jsch-users — For JSch users : support, suggestions, announcments, etc.

Re: [JSch-users] Execute ssh cmd on remote host

[Atsuhiko Y. <ym...@jc...>]

Hi,

On Thu, Apr 30, 2015 at 6:21 PM, Michael Hekel <che...@gm...> wrote:
> I'm succesfully connecting with Jsch to our ssh jump server.
> From there I would like to run a ssh cmd. I'm able to run simple commands
> like "ls" but get the following errors if I run "ssh hostX ls" (where hostX
> is a valid ip).
>
> System.err﹕ Permission denied, please try again.
> System.err﹕ Permission denied, please try again.
> System.err﹕ Permission denied
> (publickey,gssapi-keyex,gssapi-with-mic,password).

Try "ssh -v -v -v hostX ls"

Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
Skype callto://jcraft/
Twitter: http://twitter.com/ymnk
Facebook: http://facebook.com/aymnk

[JSch-users] Execute ssh cmd on remote host

[Michael H. <che...@gm...>]

<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>Hi,</div>

<div>&nbsp;</div>

<div>I&#39;m succesfully connecting with Jsch to our ssh jump server.</div>

<div>From there I would like to run a ssh cmd. I&#39;m able to run simple commands like &quot;ls&quot; but get the following errors if I run &quot;ssh hostX ls&quot; (where hostX is a valid ip).</div>

<div>&nbsp;</div>

<div>System.err&#65109; Permission denied, please try again.<br/>
System.err&#65109; Permission denied, please try again.<br/>
System.err&#65109; Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).<br/>
System.out&#65109; exit-status: 255</div>

<div>&nbsp;</div>

<div>It works using putty.</div>

<div>How would I run&nbsp; a coammnd like this?</div>

<div>&nbsp;</div>

<div>Thanks,</div>

<div>&nbsp;&nbsp; Michael</div></div></body></html>

[JSch-users] Is it possible to determine, which identity was used for ssh connection

[Svirkina, I. <isv...@is...>]

Hi everyone,

I'm using jgit and jsch.

JSch can be supplied with several sshkeys with help of addIdentity() method
(see Ex.). And so JSch having several identities finds suitable sshkeys
(identity) somehow by itself.

Ex.:
JSch jsch;
jsch.addIdentity(key1.getKeyName(), privateKey1, null, passPhrase1);
jsch.addIdentity(key2.getKeyName(), privateKey2, null, passPhrase2);
...

Is it possible to determine, which identity was used for ssh connection?

Thanks in advance, Irina

[JSch-users] remote sshd cannot be closed after disconnect() call

[Herbert Wu <her...@gm...>]

Hi,
I created a local ChannelExec and can execute unix command on remote host
correctly, but after call close() method below, the sshd process still
exists on the remote host until local jvm quits.

Anything wrong here to close sshd before local jvm quits?
Local JDK: 1.7
Remote host: Linux 2.6.x with OpenSSH_4.3p2

Thanks

Herbert

*public* *void* close() {

              *if* (channel != *null*) {

                     channel.disconnect();

                     channel=*null*;

              }

              *if* (session != *null*) {

                     session.disconnect();

                     session=*null*;

              }

}

[JSch-users] ANNOUNCE: JSch 0.1.52

[<ym...@jc...>]

Hi there,

JSch 0.1.52 has been released.
It is available at
  http://sourceforge.net/projects/jsch/files/jsch/0.1.52/jsch-0.1.52.zip/download
and its md5sum is 654ae66cc34e32187f8b0bd988ef601a
And you can get its byte code in jar file format at
  http://sourceforge.net/projects/jsch/files/jsch.jar/0.1.52/jsch-0.1.52.jar/download
and its md5sum is d15a8f7c162deb9c01942222dd9df3f7

Changes since version 0.1.51:
- bugfix: resource leak: duplicate keys in LocalIdentityRepository.
- feature: added the support for SSH ECC defined in RFC5656,
           ecdsa-sha2-nistp256,
           ecdsa-sha2-nistp384,
           ecdsa-sha2-nistp521,
           ecdh-sha2-nistp256,
           ecdh-sha2-nistp384,
           ecdh-sha2-nistp521
           This functionality requires Java7 or later.
- feature: added the support for server host keys in
           ecdsa-sha2-nistp256,
           ecdsa-sha2-nistp384,
           ecdsa-sha2-nistp521
- feature: generating key-pairs in
           ecdh-sha2-nistp256,
           ecdh-sha2-nistp384,
           ecdh-sha2-nistp521
- change: aes192-ctr, aes256-ctr and
          diffie-hellman-group-exchange-sha256 have been enabled
          by the default.
- change: key exchange methods, ecdh-sha2-nistp256,
          ecdh-sha2-nistp384 and ecdh-sha2-nistp521 have been enabled
          by the default.
- change: the support for host keys in ecdsa-sha2-nistp256,
          ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521 have been enabled
          by the default.
- change: 'examples/KeyGen.java' demonstrates how to generate
          ecdsa-sha2-* key-pairs.
- change: updating copyright messages; 2014 -> 2015
- TODO: The ECC support is not functional on Java6 with BouncyCastle.

Re: [JSch-users] FIPS mode failure

[Scott S. <sc...@sm...>]

Yes, it works in Java7!
I had to call setConfig("kex", ...) to force the new ecdh ones in front, 
or else it still chose dhgex and then failed because the 2048 key size 
could not be used.
Thanks!
  - Scott

On 3/14/2015 8:12 PM, Atsuhiko Yamanaka wrote:
> Hi,
>
>     +-From: Scott Smith <sc...@sm...> --
>     |_Date: Sat, 14 Mar 2015 10:58:06 -0500 ______
>     |
>     |Yes, that works on Java8, I can now access the FIPS-mode server using
>     |diffie-hellman-group-exchange-sha1 .
>     |But it still fails on Java7, I assume because it can not generate keys >
>     |1024?
>
> For a long time, Sun(and Oracle)'s default JCE provider had not
> supported the long key for DH.  It may be worth trying other JCE provider
> like BouncyCastle on Java7.
>
>     |Does this mean it will be hopeless to use JSch to connect to a FIPS-mode
>     |server on Java7 (that's mostly all I have here)?
>
> Does FIPS mode allow to use ecdh-sha2-nistp*?  We have succeeded to
> support ECC(Elliptic Curve Cryptography)[1] defined in RFC5656[2],
> and that functionality will be available on Java7.
> If you are interested in it, try
>    http://www.jcraft.com/jsch/jsch-0.1.52-rc24.zip
>
> [1] https://twitter.com/ymnk/status/570116671899185152
> [2] http://tools.ietf.org/html/rfc5656
>
>
> Sincerely,
> --
> Atsuhiko Yamanaka
> JCraft,Inc.
> 1-14-20 HONCHO AOBA-KU,
> SENDAI, MIYAGI 980-0014 Japan.
> Tel +81-22-723-2150
> Skype callto://jcraft/
> Twitter: http://twitter.com/ymnk
> Facebook: http://facebook.com/aymnk

Re: [JSch-users] FIPS mode failure

[<ym...@jc...>]

Hi,

   +-From: Scott Smith <sc...@sm...> --
   |_Date: Sat, 14 Mar 2015 10:58:06 -0500 ______
   |
   |Yes, that works on Java8, I can now access the FIPS-mode server using 
   |diffie-hellman-group-exchange-sha1 .
   |But it still fails on Java7, I assume because it can not generate keys > 
   |1024?

For a long time, Sun(and Oracle)'s default JCE provider had not
supported the long key for DH.  It may be worth trying other JCE provider
like BouncyCastle on Java7.

   |Does this mean it will be hopeless to use JSch to connect to a FIPS-mode 
   |server on Java7 (that's mostly all I have here)?

Does FIPS mode allow to use ecdh-sha2-nistp*?  We have succeeded to
support ECC(Elliptic Curve Cryptography)[1] defined in RFC5656[2],
and that functionality will be available on Java7.
If you are interested in it, try
  http://www.jcraft.com/jsch/jsch-0.1.52-rc24.zip

[1] https://twitter.com/ymnk/status/570116671899185152
[2] http://tools.ietf.org/html/rfc5656


Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
Skype callto://jcraft/
Twitter: http://twitter.com/ymnk
Facebook: http://facebook.com/aymnk

Re: [JSch-users] FIPS mode failure

[Scott S. <sc...@sm...>]

Yes, that works on Java8, I can now access the FIPS-mode server using 
diffie-hellman-group-exchange-sha1 .
But it still fails on Java7, I assume because it can not generate keys > 
1024?
Does this mean it will be hopeless to use JSch to connect to a FIPS-mode 
server on Java7 (that's mostly all I have here)?
Thanks.
  - Scott

