@Override public void authenticate(Connection connection) throws IOException { String u = credentials.getUser(); if(!connection.authenticateWithPublicKey(u, credentials.getPrivateKey().toCharArray(), credentials.getPassword())){ throw new IOException(String.format("Public key authentication failed: trying to login as %s@%s with %s", u, connection.getHostname(), keyPair.privateKey)); } }
@Override public Session create() throws Exception { JSch jsch = new JSch(); session = jsch .getSession(loginCredentials.getUser(), hostAndPort.getHostText(), hostAndPort.getPortOrDefault(22)); if (sessionTimeout != 0) session.setTimeout(sessionTimeout); if (loginCredentials.getPrivateKey() == null) { session.setPassword(loginCredentials.getPassword()); } else { checkArgument(!loginCredentials.getPrivateKey().contains("Proc-Type: 4,ENCRYPTED"), "JschSshClientModule does not support private keys that require a passphrase"); byte[] privateKey = loginCredentials.getPrivateKey().getBytes(); jsch.addIdentity(loginCredentials.getUser(), privateKey, null, emptyPassPhrase); } java.util.Properties config = new java.util.Properties(); config.put("StrictHostKeyChecking", "no"); session.setConfig(config); if (proxy.isPresent()) session.setProxy(proxy.get()); session.connect(connectTimeout); return session; }
public JschSshClient(ProxyConfig proxyConfig, BackoffLimitedRetryHandler backoffLimitedRetryHandler, HostAndPort socket, LoginCredentials loginCredentials, int timeout) { this.user = checkNotNull(loginCredentials, "loginCredentials").getUser(); this.host = checkNotNull(socket, "socket").getHostText(); checkArgument(socket.getPort() > 0, "ssh port must be greater then zero" + socket.getPort()); checkArgument(loginCredentials.getPassword() != null || loginCredentials.getPrivateKey() != null, "you must specify a password or a key"); this.backoffLimitedRetryHandler = checkNotNull(backoffLimitedRetryHandler, "backoffLimitedRetryHandler"); if (loginCredentials.getPrivateKey() == null) { this.toString = String.format("%s:pw[%s]@%s:%d", loginCredentials.getUser(), base16().lowerCase().encode(md5().hashString(loginCredentials.getPassword(), UTF_8).asBytes()), host, socket.getPort()); } else { String fingerPrint = fingerprintPrivateKey(loginCredentials.getPrivateKey()); String sha1 = sha1PrivateKey(loginCredentials.getPrivateKey()); this.toString = String.format("%s:rsa[fingerprint(%s),sha1(%s)]@%s:%d", loginCredentials.getUser(), fingerPrint, sha1, host, socket.getPort()); } sessionConnection = SessionConnection.builder().hostAndPort(HostAndPort.fromParts(host, socket.getPort())).loginCredentials( loginCredentials).proxy(checkNotNull(proxyConfig, "proxyConfig")).connectTimeout(timeout).sessionTimeout(timeout).build(); }
public SshjSshClient(BackoffLimitedRetryHandler backoffLimitedRetryHandler, HostAndPort socket, LoginCredentials loginCredentials, int timeout) { this.user = checkNotNull(loginCredentials, "loginCredentials").getUser(); this.host = checkNotNull(socket, "socket").getHostText(); checkArgument(socket.getPort() > 0, "ssh port must be greater then zero" + socket.getPort()); checkArgument(loginCredentials.getPassword() != null || loginCredentials.getPrivateKey() != null, "you must specify a password or a key"); this.backoffLimitedRetryHandler = checkNotNull(backoffLimitedRetryHandler, "backoffLimitedRetryHandler"); if (loginCredentials.getPrivateKey() == null) { this.toString = String.format("%s:pw[%s]@%s:%d", loginCredentials.getUser(), base16().lowerCase().encode(md5().hashString(loginCredentials.getPassword(), UTF_8).asBytes()), host, socket.getPort()); } else { String fingerPrint = fingerprintPrivateKey(loginCredentials.getPrivateKey()); String sha1 = sha1PrivateKey(loginCredentials.getPrivateKey()); this.toString = String.format("%s:rsa[fingerprint(%s),sha1(%s)]@%s:%d", loginCredentials.getUser(), fingerPrint, sha1, host, socket.getPort()); } sshClientConnection = SSHClientConnection.builder().hostAndPort(HostAndPort.fromParts(host, socket.getPort())) .loginCredentials(loginCredentials).connectTimeout(timeout).sessionTimeout(timeout).build(); }
public SshjSshClient(BackoffLimitedRetryHandler backoffLimitedRetryHandler, HostAndPort socket, LoginCredentials loginCredentials, int timeout) { this.user = checkNotNull(loginCredentials, "loginCredentials").getUser(); this.host = checkNotNull(socket, "socket").getHostText(); checkArgument(socket.getPort() > 0, "ssh port must be greater then zero" + socket.getPort()); checkArgument(loginCredentials.getPassword() != null || loginCredentials.getPrivateKey() != null, "you must specify a password or a key"); this.backoffLimitedRetryHandler = checkNotNull(backoffLimitedRetryHandler, "backoffLimitedRetryHandler"); if (loginCredentials.getPrivateKey() == null) { this.toString = String.format("%s:pw[%s]@%s:%d", loginCredentials.getUser(), base16().lowerCase().encode(md5().hashString(loginCredentials.getPassword(), UTF_8).asBytes()), host, socket.getPort()); } else { String fingerPrint = fingerprintPrivateKey(loginCredentials.getPrivateKey()); String sha1 = sha1PrivateKey(loginCredentials.getPrivateKey()); this.toString = String.format("%s:rsa[fingerprint(%s),sha1(%s)]@%s:%d", loginCredentials.getUser(), fingerPrint, sha1, host, socket.getPort()); } sshClientConnection = SSHClientConnection.builder().hostAndPort(HostAndPort.fromParts(host, socket.getPort())) .loginCredentials(loginCredentials).connectTimeout(timeout).sessionTimeout(timeout).build(); }
public SshjSshClient(BackoffLimitedRetryHandler backoffLimitedRetryHandler, HostAndPort socket, LoginCredentials loginCredentials, int timeout) { this.user = checkNotNull(loginCredentials, "loginCredentials").getUser(); this.host = checkNotNull(socket, "socket").getHostText(); checkArgument(socket.getPort() > 0, "ssh port must be greater then zero" + socket.getPort()); checkArgument(loginCredentials.getPassword() != null || loginCredentials.getPrivateKey() != null, "you must specify a password or a key"); this.backoffLimitedRetryHandler = checkNotNull(backoffLimitedRetryHandler, "backoffLimitedRetryHandler"); if (loginCredentials.getPrivateKey() == null) { this.toString = String.format("%s:pw[%s]@%s:%d", loginCredentials.getUser(), base16().lowerCase().encode(md5().hashString(loginCredentials.getPassword(), UTF_8).asBytes()), host, socket.getPort()); } else { String fingerPrint = fingerprintPrivateKey(loginCredentials.getPrivateKey()); String sha1 = sha1PrivateKey(loginCredentials.getPrivateKey()); this.toString = String.format("%s:rsa[fingerprint(%s),sha1(%s)]@%s:%d", loginCredentials.getUser(), fingerPrint, sha1, host, socket.getPort()); } sshClientConnection = SSHClientConnection.builder().hostAndPort(HostAndPort.fromParts(host, socket.getPort())) .loginCredentials(loginCredentials).connectTimeout(timeout).sessionTimeout(timeout).build(); }
public LoginCredentials apply(Template template, LoginCredentials fromNode) { LoginCredentials creds = fromNode; LoginCredentials credsFromParameters = credentialsFromImageOrTemplateOptions.apply(template); if (credsFromParameters != null) { Builder builder = LoginCredentials.builder(creds); if (credsFromParameters.getUser() != null) builder.user(credsFromParameters.getUser()); if (credsFromParameters.getPassword() != null) builder.password(credsFromParameters.getPassword()); if (credsFromParameters.getPrivateKey() != null) builder.privateKey(credsFromParameters.getPrivateKey()); if (credsFromParameters.shouldAuthenticateSudo()) builder.authenticateSudo(true); creds = builder.build(); } return creds; }
@Override public InputStream apply(Credentials from) { checkNotNull(from, "inputCredentials"); if (from instanceof LoginCredentials) { LoginCredentials login = LoginCredentials.class.cast(from); JsonLoginCredentials val = new JsonLoginCredentials(); val.user = login.getUser(); val.password = login.getPassword(); val.privateKey = login.getPrivateKey(); if (login.shouldAuthenticateSudo()) val.authenticateSudo = login.shouldAuthenticateSudo(); return Strings2.toInputStream(json.toJson(val)); } return Strings2.toInputStream(json.toJson(from)); } }
public LoginCredentials apply(Template template, LoginCredentials fromNode) { LoginCredentials creds = fromNode; LoginCredentials credsFromParameters = credentialsFromImageOrTemplateOptions.apply(template); if (credsFromParameters != null) { Builder builder = LoginCredentials.builder(creds); if (credsFromParameters.getUser() != null) builder.user(credsFromParameters.getUser()); if (credsFromParameters.getPassword() != null) builder.password(credsFromParameters.getPassword()); if (credsFromParameters.getPrivateKey() != null) builder.privateKey(credsFromParameters.getPrivateKey()); if (credsFromParameters.shouldAuthenticateSudo()) builder.authenticateSudo(true); creds = builder.build(); } return creds; }
@Override public InputStream apply(Credentials from) { checkNotNull(from, "inputCredentials"); if (from instanceof LoginCredentials) { LoginCredentials login = LoginCredentials.class.cast(from); JsonLoginCredentials val = new JsonLoginCredentials(); val.user = login.getUser(); val.password = login.getPassword(); val.privateKey = login.getPrivateKey(); if (login.shouldAuthenticateSudo()) val.authenticateSudo = login.shouldAuthenticateSudo(); return Strings2.toInputStream(json.toJson(val)); } return Strings2.toInputStream(json.toJson(from)); } }
@Test(enabled = false) public void testCreateNodeWithGeneratedKeyPairAndOverriddenLoginUserWithTemplateBuilder() throws Exception { Builder<HttpRequest, HttpResponse> requestResponseMap = ImmutableMap.<HttpRequest, HttpResponse> builder(); requestResponseMap.put(describeRegionsRequest, describeRegionsResponse); requestResponseMap.put(describeAvailabilityZonesRequest, describeAvailabilityZonesResponse); requestResponseMap.put(describeImagesRequest, describeImagesResponse); requestResponseMap.put(createKeyPairRequest, createKeyPairResponse); requestResponseMap.put(createSecurityGroupRequest, createSecurityGroupResponse); requestResponseMap.put(describeSecurityGroupRequest, describeSecurityGroupResponse); requestResponseMap.put(authorizeSecurityGroupIngressRequest22, authorizeSecurityGroupIngressResponse); requestResponseMap.put(authorizeSecurityGroupIngressRequestGroup, authorizeSecurityGroupIngressResponse); requestResponseMap.put(runInstancesRequest, runInstancesResponse); requestResponseMap.put(describeInstanceRequest, describeInstanceResponse); requestResponseMap.put(describeInstanceMultiIdsRequest, describeInstanceMultiIdsResponse); requestResponseMap.put(describeImageRequest, describeImagesResponse); ComputeService apiThatCreatesNode = requestsSendResponses(requestResponseMap.build()); NodeMetadata node = Iterables.getOnlyElement( apiThatCreatesNode.createNodesInGroup("test", 1, apiThatCreatesNode.templateBuilder().from("osDescriptionMatches=.*fedora.*,loginUser=ec2-user").build())); assertEquals(node.getCredentials().getUser(), "ec2-user"); assertNotNull(node.getCredentials().getPrivateKey()); }
public void testCreateNodeWithGeneratedKeyPairAndOverriddenLoginUser() throws Exception { Builder<HttpRequest, HttpResponse> requestResponseMap = ImmutableMap.<HttpRequest, HttpResponse> builder(); requestResponseMap.put(describeRegionsRequest, describeRegionsResponse); requestResponseMap.put(describeAvailabilityZonesRequest, describeAvailabilityZonesResponse); requestResponseMap.put(describeImagesRequest, describeImagesResponse); requestResponseMap.put(createKeyPairRequest, createKeyPairResponse); requestResponseMap.put(createSecurityGroupRequest, createSecurityGroupResponse); requestResponseMap.put(describeSecurityGroupRequest, describeSecurityGroupResponse); requestResponseMap.put(authorizeSecurityGroupIngressRequest22, authorizeSecurityGroupIngressResponse); requestResponseMap.put(authorizeSecurityGroupIngressRequestGroup, authorizeSecurityGroupIngressResponse); requestResponseMap.put(runInstancesRequest, runInstancesResponse); requestResponseMap.put(describeInstanceRequest, describeInstanceResponse); requestResponseMap.put(describeInstanceMultiIdsRequest, describeInstanceMultiIdsResponse); requestResponseMap.put(describeImageRequest, describeImagesResponse); ComputeService apiThatCreatesNode = requestsSendResponses(requestResponseMap.build()); NodeMetadata node = Iterables.getOnlyElement(apiThatCreatesNode.createNodesInGroup("test", 1, blockUntilRunning(false).overrideLoginUser("ec2-user"))); assertEquals(node.getCredentials().getUser(), "ec2-user"); System.out.println(node.getImageId()); assertNotNull(node.getCredentials().getPrivateKey()); }
@Override public InputStream apply(Credentials from) { checkNotNull(from, "inputCredentials"); if (from instanceof LoginCredentials) { LoginCredentials login = LoginCredentials.class.cast(from); JsonLoginCredentials val = new JsonLoginCredentials(); val.user = login.getUser(); val.password = login.getPassword(); val.privateKey = login.getPrivateKey(); if (login.shouldAuthenticateSudo()) val.authenticateSudo = login.shouldAuthenticateSudo(); return Strings2.toInputStream(json.toJson(val)); } return Strings2.toInputStream(json.toJson(from)); } }
@VisibleForTesting public void execute(URI org, String group, String identity, TerremarkVCloudTemplateOptions options) { String sshKeyFingerprint = options.getSshKeyFingerprint(); boolean shouldAutomaticallyCreateKeyPair = options.shouldAutomaticallyCreateKeyPair(); if (sshKeyFingerprint == null && shouldAutomaticallyCreateKeyPair) { // make sure that we don't request multiple keys simultaneously synchronized (credentialStore) { // if there is already a keypair for the group specified, use it if (credentialStore.containsKey("group#" + group)) { LoginCredentials creds = LoginCredentials.fromCredentials(credentialStore.get("group#" + group)); checkState(creds.getOptionalPrivateKey().isPresent(), "incorrect state: should have private key for: %s", creds); options.sshKeyFingerprint(SshKeys.fingerprintPrivateKey(creds.getPrivateKey())); } else { // otherwise create a new keypair and key it under the group KeyPair keyPair = createUniqueKeyPair.apply(new OrgAndName(org, group)); credentialStore.put("group#" + group, LoginCredentials.builder().user(identity).privateKey( keyPair.getPrivateKey()).build()); options.sshKeyFingerprint(keyPair.getFingerPrint()); } } } } }
@Override public LoginCredentials apply(@Nullable org.jclouds.domain.LoginCredentials input) { if (input == null) { return null; } return LoginCredentials.builder().username(input.getUser()).password(input.getPassword()) .privateKey(input.getPrivateKey()).authenticateSudo(input.shouldAuthenticateSudo()) .build(); } }
public void testCreateNewKeyPairUnlessUserSpecifiedOtherwise_reusesKeyWhenToldToWithRunScriptAndCredentialsSpecified() { // setup constants String region = Region.AP_SOUTHEAST_1; String group = "group"; String userSuppliedKeyPair = "myKeyPair"; // create mocks CreateKeyPairAndSecurityGroupsAsNeededAndReturnRunOptions strategy = setupStrategy(); EC2TemplateOptions options = createMock(EC2TemplateOptions.class); KeyPair keyPair = createMock(KeyPair.class); // setup expectations expect(options.getKeyPair()).andReturn(userSuppliedKeyPair); expect(options.getLoginPrivateKey()).andReturn(CREDENTIALS.getPrivateKey()).atLeastOnce(); // Notice that the fingerprint and sha1 generated expect(strategy.credentialsMap.put(new RegionAndName(region, userSuppliedKeyPair), KEYPAIR)).andReturn(null); expect(options.getRunScript()).andReturn(Statements.exec("echo foo")); expect(strategy.credentialsMap.containsKey(new RegionAndName(region, userSuppliedKeyPair))).andReturn(true); // replay mocks replay(options); replay(keyPair); replayStrategy(strategy); // run assertEquals(strategy.createNewKeyPairUnlessUserSpecifiedOtherwise(region, group, options), userSuppliedKeyPair); // verify mocks verify(options); verify(keyPair); verifyStrategy(strategy); }
protected Map<String,Object> extractSshConfig(ConfigBag setup, NodeMetadata node) { ConfigBag nodeConfig = new ConfigBag(); if (node!=null) { nodeConfig.putIfNotNull(PASSWORD, node.getCredentials().getPassword()); nodeConfig.putIfNotNull(PRIVATE_KEY_DATA, node.getCredentials().getPrivateKey()); } return extractSshConfig(setup, nodeConfig).getAllConfigRaw(); }
@Override public SSHClient create() throws Exception { ssh = new net.schmizz.sshj.SSHClient(); ssh.addHostKeyVerifier(new PromiscuousVerifier()); if (connectTimeout != 0) { ssh.setConnectTimeout(connectTimeout); } if (sessionTimeout != 0) { ssh.setTimeout(sessionTimeout); } ssh.connect(hostAndPort.getHostText(), hostAndPort.getPortOrDefault(22)); if (loginCredentials.getPassword() != null) { ssh.authPassword(loginCredentials.getUser(), loginCredentials.getPassword()); } else { OpenSSHKeyFile key = new OpenSSHKeyFile(); key.init(loginCredentials.getPrivateKey(), null); ssh.authPublickey(loginCredentials.getUser(), key); } return ssh; }
@Override public SSHClient create() throws Exception { ssh = new net.schmizz.sshj.SSHClient(); ssh.addHostKeyVerifier(new PromiscuousVerifier()); if (connectTimeout != 0) { ssh.setConnectTimeout(connectTimeout); } if (sessionTimeout != 0) { ssh.setTimeout(sessionTimeout); } ssh.connect(hostAndPort.getHostText(), hostAndPort.getPortOrDefault(22)); if (loginCredentials.getPassword() != null) { ssh.authPassword(loginCredentials.getUser(), loginCredentials.getPassword()); } else { OpenSSHKeyFile key = new OpenSSHKeyFile(); key.init(loginCredentials.getPrivateKey(), null); ssh.authPublickey(loginCredentials.getUser(), key); } return ssh; }
@Override public SSHClient create() throws Exception { ssh = new net.schmizz.sshj.SSHClient(); ssh.addHostKeyVerifier(new PromiscuousVerifier()); if (connectTimeout != 0) { ssh.setConnectTimeout(connectTimeout); } if (sessionTimeout != 0) { ssh.setTimeout(sessionTimeout); } ssh.connect(hostAndPort.getHostText(), hostAndPort.getPortOrDefault(22)); if (loginCredentials.getPassword() != null) { ssh.authPassword(loginCredentials.getUser(), loginCredentials.getPassword()); } else { OpenSSHKeyFile key = new OpenSSHKeyFile(); key.init(loginCredentials.getPrivateKey(), null); ssh.authPublickey(loginCredentials.getUser(), key); } return ssh; }