxy implements Proxy {
private ChannelExec channel;
private Session session1;
private String username;
private JSch jsch;
private String host;
private int port;
public NCProxy(String username, String host, int port, JSch jsch) {
this.host = host;
this.port = port;
this.username = username;
this.jsch = jsch;
}
@Override
public void connect(SocketFactory socket_factory, String dhost,
int dport, int timeout) throws Exception {
session1 = jsch.getSession(username, host, port);
session1.setUserInfo(new MyUserInfo());
session1.connect(timeout);
channel = (ChannelExec)session1.openChannel("exec");
channel.setCommand("nc "+dhost+" "+dport);  //or netcat, bash, ...
channel.connect(timeout);
}
@Override
public InputStream getInputStream() {
try {
return channel.getInputStream();
} catch (IOException e) {
e.printStackTrace();
return null;
}
}
@Override
public OutputStream getOutputStream() {
try {
return channel.getOutputStream();
} catch (IOException e) {
e.printStackTrace();
return null;
}
}
@Override
public Socket getSocket() {
return null;
}
@Override
public void close() {
channel.disconnect();
session1.disconnect();
}
}

On Fri, Feb 12, 2010 at 12:14 PM, Amol-Gmail <amolk76@gmail.com> wrote:
What it essentially means in code is the following?
 

JSch jsch =

new JSch();
Session session1 = jsch.getSession(
username, "firewall"
, 22);
session1.setUserInfo(
new
MyUserInfo(password1));
session1.connect();
int
assinged_port = session1.setPortForwardingL(8822, "machine", 22);
Session session2 = jsch.getSession(
username, "localhost"
, assinged_port); // SHOULD IT BE assinged_port OR 8822 ????
session2.setUserInfo(
new
MyUserInfo(password2));
session2.connect();
// Now execute all commands by creating channel on session2
Is this correct interpretation of your messages?
 
 
----- Original Message -----
Sent: Friday, February 12, 2010 10:20 PM
Subject: Re: [JSch-users] How to use JSch for the following scenario

First, you can programmatically SSH to username@firewall.
Then, you can port forward local port 8822 to remote "machine:22".
Then you can programatically SSH to username@localhost:8822.

Amol-Gmail wrote:
Hi Team,
 
I am using JSch module and have been successful in using it in most of the conditions. I am using standard way of connecting as provided in some of the examples which is working fine for me.
 
Now I have an additional requirement, SSH is behind the firewall, and following is the manner in which user is connecting to it from his shell:
 
ssh firewall@username
password: ********
ssh
machine@username
password ***************
su - user
password: *****
Once user fires this command, he can then fire any commands of interest in this session. I am wondering how to program this using JSch code in my java application.
 
Any help/ideas are welcomed.
 
 
Regards,
Amol Kulkarni

------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users




--
ORNL/UT Center for Molecular Biophysics cmb.ornl.gov
865-241-1537, ORNL PO BOX 2008 MS6309