On 3/13/2015 7:33 PM, Atsuhiko Yamanaka wrote:
> Hi,
>
>     +-From: Scott Smith <sc...@sm...> --
>     |_Date: Fri, 13 Mar 2015 11:43:55 -0500 ______
>     |
>     |Using 0.1.51, I am unable to connect to a CentOS6/RH6 Server setup in
>     |"FIPS compliance mode"
>     |(https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html).
>     ...
>     |    sshd[9299]: debug3: mm_answer_moduli: got parameters: 2048 2048 1024
>     |    sshd[9299]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024
>
>     |Using either diffie-hellman-group-exchange-sha1 or
>     |diffie-hellman-group-exchange-sha256 fails with FIPS enabled, but
>     |succeeds with FIPS disabled. Using either with the OpenSSH client works
>     |fine.
>
> Could you try to replace the following line
>    static int max=1024;
> with
>    static int max=2048;
> in src/main/java/com/jcraft/jsch/DHGEX.java, and
> choose 'diffie-hellman-group-exchange-sha1' on 'Java8'?
>
>
> Sincerely,
> --
> Atsuhiko Yamanaka
> JCraft,Inc.
> 1-14-20 HONCHO AOBA-KU,
> SENDAI, MIYAGI 980-0014 Japan.
> Tel +81-22-723-2150
> Skype callto://jcraft/
> Twitter: http://twitter.com/ymnk
> Facebook: http://facebook.com/aymnk

Re: [JSch-users] FIPS mode failure

[<ym...@jc...>]

Hi,

   +-From: Scott Smith <sc...@sm...> --
   |_Date: Fri, 13 Mar 2015 11:43:55 -0500 ______
   |
   |Using 0.1.51, I am unable to connect to a CentOS6/RH6 Server setup in 
   |"FIPS compliance mode" 
   |(https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html).
   ...
   |    sshd[9299]: debug3: mm_answer_moduli: got parameters: 2048 2048 1024
   |    sshd[9299]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024

   |Using either diffie-hellman-group-exchange-sha1 or 
   |diffie-hellman-group-exchange-sha256 fails with FIPS enabled, but 
   |succeeds with FIPS disabled. Using either with the OpenSSH client works 
   |fine.

Could you try to replace the following line
  static int max=1024;
with 
  static int max=2048;
in src/main/java/com/jcraft/jsch/DHGEX.java, and
choose 'diffie-hellman-group-exchange-sha1' on 'Java8'?


Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
Skype callto://jcraft/
Twitter: http://twitter.com/ymnk
Facebook: http://facebook.com/aymnk

[JSch-users] FIPS mode failure

[Scott S. <sc...@sm...>]

Hi ymnk,

Using 0.1.51, I am unable to connect to a CentOS6/RH6 Server setup in 
"FIPS compliance mode" 
(https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html).

When connecting, it fails with the following error:

    com.jcraft.jsch.JSchException: Session.connect: java.io.IOException:
    End of IO Stream Read
             at com.jcraft.jsch.Session.connect(Session.java:558)
             at JschApp.main(JschApp.java:56)

In the server log:

    sshd[9303]: debug1: SSH2_MSG_KEXINIT received
    sshd[9303]: debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
    sshd[9303]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    sshd[9303]: debug2: kex_parse_kexinit:
    aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
    sshd[9303]: debug2: kex_parse_kexinit:
    aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
    sshd[9303]: debug2: kex_parse_kexinit:
    hmac-sha1,hmac-sha2-256,hmac-sha2-512
    sshd[9303]: debug2: kex_parse_kexinit:
    hmac-sha1,hmac-sha2-256,hmac-sha2-512
    sshd[9303]: debug2: kex_parse_kexinit: none,zl...@op...
    sshd[9303]: debug2: kex_parse_kexinit: none,zl...@op...
    sshd[9303]: debug2: kex_parse_kexinit:
    sshd[9303]: debug2: kex_parse_kexinit:
    sshd[9303]: debug2: kex_parse_kexinit: first_kex_follows 0
    sshd[9303]: debug2: kex_parse_kexinit: reserved 0
    sshd[9303]: debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1
    sshd[9303]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    sshd[9303]: debug2: kex_parse_kexinit:
    aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
    sshd[9303]: debug2: kex_parse_kexinit:
    aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
    sshd[9303]: debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
    sshd[9303]: debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
    sshd[9303]: debug2: kex_parse_kexinit: none
    sshd[9303]: debug2: kex_parse_kexinit: none
    sshd[9303]: debug2: kex_parse_kexinit:
    sshd[9303]: debug2: kex_parse_kexinit:
    sshd[9303]: debug2: kex_parse_kexinit: first_kex_follows 0
    sshd[9303]: debug2: kex_parse_kexinit: reserved 0
    sshd[9303]: debug2: mac_setup: found hmac-sha1
    sshd[9303]: debug1: kex: client->server aes128-ctr hmac-sha1 none
    sshd[9303]: debug3: mm_request_send entering: type 78
    sshd[9303]: debug3: mm_request_receive_expect entering: type 79
    sshd[9303]: debug3: mm_request_receive entering
    sshd[9299]: debug3: monitor_read: checking request 78
    sshd[9299]: debug3: mm_request_send entering: type 79
    sshd[9299]: debug3: mm_request_receive entering
    sshd[9303]: debug2: mac_setup: found hmac-sha1
    sshd[9303]: debug1: kex: server->client aes128-ctr hmac-sha1 none
    sshd[9303]: debug3: mm_request_send entering: type 78
    sshd[9303]: debug3: mm_request_receive_expect entering: type 79
    sshd[9303]: debug3: mm_request_receive entering
    sshd[9299]: debug3: monitor_read: checking request 78
    sshd[9299]: debug3: mm_request_send entering: type 79
    sshd[9299]: debug3: mm_request_receive entering
    sshd[9303]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
    sshd[9303]: debug3: mm_request_send entering: type 0
    sshd[9303]: debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
    sshd[9303]: debug3: mm_request_receive_expect entering: type 1
    sshd[9303]: debug3: mm_request_receive entering
    sshd[9299]: debug3: monitor_read: checking request 0
    sshd[9299]: debug3: mm_answer_moduli: got parameters: 2048 2048 1024
    sshd[9299]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024
    sshd[9299]: debug1: do_cleanup

Using either diffie-hellman-group-exchange-sha1 or 
diffie-hellman-group-exchange-sha256 fails with FIPS enabled, but 
succeeds with FIPS disabled. Using either with the OpenSSH client works 
fine.

On a side note, IF the client is using Java 8, I am able to connect with 
JSch, as it is able to use diffie-hellman-group14-sha1 successfully.
Does the server output give you any ideas what may be the issue?

Thank you in advance.
  - Scott

Re: [JSch-users] Oracle apps through JSch

[Leonardo K. S. <sh...@gm...>]

actually, you can remove this

        expect.expect("#");
        expect.send("exit\n");

[]

Leo

On Thu, Feb 26, 2015 at 8:11 AM, Leonardo K. Shikida <sh...@gm...>
wrote:

> Hi Ulises
>
> Here's how I do it.
>
> Use https://github.com/ronniedong/Expect-for-Java (it's just a single
> class)
>
> import org.apache.log4j.Level;
>
> import com.jcraft.jsch.Channel;
> import com.jcraft.jsch.JSch;
> import com.jcraft.jsch.Session;
>
> public class SQLPlusAutomation {
>
>     public static void main(String[] args) throws Exception {
>         String rootPassword = "...";
>         JSch jsch = null;
>         Session session = null;
>         jsch = new JSch();
>         session = jsch.getSession("leoks", "localhost");
>         session.setPassword(rootPassword);
>         session.setConfig("StrictHostKeyChecking", "no");
>         session.setConfig("PreferredAuthentications",
> "publickey,keyboard-interactive,password");
>         session.connect(10 * 1000);
>         Channel channel = session.openChannel("shell");
>         Expect expect = new Expect(channel.getInputStream(),
> channel.getOutputStream());
>         expect.setDefault_timeout(2);
>         expect.turnOffLogging();
>
>         expect.forwardInputStreamTo(System.out);
>
>         channel.connect();
>
>         expect.expect("password for leoks:");
>         expect.send("sudo su - oracle\n");
>
>         expect.expect("\\$");
>         expect.send(rootPassword+"\n");
>
>         expect.expect("\\$");
>         expect.send("source ./product/11.2.0/xe/bin/oracle_env.sh\n");
>
>         expect.expect("SQL>");
>         expect.send("sqlplus / as sysdba\n");
>
>         expect.expect("SQL>");
>         expect.send("select sysdate from dual;\n");
>
>         expect.expect("\\$");
>         expect.send("quit;\n");
>
>         expect.expect("#");
>         expect.send("exit\n");
>
>         expect.expect("\\$");
>         expect.send("exit\n");
>
>         expect.expectEOF();
>         expect.close();
>
>         if (session != null) {
>             session.disconnect();
>         }
>     }
>
> }
>
>
> here's my output
>
> Last login: Thu Feb 26 08:07:52 2015 from localhost
>
> [leoks@myhost ~]$ sudo su - oracle
> [sudo] password for leoks:
> -bash-4.1$ source ./product/11.2.0/xe/bin/oracle_env.sh
> -bash-4.1$ sqlplus / as sysdba
>
> SQL*Plus: Release 11.2.0.2.0 Production on Thu Feb 26 08:08:35 2015
>
> Copyright (c) 1982, 2011, Oracle.  All rights reserved.
>
>
> Connected to:
> Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production
>
> SQL> select sysdate from dual;
>
> SYSDATE
> ------------------
> 26-FEB-15
>
> SQL> quit;
> Disconnected from Oracle Database 11g Express Edition Release 11.2.0.2.0 -
> 64bit Production
> -bash-4.1$ exit
> logout
> [leoks@myhost ~]$ exit
> logout
>
> []
>
> Leo
>
> On Wed, Feb 25, 2015 at 11:08 PM, Ulises Vazquez <uva...@ho...>
> wrote:
>
>> I cannot enter to Oracle SQL*Plus nor Oracle RMAN through a JSch ssh
>> session. The session hangs when the sqlplus or rman prompt is about to
>> appear in the output.
>>
>> Is there a way to deal with this issue?
>>
>> Ulises Vázquez Rocha
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website,
>> sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub
>> for all
>> things parallel software development, from weekly thought leadership
>> blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now. http://goparallel.sourceforge.net/
>> _______________________________________________
>> JSch-users mailing list
>> JSc...@li...
>> https://lists.sourceforge.net/lists/listinfo/jsch-users
>>
>
>

Re: [JSch-users] Oracle apps through JSch

[Leonardo K. S. <sh...@gm...>]

Hi Ulises

Here's how I do it.

Use https://github.com/ronniedong/Expect-for-Java (it's just a single class)

import org.apache.log4j.Level;

import com.jcraft.jsch.Channel;
import com.jcraft.jsch.JSch;
import com.jcraft.jsch.Session;

public class SQLPlusAutomation {

    public static void main(String[] args) throws Exception {
        String rootPassword = "...";
        JSch jsch = null;
        Session session = null;
        jsch = new JSch();
        session = jsch.getSession("leoks", "localhost");
        session.setPassword(rootPassword);
        session.setConfig("StrictHostKeyChecking", "no");
        session.setConfig("PreferredAuthentications",
"publickey,keyboard-interactive,password");
        session.connect(10 * 1000);
        Channel channel = session.openChannel("shell");
        Expect expect = new Expect(channel.getInputStream(),
channel.getOutputStream());
        expect.setDefault_timeout(2);
        expect.turnOffLogging();

        expect.forwardInputStreamTo(System.out);

        channel.connect();

        expect.expect("password for leoks:");
        expect.send("sudo su - oracle\n");

        expect.expect("\\$");
        expect.send(rootPassword+"\n");

        expect.expect("\\$");
        expect.send("source ./product/11.2.0/xe/bin/oracle_env.sh\n");

        expect.expect("SQL>");
        expect.send("sqlplus / as sysdba\n");

        expect.expect("SQL>");
        expect.send("select sysdate from dual;\n");

        expect.expect("\\$");
        expect.send("quit;\n");

        expect.expect("#");
        expect.send("exit\n");

        expect.expect("\\$");
        expect.send("exit\n");

        expect.expectEOF();
        expect.close();

        if (session != null) {
            session.disconnect();
        }
    }

}


here's my output

Last login: Thu Feb 26 08:07:52 2015 from localhost

[leoks@myhost ~]$ sudo su - oracle
[sudo] password for leoks:
-bash-4.1$ source ./product/11.2.0/xe/bin/oracle_env.sh
-bash-4.1$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.2.0 Production on Thu Feb 26 08:08:35 2015

Copyright (c) 1982, 2011, Oracle.  All rights reserved.


Connected to:
Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production

SQL> select sysdate from dual;

SYSDATE
------------------
26-FEB-15

SQL> quit;
Disconnected from Oracle Database 11g Express Edition Release 11.2.0.2.0 -
64bit Production
-bash-4.1$ exit
logout
[leoks@myhost ~]$ exit
logout

[]

Leo

On Wed, Feb 25, 2015 at 11:08 PM, Ulises Vazquez <uva...@ho...>
wrote:

> I cannot enter to Oracle SQL*Plus nor Oracle RMAN through a JSch ssh
> session. The session hangs when the sqlplus or rman prompt is about to
> appear in the output.
>
> Is there a way to deal with this issue?
>
> Ulises Vázquez Rocha
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> JSch-users mailing list
> JSc...@li...
> https://lists.sourceforge.net/lists/listinfo/jsch-users
>

[JSch-users] Oracle apps through JSch

[Ulises V. <uva...@ho...>]

I cannot enter to Oracle SQL*Plus nor Oracle RMAN through a JSch ssh session. The session hangs when the sqlplus or rman prompt is about to appear in the output.

Is there a way to deal with this issue?

Ulises Vázquez Rocha

Re: [JSch-users] "InputStream" and "BufferedReader" or any other way to get the output of an SSH command

[Ulises V. R. <uva...@ho...>]

I realized that this objects are part of the “java.io” library and I have solved this issue.

Thank you anyway!


> On Feb 20, 2015, at 15:52, Ulises Vázquez Rocha <uva...@ho...> wrote:
> 
> I am able to connecto to the SSH session, and apparently to execute commands but when I try to use the InputStream and BuuferReader, I recive the folowgin message form NetBeans: “cannot find symbol”.
> 
> I have imported the Jsch lirary completelly: import com.jcraft.jsch.*;
> 
> What am I doing wrong? or is there other way to do it?
> 
> Java 6 in NeadBeans 8.
> 
> Regards,

Re: [JSch-users] "InputStream" and "BufferedReader" or any other way to get the output of an SSH command

[Ulises V. R. <uva...@ho...>]

I realized that this objects are part of the “java.io” library and I have solved this issue.

Thank you anyway!


> On Feb 20, 2015, at 15:52, Ulises Vázquez Rocha <uva...@ho...> wrote:
> 
> I am able to connecto to the SSH session, and apparently to execute commands but when I try to use the InputStream and BuuferReader, I recive the folowgin message form NetBeans: “cannot find symbol”.
> 
> I have imported the Jsch lirary completelly: import com.jcraft.jsch.*;
> 
> What am I doing wrong? or is there other way to do it?
> 
> Java 6 in NeadBeans 8.
> 
> Regards,

[JSch-users] "InputStream" and "BufferedReader" or any other way to get the output of an SSH command

[Ulises V. R. <uva...@ho...>]

I am able to connecto to the SSH session, and apparently to execute commands but when I try to use the InputStream and BuuferReader, I recive the folowgin message form NetBeans: “cannot find symbol”.

I have imported the Jsch lirary completelly: import com.jcraft.jsch.*;

What am I doing wrong? or is there other way to do it?

Java 6 in NeadBeans 8.

Regards,

[JSch-users] OpenSSH Server with aes192-ctr and aes256-ctr only

[Matt T. <mat...@gm...>]

Unlimited Encryption Strength? true
INFO: Connecting to 10.100.21.18 port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
INFO: Local version string: SSH-2.0-JSCH-0.1.51
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1
INFO: diffie-hellman-group14-sha1 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: cur...@li...,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
INFO: kex: server: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
INFO: kex: server: aes192-ctr,aes256-ctr
INFO: kex: server: aes192-ctr,aes256-ctr
INFO: kex: server: hma...@op...,hma...@op...,uma...@op...,uma...@op...,hma...@op...,hma...@op...,hma...@op...,hma...@op...,hma...@op...,hmac-md5,hmac-sha1,um...@op...,uma...@op...,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hma...@op...,hmac-sha1-96,hmac-md5-96
INFO: kex: server: hma...@op...,hma...@op...,uma...@op...,uma...@op...,hma...@op...,hma...@op...,hma...@op...,hma...@op...,hma...@op...,hmac-md5,hmac-sha1,um...@op...,uma...@op...,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hma...@op...,hmac-sha1-96,hmac-md5-96
INFO: kex: server: none,zl...@op...
INFO: kex: server: none,zl...@op...
INFO: kex: server: 
INFO: kex: server: 
INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
INFO: kex: client: ssh-rsa,ssh-dss
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client: 
INFO: kex: client: 
INFO: Disconnecting from 10.100.21.18 port 22
com.jcraft.jsch.JSchException: Algorithm negotiation fail

[JSch-users] Help on openChannel("exec")

[sodiska s. <so...@ho...>]

Hi,
     I am trying to implement an apps that send multiple commands one at a time to a remote system. However, after I execute the first command, I get error. From the debug trace, the error found:
DEBUG: Caught an exception, leaving main loop due to End of IO Stream ReadDEBUG: Disconnecting from cheesoon.revenuenetwork.net port 22

Below is part of the codes. Summary of my codes is that my second command, I re-initiate channel object and re-used the session object. Is that the right way to things? I test it and its not working says session has been closed due to the above DEBUG reason. If I re-initiate the session, then its ok. Is this the right way?


//FIRST commandSession session=jsch.getSession(user, host, 22);    session.connect();
command = "display version";      Channel channel=session.openChannel("exec");      ((ChannelExec)channel).setCommand(command);           channel.setInputStream(null);      ((ChannelExec)channel).setErrStream(System.err);      InputStream in=channel.getInputStream();      OutputStream out = channel.getOutputStream();      String versionDesc = null;      String outgoing = null;      String temp = null;            channel.connect();      byte[] tmp=new byte[1024];      while(true){        while(in.available()>0){          int i=in.read(tmp, 0, 1024);          if(i<0)         break;          temp = new String(tmp, 0, i);         if (versionDesc == null) {         temp.replaceAll("^\\s+", "");         temp.replaceAll("^(\\r\\n)+", "");         versionDesc = temp;         System.out.println(versionDesc);         } else         versionDesc += temp;          outgoing = new String (" "); // keeps listing the config values          out.write(outgoing.getBytes());          out.flush();        }        if(channel.isClosed()){          if(in.available()>0) continue;          System.out.println("exit-status: "+channel.getExitStatus());          break;        }        try{Thread.sleep(1000);}catch(Exception ee){}      }      channel.disconnect();      //session.disconnect();
//SECOND COMMANDcommand = "display current configuration";      Channel channel=session.openChannel("exec");      ((ChannelExec)channel).setCommand(command);           channel.setInputStream(null);      ((ChannelExec)channel).setErrStream(System.err);      InputStream in=channel.getInputStream();      OutputStream out = channel.getOutputStream();      String versionDesc = null;      String outgoing = null;      String temp = null;            channel.connect();      byte[] tmp=new byte[1024];      while(true){        while(in.available()>0){          int i=in.read(tmp, 0, 1024);          if(i<0)         break;          temp = new String(tmp, 0, i);         if (versionDesc == null) {         temp.replaceAll("^\\s+", "");         temp.replaceAll("^(\\r\\n)+", "");         versionDesc = temp;         System.out.println(versionDesc);         } else         versionDesc += temp;          outgoing = new String (" "); // keeps listing the config values          out.write(outgoing.getBytes());          out.flush();        }        if(channel.isClosed()){          if(in.available()>0) continue;          System.out.println("exit-status: "+channel.getExitStatus());          break;        }        try{Thread.sleep(1000);}catch(Exception ee){}      }
 		 	   		  

[JSch-users] SSH with JFrame / Applet

[sodiska s. <so...@ho...>]

Hi,
     Hope someone can give some clue on what I am about to post here:
I am trying to connect to a remote SSH server, once connected, I want a JAVA GUI (JFrame comes into mind or an Applet) to take over instead of a shell. Reason is that, I only want certain commands in a drop down list and/or in a textfield to be executed by valid user. Once executed, the user will only get to see Success or Unsuccessful. How can I achieve this? 		 	   		  

Re: [JSch-users] Jsch stopped working with Java8

[<ym...@jc...>]

Hi there,

   +-From: ym...@jc... (Atsuhiko Yamanaka) --
   |_Date: Thu, 1 Jan 2015 01:14:37 +0900 _______
   |
   |FYI, I had sent a request[1] for changing that behavior
   |to security-dev mailing list, and the problem has been fixed[2][3]
   |at last. Java9 will not have the reported problem.
   |[1] http://mail.openjdk.java.net/pipermail/security-dev/2014-September/011228.html
   |[2] https://bugs.openjdk.java.net/browse/JDK-8039921?focusedCommentId=13593153&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13593153
   |[3] http://hg.openjdk.java.net/jdk9/dev/jdk/rev/edd7a67585a5

FYI, it seems that fix has been backported[1] to JDK8u60.

[1] http://hg.openjdk.java.net/jdk8u/jdk8u-dev/jdk/rev/3212f1631643


Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
    +1-415-578-3454
Skype callto://jcraft/
Twitter: http://twitter.com/ymnk
Facebook: http://facebook.com/aymnk

Re: [JSch-users] Jsch stopped working with Java8

[Peter B. <pet...@pr...>]

Atsuhiko Yamanaka <ymnk@...> writes:

> 
> Hi,
> 
> On Tue, Jul 29, 2014 at 1:18 AM, Marc Logemann
> <marc.logemann@...> wrote:
> > we are using JSch as transport mechanism for EDI data to a different company
> > for about 7 years now. Today we upgraded to Java 8 and now when we try to
> > connect, we get:
> >
> >  Session.connect: java.security.InvalidKeyException: Key is too long for
> > this algorithm
> 
> Could you try
>   https://gist.github.com/ymnk/2318108#file-logger-java
> on Java7 and Java8?
> 
> Sincerely,
> --
> Atsuhiko Yamanaka
> JCraft,Inc.
> 1-14-20 HONCHO AOBA-KU,
> SENDAI, MIYAGI 980-0014 Japan.
> Tel +81-22-723-2150
>     +1-415-578-3454
> Skype callto://jcraft/
> 
> ------------------------------------------------------------------------------
> Infragistics Professional
> Build stunning WinForms apps today!
> Reboot your WinForms applications with our WinForms controls. 
> Build a bridge from your legacy apps to the future.
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> 


We had a similar problem, though we are using java version 1.7
After upgrading java from version 1.7.0_55 to 1.7.0_71 the SFTP stopped
working with the exception mentioned; InvalidKeyException: Key is too long
for this algorithm.
We were using OpenJDK on CentOS 6 
And trying to update the JCE extension did not help
But after changing to Oracle's Java JDK version 1.7.0_71 the problem was
resolved, even without the JCE extension.
I hope this can help 

[JSch-users] [sftp] strange behaviour with LsEntry/ls()-command

[Grimm, M. <Gr...@ju...>]

Hi all,

maybe someone can explain me the following behavior:

I list a directory on a server via sftp-ls-command. The LsEntry#getLongname() provides this information f.e.

-rw-r--r--    1 test  test  31728814 Sep 12 14:15 JDgrossow.13.52.01.zip

and for another entry

-rw-r--r--    1 test test     66335 Jan 23  2014 JDAGG.09.52.01.zip

The 14:15 in the first entry is the time, the 2014 in the second entry the date.
Both files are from the year 2014. Why the one entry has the time in its string-representation and the other the year at this position.
What is the reason of this mixed representation?


Thanks,
M.G.


Vertraulichkeitshinweis
Diese Information und jeder uebermittelte Anhang beinhaltet vertrauliche Informationen und ist nur fuer die Personen oder das Unternehmen bestimmt, an welche sie tatsaechlich gerichtet ist. Sollten Sie nicht der Bestimmungsempfaenger sein, weisen wir Sie darauf hin, dass die Verbreitung, das (auch teilweise) Kopieren sowie der Gebrauch der empfangenen E-Mail und der darin enthaltenen Informationen gesetzlich verboten sein kann und gegebenenfalls Schadensersatzpflichten ausloesen kann. Sollten Sie diese Nachricht aufgrund eines Uebermittlungsfehlers erhalten haben, bitten wir Sie den Sender unverzueglich hiervon in Kenntnis zu setzen.
Sicherheitswarnung: Bitte beachten Sie, dass das Internet kein sicheres Kommunikationsmedium ist. Obwohl wir im Rahmen unseres Qualitaetsmanagements und der gebotenen Sorgfalt Schritte eingeleitet haben, um einen Computervirenbefall weitestgehend zu verhindern, koennen wir wegen der Natur des Internets das Risiko eines Computervirenbefalls dieser E-Mail nicht ausschliessen.

[JSch-users] is it possible to implement a web service that serve as a ssh client in browser?

[Li Li <fan...@gm...>]

I want to visit serverA which can only accessed by clientB from my pc
at home. I can setup a java web server(such as tomcat) on port 8080
and providing http serice which can be accessed by my pc at home. But
I can't run sshd on clientB. Is it possible to use jsch to implement
such service? I mean I write a simple jsp which read user input from
web browser and send the command to serverA, And when command finish
on severA, it read the output and write to browser.
Or more elegant, I can directly run ssh serverA with the help of
clientB through http protocol?

Re: [JSch-users] making SSH secure again

[Jan K. <j.k...@gm...>]

Note that not everybody agrees on his choices. Some interesting remarks on
this article can be found on Hacker News and Reddit.
https://news.ycombinator.com/item?id=8843994
http://www.reddit.com/r/netsec/comments/2ribdz/secure_secure_shell/

On Wed, Jan 7, 2015 at 6:30 PM, Alan Ezust <ala...@gm...> wrote:

> Thought this article might be of interest.
>
>
> https://stribika.github.io/2015/01/04/secure-secure-shell.html
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming! The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is
> your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net
> _______________________________________________
> JSch-users mailing list
> JSc...@li...
> https://lists.sourceforge.net/lists/listinfo/jsch-users
>

[JSch-users] making SSH secure again

[Alan E. <ala...@gm...>]

Thought this article might be of interest.


https://stribika.github.io/2015/01/04/secure-secure-shell.html