最近我们的客户意外地将我们从ftp收集的一些重要文件转移到了sftp服务器。最初我的印象是,编写或找到一个可以处理sftp的java实用程序会很简单,但事实证明并非如此。还有一个问题是我们正在尝试从Windows平台连接到sftp服务器(因此SSH_HOME在客户端上的定义非常混乱)。
我一直在使用apache-commons-vfs库,并设法获得一个可靠地用于用户名/密码身份验证的解决方案,但至今还没有任何可以可靠地处理私钥/公钥认证的解决方案。
以下示例适用于用户名/密码身份验证,但我想调整它以进行私钥/公钥身份验证。
public static void sftpGetFile(String server, String userName,String password,
String remoteDir, String localDir, String fileNameRegex)
{
File localDirFile = new File(localDir);
FileSystemManager fsManager = null;
if (!localDirFile.exists()) {
localDirFile.mkdirs();
}
try {
fsManager = VFS.getManager();
} catch (FileSystemException ex) {
LOGGER.error("Failed to get fsManager from VFS",ex);
throw new RuntimeException("Failed to get fsManager from VFS", ex);
}
UserAuthenticator auth = new StaticUserAuthenticator(null, userName,password);
FileSystemOptions opts = new FileSystemOptions();
try {
DefaultFileSystemConfigBuilder.getInstance().setUserAuthenticator(opts,
auth);
} catch (FileSystemException ex) {
LOGGER.error("setUserAuthenticator failed", ex);
throw new RuntimeException("setUserAuthenticator failed", ex);
}
Pattern filePattern = Pattern.compile(fileNameRegex);
String startPath = "sftp://" + server + remoteDir;
FileObject[] children;
// Set starting path on remote SFTP server.
FileObject sftpFile;
try {
sftpFile = fsManager.resolveFile(startPath, opts);
LOGGER.info("SFTP connection successfully established to " +
startPath);
} catch (FileSystemException ex) {
LOGGER.error("SFTP error parsing path " +
remoteDir,
ex);
throw new RuntimeException("SFTP error parsing path " +
remoteDir,
ex);
}
// Get a directory listing
try {
children = sftpFile.getChildren();
} catch (FileSystemException ex) {
throw new RuntimeException("Error collecting directory listing of " +
startPath, ex);
}
search:
for (FileObject f : children) {
try {
String relativePath =
File.separatorChar + f.getName().getBaseName();
if (f.getType() == FileType.FILE) {
System.out.println("Examining remote file " + f.getName());
if (!filePattern.matcher(f.getName().getPath()).matches()) {
LOGGER.info(" Filename does not match, skipping file ." +
relativePath);
continue search;
}
String localUrl = "file://" + localDir + relativePath;
String standardPath = localDir + relativePath;
System.out.println(" Standard local path is " + standardPath);
LocalFile localFile =
(LocalFile) fsManager.resolveFile(localUrl);
System.out.println(" Resolved local file name: " +
localFile.getName());
if (!localFile.getParent().exists()) {
localFile.getParent().createFolder();
}
System.out.println(" ### Retrieving file ###");
localFile.copyFrom(f,
new AllFileSelector());
} else {
System.out.println("Ignoring non-file " + f.getName());
}
} catch (FileSystemException ex) {
throw new RuntimeException("Error getting file type for " +
f.getName(), ex);
}
}
FileSystem fs = null;
if (children.length > 0) {
fs = children[0].getFileSystem(); // This works even if the src is closed.
fsManager.closeFileSystem(fs);
}
}
我已将私钥存储在已知位置,并且我的公钥已经被分配到服务器(我们已经测试过这些密钥在使用其他工具连接时成功运行)
我已经玩过添加以下行
SftpFileSystemConfigBuilder.getInstance().setIdentities(this.opts, new File[]{new File("c:/Users/bobtbuilder/.ssh/id_dsa.ppk")});
这成功地将私钥加载到整个框架中,但它从未使用该密钥进一步进行身份验证。
最热烈接受的任何帮助或指示
答案 0 :(得分:15)
经过深入挖掘后,我终于得到了答案。似乎我的很多麻烦都与私钥和公钥的格式有关
privateKey必须采用openSSH格式 publicKey无论出于什么原因只能从puttyGen窗口粘贴(导出公钥似乎总是给它缺少标题,这意味着freeSSHD windows服务器无法使用它)
无论如何以下是我的代码我终于提出了包括javadoc,所以希望能为其他人节省我经历的痛苦
/**
* Fetches a file from a remote sftp server and copies it to a local file location. The authentication method used
* is public/private key authentication. <br><br>
* IMPORTANT: Your private key must be in the OpenSSH format, also it must not have a passphrase associated with it.
* (currently the apache-commons-vfs2 library does not support passphrases)<p>
*
* Also remember your public key needs to be on the sftp server. If you were connecting as user 'bob' then your
* public key will need to be in '.ssh/bob' on the server (the location of .ssh will change depending on the type
* of sftp server)
*
* @param server The server we care connection to
* @param userName The username we are connection as
* @param openSSHPrivateKey The location of the private key (which must be in openSSH format) on the local machine
* @param remoteDir The directory from where you want to retrieve the file on the remote machine (this is in reference to SSH_HOME, SSH_HOME is the direcory you
* automatically get directed to when connecting)
* @param remoteFile The name of the file on the remote machine to be collected (does not support wild cards)
* @param localDir The direcoty on the local machine where you want the file to be copied to
* @param localFileName The name you wish to give to retrieved file on the local machine
* @throws IOException - Gets thrown is there is any problem fetching the file
*/
public static void sftpGetFile_keyAuthentication(String server, String userName, String openSSHPrivateKey,
String remoteDir,String remoteFile, String localDir, String localFileName) throws IOException
{
FileSystemOptions fsOptions = new FileSystemOptions();
FileSystemManager fsManager = null;
String remoteURL = "sftp://" + userName + "@" + server + "/" + remoteDir + "/" + remoteFile;
String localURL = "file://" + localDir + "/" + localFileName;
try {
SftpFileSystemConfigBuilder.getInstance().setStrictHostKeyChecking(fsOptions, "no");
SftpFileSystemConfigBuilder.getInstance().setIdentities(fsOptions, new File[]{new File(openSSHPrivateKey)});
fsManager = VFS.getManager();
FileObject remoteFileObject = fsManager.resolveFile(remoteURL, fsOptions);
LocalFile localFile =
(LocalFile) fsManager.resolveFile(localURL);
localFile.copyFrom(remoteFileObject,
new AllFileSelector());
} catch (FileSystemException e) {
LOGGER.error("Problem retrieving from " + remoteURL + " to " + localURL,e );
throw new IOException(e);
}
}
答案 1 :(得分:6)
这篇文章和答案非常有用,非常感谢。
我只想添加一个集成到语句“当前apache-commons-vfs2库不支持passphrases ”,因为我也使用passphrase并且它有效。
您必须在项目中导入jsch库(我使用0.1.49)并实现“com.jcraft.jsch.UserInfo”接口。
这样的事应该没问题:
public class SftpUserInfo implements UserInfo {
public String getPassphrase() {
return "yourpassphrase";
}
public String getPassword() {
return null;
}
public boolean promptPassphrase(String arg0) {
return true;
}
public boolean promptPassword(String arg0) {
return false;
}
}
然后你可以用这种方式将它添加到SftpFileSystemConfigBuilder:
SftpFileSystemConfigBuilder.getInstance().setUserInfo(fsOptions, new SftpUserInfo());
希望这有帮助。
答案 2 :(得分:5)
我想这就是你要找的 -
/**
* @param args
*/
public static void main(String[] args) {
/*Below we have declared and defined the SFTP HOST, PORT, USER
and Local private key from where you will make connection */
String SFTPHOST = "10.20.30.40";
int SFTPPORT = 22;
String SFTPUSER = "kodehelp";
// this file can be id_rsa or id_dsa based on which algorithm is used to create the key
String privateKey = "/home/kodehelp/.ssh/id_rsa";
String SFTPWORKINGDIR = "/home/kodehelp/";
JSch jSch = new JSch();
Session session = null;
Channel channel = null;
ChannelSftp channelSftp = null;
try {
jSch.addIdentity(privateKey);
System.out.println("Private Key Added.");
session = jSch.getSession(SFTPUSER,SFTPHOST,SFTPPORT);
System.out.println("session created.");
java.util.Properties config = new java.util.Properties();
config.put("StrictHostKeyChecking", "no");
session.setConfig(config);
session.connect();
channel = session.openChannel("sftp");
channel.connect();
System.out.println("shell channel connected....");
channelSftp = (ChannelSftp)channel;
channelSftp.cd(SFTPWORKINGDIR);
System.out.println("Changed the directory...");
} catch (JSchException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SftpException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}finally{
if(channelSftp!=null){
channelSftp.disconnect();
channelSftp.exit();
}
if(channel!=null) channel.disconnect();
if(session!=null) session.disconnect();
}
}
详见
http://kodehelp.com/sftp-connection-public-key-authentication-java/