Trying to SSH to a trusted server

**ndedhia1** · Sep 20 '10, 08:52 PM

I have fixed the above error by putting in the correct path name for the known_hosts file, but now, how do i authenticate?
There is no password that is needed to get onto these servers because it is trusted.

**Oralloy** · Sep 20 '10, 11:16 PM

@ndedhia1,

You should get back a SSL certificate as part of the authentication process. You'll have to verify that it is derived from a trusted certificate.

With SSL, there are several standard authentication providers, and they let you root your certificate to theirs. These providers are self proclaimed, and only accepted because the community accepts them.

If you want, you can provide your own root authentication server. I've done it in the past to keep managers from crying too much while the real certificates are acquired.

Hopefully that helps some.

Cheers!

**ndedhia1** · Sep 21 '10, 02:57 AM

hi Oralloy,
thanks for the help!!
Do you have any code examples of the SSL certificates you were talking about?

Right now, I am doing the authenticating like this:

Code:

pwd.setUsername(user);
pwd.setPassword(password);
// Authenticate the user
int result = ssh.authenticate(pwd);
if(result==AuthenticationProtocolState.COMPLETED) {
System.out.println("Authentication Completed");
}

But the only problem with this is that there is no password. When i dont try to authenticate the password, I get an error saying that password or user cannot be null.

Thanks again!!

**Oralloy** · Sep 21 '10, 01:53 PM

ndedhia1,

For some reason I thought you were using SSL, not SSH. I gave you a bum post, and I apologize for that.

Still, I'll look around and see what we can do.

As I recall for SSH (not SSL), hosts and clients have optional mutual recognition. Most hosts I've worked with are permissive, though, and don't complain when they don't recognize the client computer. Clients often complain (look at the implementation of PUTTy) about host recognition, because the user is too lazy to update the known_hosts and keys files. But, you likely know this.

BTW, if you don't have a password, try sending a zero length string (""), instead of null, or none at all.

Again, my apologies for the brain fart yesterday.

Luck!
Oralloy

**ndedhia1** · Sep 21 '10, 02:15 PM

hi Oralloy.
No problem with the mistake. It happens to everyone:)

Here is the output I get from my connect and authentication code:
Also, I tried it with an empty password and that failed also.

Code:

          ssh.connect(host, new ConsoleKnownHostsKeyVerification("$HOME/.ssh/known_hosts"));
 
           
    	   System.out.println("BEFORE AUTHENTICATION");
    	 //Authenticate
    	   
    	   PasswordAuthenticationClient passwordAuthenticationClient = new PasswordAuthenticationClient();
    	   passwordAuthenticationClient.setUsername(user);
//   	   passwordAuthenticationClient.setPassword(password);

Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.transport.p ublickey.SshKey PairFactory <clinit>
INFO: Loading public key algorithms
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.configurati on.Configuratio nLoader initialize
INFO: JAVA version is 1.6.0_11-rev
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.configurati on.Configuratio nLoader initialize
INFO: Extension /usr/local/jdk1.6.0_11/jre/lib/ext/sunjce_provider .jar being added to classpath
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.util.Extens ionClassLoader add
INFO: Adding /usr/local/jdk1.6.0_11/jre/lib/ext/sunjce_provider .jar to the extension classpath
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.configurati on.Configuratio nLoader initialize
INFO: Extension /usr/local/jdk1.6.0_11/jre/lib/ext/sunpkcs11.jar being added to classpath
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.util.Extens ionClassLoader add
INFO: Adding /usr/local/jdk1.6.0_11/jre/lib/ext/sunpkcs11.jar to the extension classpath
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.configurati on.Configuratio nLoader initialize
INFO: Extension /usr/local/jdk1.6.0_11/jre/lib/ext/dnsns.jar being added to classpath
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.util.Extens ionClassLoader add
INFO: Adding /usr/local/jdk1.6.0_11/jre/lib/ext/dnsns.jar to the extension classpath
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.configurati on.Configuratio nLoader initialize
INFO: Extension /usr/local/jdk1.6.0_11/jre/lib/ext/tools.jar being added to classpath
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.util.Extens ionClassLoader add
INFO: Adding /usr/local/jdk1.6.0_11/jre/lib/ext/tools.jar to the extension classpath
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.configurati on.Configuratio nLoader initialize
INFO: Extension /usr/local/jdk1.6.0_11/jre/lib/ext/localedata.jar being added to classpath
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.util.Extens ionClassLoader add
INFO: Adding /usr/local/jdk1.6.0_11/jre/lib/ext/localedata.jar to the extension classpath
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.transport.c ipher.SshCipher Factory <clinit>
INFO: Loading supported cipher algorithms
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.transport.k ex.SshKeyExchan geFactory <clinit>
INFO: Loading key exchange methods
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.transport.c ompression.SshC ompressionFacto ry <clinit>
INFO: Loading compression methods
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.transport.h mac.SshHmacFact ory <clinit>
INFO: Loading message authentication methods
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.transport.T ransportProtoco lCommon startTransportP rotocol
INFO: Starting transport protocol
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.transport.T ransportProtoco lCommon run
INFO: Registering transport protocol messages with inputstream
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.transport.T ransportProtoco lCommon negotiateVersio n
INFO: Negotiating protocol version
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.transport.T ransportProtoco lCommon negotiateVersio n
INFO: Protocol negotiation complete
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.transport.T ransportProtoco lCommon beginKeyExchang e
INFO: Starting key exchange
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.transport.k ex.DhGroup1Sha1 performClientEx change
INFO: Starting client side key exchange.
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.transport.A bstractKnownHos tsKeyVerificati on verifyHost
INFO: Verifying prdgc103b,10.17 0.114.4 host key
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.transport.T ransportProtoco lClient verifyHostKey
INFO: The host key signature is valid
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.transport.T ransportProtoco lCommon completeKeyExch ange
INFO: Completing key exchange
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.transport.c ipher.SshCipher Factory newInstance
INFO: Creating new blowfish-cbc cipher instance
Sep 21, 2010 10:11:38 AM com.sshtools.j2 ssh.transport.c ipher.SshCipher Factory newInstance
INFO: Creating new blowfish-cbc cipher instance
BEFORE AUTHENTICATION
YOU FAILED IN THE CONNECT
Error: com.sshtools.j2 ssh.authenticat ion.Authenticat ionProtocolExce ption: Username and password cannot be null!

