November 23, 2015 · java ssh public key authentication

Public key authentication with Java over SSH

Table of contents:

  1. Introduction
  2. Generate Key Pair
  3. Copy public key to remote host
  4. Connect to remote host from java
  5. Source code

Introduction

This article shows how to connect securely (i.e. establish ssh connection) to the remote host from java application. In addition, configuration details for enabling public key authentication and protecting ssh keys will be provided.

Public key authentication enable users to establish SSH connection without providing (i.e. typing in) explicit password. Immediate benefit is that password is not transfered over the network, thus preventing posibility of password being compromised.

Only user on remote server with the encryption passphrase can use private keys from the ssh keychain.

Generate Key Pair

First step is to generate private/public key on server or development box where your java application will be running.

Private / public key pair can be generated by executing the following command

ssh-keygen -t rsa  

Here is the output from my local development box:

vladimir.stankovic@PCSVLADA ~  
$ ssh-keygen -t rsa
Generating public/private rsa key pair.  
Enter file in which to save the key (/home/vladimir.stankovic/.ssh/id_rsa):  
Enter passphrase (empty for no passphrase):  
Enter same passphrase again:  
Your identification has been saved in /home/vladimir.stankovic/.ssh/id_rsa.  
Your public key has been saved in /home/vladimir.stankovic/.ssh/id_rsa.pub.  

Private key is identified as id_rsa and public key as a id_rsa.pub.

Copy public key to remote host

The ssh-copy-id copies the public key of your default identity (use -i identity_file for other identities) to the remote host.

vladimir.stankovic@PCSVLADA ~  
$ ssh-copy-id -i /home/vladimir.stankovic/.ssh/id_rsa root@www.svlada.com
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@www.svlada.com's password:  
Number of key(s) added: 1  
Now try logging into the machine, with:   "ssh 'root@www.svlada.com'"  
and check to make sure that only the key(s) you wanted were added.  

Connect to remote host from java

I have used JSch library which is java implementation of SSH.

The most important part is configuration of com.jcraft.jsch.Session object and adding publickey in a list of PreferredAuthentication options.

Here is the sample code for configuring public key authentication:

    JSch jsch = new JSch();
    Session session = null;
    String privateKeyPath = "/home/vladimir.stankovic/.ssh/id_rsa";
    try {
        jsch.addIdentity(privateKeyPath);        
        session = jsch.getSession(username, host, port);
        session.setConfig("PreferredAuthentications", "publickey,keyboard-interactive,password");
        java.util.Properties config = new java.util.Properties(); 
        config.put("StrictHostKeyChecking", "no");
        session.setConfig(config);
    } catch (JSchException e) {
        throw new RuntimeException("Failed to create Jsch Session object.", e);
    }

Next step is to connect to remote host and execute arbitary command over SSH:

    String command = "echo \"Sit down, relax, mix yourself a drink and enjoy the show...\" >> /tmp/test.out";
    try {
        session.connect();
        Channel channel = session.openChannel("exec");
        ((ChannelExec) channel).setCommand(command);
        ((ChannelExec) channel).setPty(false);
        channel.connect();
        channel.disconnect();
        session.disconnect();
    } catch (JSchException e) {
        throw new RuntimeException("Error durring SSH command execution. Command: " + command);
    }

Source code

For full example you can checkout code from my git repository on github.

  • LinkedIn
  • Tumblr
  • Reddit
  • Google+
  • Pinterest
  • Pocket
Comments powered by Disqus