Geek Answers Handbook

Knownhosts for Ant scp and sshexec tasks

My question is similar to the question asked here: Ant Scp task malfunction

BUILD FAILED com.jcraft.jsch.JSchException: reject HostKey: ....

My question is why keys are not found in my knownhosts file?

No matter which known_hosts file I have, the host key is rejected. Connecting via ssh works fine and adds the appropriate entries, but maybe jsch cannot read the known_hosts files created by OpenSSH?

The Ant docs mention that the known hosts file must be in SSH2 format, not SSH1. Oddly enough, the SSH2 known_hosts file from OpenSSH should be ~/.ssh/known_hosts2 , but the default for known hosts is ~/.ssh/known_hosts .

Known host files created by SSH2 are located in ~/.ssh2/knownhosts/ , so it is probably safe to calculate this for the expected format. So far, I have not been able to get OpenSSH to create the known_hosts2 file, and the man pages do not help either. So, what do the documents actually mean that the file must be in SSH2 format?

I tried the dsa and rsa keys and none of them work (both work with OpenSSH).

I searched for two days, and the only answers I found were β€œ set trust="true . ”Yes, this makes the work work, but without closing its eyes to security.

+6
source share
3 answers

Here is the format I found that works with later versions of jch:

 [xx.xx.xx.xx]:22 ssh-rsa .......

In older versions, it looked like:

 xx.xx.xx.xx ssh-rsa ......

i.e. no square brackets and port numbers. (Not sure if the port number is needed if you are using port 22, but I tested it with a server with a port other than the standard for SSH, and, if this is not obvious, xx.xx.xx.xx should be the IP address of the server or hostname or something else.)

I found this format by getting the JCraft / jsch library to create the known_hosts file for me. If you visit www.jcraft.com , you can download the jsch source code zip and some examples. Either create a source to make a jar, or load a ready-made jar. I unzipped the zip download and then spat the jar file in the same directory.

Here is the examples folder containing KnownHosts.java . You need to compile this file and then run it - it will ask you about your known_hosts file (first create an empty file in the default location ( ~/.ssh/known_hosts ) and then ask it to find out how to connect to the server ... Enter those, for example sshusername@xx.xx.xx.xx , and the program will try to connect, and then fill out the known_hosts file for you.

For convenience for Windows users like me, who never remember how to do things from the command line, here is what you need to compile and run this KnownHosts.java file:

First go to the directory (unzip it and put the jar file inside as described above).

Then run:

javac -cp jsch-0.1.49.jar examples/KnownHosts.java

to compile KnownHosts.java. And then:

java -cp "examples;jsch-0.1.49.jar" KnownHosts

to run it. Follow the instructions above and you should have a known_hosts working file.

One final note: KnownHosts assumes port 22. I edited it to allow me to enter something like sshusername@xx.xx.xx.xx :8888 so that I could specify a server with a custom port and make it work as described above. In the source of KnownHosts.java, I searched for a line like:

Session session=jsch.getSession(user, host, 22);

and replaced it with:

 int port = 22; final int colonIndex = host.indexOf(':'); if (colonIndex > -1) { final String[] split = host.split(":"); host = split[0]; port = Integer.parseInt(split[1]); } Session session=jsch.getSession(user, host, port);

and then compiled and works as above.

+2
source

The sshexec ant task, by default, searches for the file "known_hosts" for $ {user.home} /. ssh / known_hosts

Check the value of the user.home system property. This probably indicates an unforeseen place. Or, specify the value of "knownhosts" explicitly in the ant task property.

+1
source

There are two options that may interest you:

  • trust : If set to true, will trust unknown nodes. The default value is false.
  • knownhosts : specify the location of your hosts file.

The first will allow you to set tasks so as not to check if it is a known host. The second allows you to specify a file containing known hosts. Thus, you can specify it as ${user.home}/.ssh/known_hosts2 and override the default value.

By the way, a good way to do this is to use properties for these values, and then use the properties file to override these properties:

 [...] <property name="build.properties" value="build.properties"/> <property file="${build.properties}"/> <!-- Can be overridden via 'build.properies' file --> <property name="knownhosts.file" value="${user.home}/.ssh/knownhosts"/> <property name="remote.host" value="foo-system"/> [...] <scp file="${copy.this.file}" todir="${user}@{host}:${remote.dir}" knownhosts="${knownhosts.file}"/> [...]
0
source

More articles:


All Articles