**Oralloy** · Sep 21 '10, 03:31 PM

Hey, have you tried looking at:

http://www.sshtools.com/en/kb/idx.php/0/014/article/Getting-started-with-J2SSH-Maverick.html

**ndedhia1** · Sep 21 '10, 04:56 PM

Hey Oralloy,
Before I try you suggested way, I found a way to authenticate using key, which is the way that I am connecting to the server. Now the problem that i am getting is that I am getting this error when running the below program:

ISCONNECTED: true
I got past the authenticate the public key
Sep 21, 2010 12:31:43 PM com.sshtools.j2 ssh.transport.p ublickey.SshPri vateKeyFile parse
INFO: Parsing private key file
Sep 21, 2010 12:31:43 PM com.sshtools.j2 ssh.transport.p ublickey.SshPri vateKeyFile parse
INFO: Private key is not in the default format, attempting parse with other supported formats
YOU FAILED IN THE CONNECT
Error: com.sshtools.j2 ssh.transport.p ublickey.Invali dSshKeyExceptio n: The key format is not a supported format

I found an example of this code that I thought would help but the parse method did allow 2 arguments:

do you have any thoughts on how i can format the key to the supported format.

I found this information in the Java SSH API User's Guide.

Thanks for all the help so far!!

THIS IS THE EXAMPLE I FOUND ON HOW TO FORMAT THE KEY BUT THE PARSE DIDNT ALLOW IT:

Code:

// Open up the private key file
SshPrivateKeyFile file =
  SshPrivateKeyFile.parse(new File(filename),
              new SshtoolsPrivateKeyFormat());

Code:

Once your server is configured you can connect using your newly generated key with the following code: 


import com.sshtools.j2ssh.transport.publickey.SshPrivateKey;
import com.sshtools.j2ssh.transport.publickey.SshPrivateKeyFile;
import com.sshtools.j2ssh.transport.publickey.SshtoolsPrivateKeyFormat;
import com.sshtools.j2ssh.transport.publickey.SshPrivateKey;

/**
* Authenticate using a public key
*/
PublicKeyAuthenticationClient pk = new PublicKeyAuthenticationClient();
pk.setUsername(user); 		

// Open up the private key file
SshPrivateKeyFile file =
  SshPrivateKeyFile.parse(new File("$HOME/.ssh/known_hosts"));

// Get the key
SshPrivateKey key = file.toPrivateKey(password);

// Set the key and authenticate
pk.setKey(key);
int result = session.authenticate(pk);

**ndedhia1** · Sep 21 '10, 06:58 PM

Hey Oralloy,
I got it to work. The reason that it was giving me this error:

INFO: Private key is not in the default format, attempting parse with other supported formats
YOU FAILED IN THE CONNECT
Error: com.sshtools.j2 ssh.transport.p ublickey.Invali dSshK eyException: The key format is not a supported format

was because I had it pointing to the know_hosts file and not to the private key file.

THANKS FOR ALL YOUR HELP!!

**Oralloy** · Sep 21 '10, 07:00 PM

ndedhia1,

I can't say I did much besides cheer you on.

Still, I'm glad you've got it working.

Cheers!
Oralloy

**ndedhia1** · Jan 31 '14, 09:44 PM

Hey Oralloy,
I have another question regarding blowfish-cbc cipher instance.
Before I give you the code, I was wondering if you have come across this issue.
My program will be running fine for hours or even days without this occurring, but every once in a while, it will get stuck on this part:

Code:

INFO: Creating new blowfish-cbc cipher instance.
Jan 31, 2014 3:11:09 PM com.sshtools.j2ssh.transport.cipher.SshCipherFactory new Instance
INFO: Creating new blowfish-cbc cipher instance

My application will just sit there doing nothing till I shut it down and restart it.

Do you by any chance know the reason for this?

THanks!!

Trying to SSH to a trusted server

Trying to SSH to a trusted server

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment