aspose file tools*
The moose likes Java in General and the fly likes sftp communication with private/public key authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "sftp communication with private/public key authentication" Watch "sftp communication with private/public key authentication" New topic
Author

sftp communication with private/public key authentication

shwetha raghavachar
Greenhorn

Joined: Aug 01, 2011
Posts: 14
Hi,

Am trying to create sftp connection by generating private and public keys. I tried all the way but don't know where the wrong is going on.
Here i have attached the code. If anyone worked on this please provide me steps how to achieve sftp connection.

I have tried to connect to localhost also and then tried to connect to sftp server by putting public key in server. But am failing in both the cases.

Am struggling from past few days. Please help is required..............






The exception message is


Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1067
    
  10

After changing it to reflect my host and my IP address your code works for me so you have a configuration problem. Questions -

1) Have you tried using Putty to connect to the server? If not then do so; until you can do this you are most probably wasting your time trying to get your Java code to run.
2) Have you added your public key to the server's 'authorized_keys' file? If not then it will not work.
3) Is your private key of the the standard form that starts with something like -
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA0CUxtI6CAkE8Ncdf3V4L6f66A0S6pnFVLTc/0szNKbDC7W/B
If not then you need to convert it to this form. Note that default putty private keys are not of this form.

P.S. That code for reading the private key file is dreadful and is not actually needed if you use



shwetha raghavachar
Greenhorn

Joined: Aug 01, 2011
Posts: 14
Thanks for the reply Richard. The private key generation is same format as you mentioned.


-----BEGIN RSA PRIVATE KEY-----
MIICWgIBAAKBgQD0BbOG3UvcuccWZdAR6maBmlqmi6h50PeKTGfxKXNjkJnACYKb
S7luf/aTudbEKywajlgkZNzb/JUT6WJG2Nos4pUQanFdETC1B8IvJ6a6soLWGqay
...
-----END RSA PRIVATE KEY-----


This is key which is under my local account place and i put the public key in remote machine and tried that also. Am trying localhost connection and for remote machine too.

Then where the wrong is?? Please looking forward from you.

[Edit by junilu: elided private key value]
shwetha raghavachar
Greenhorn

Joined: Aug 01, 2011
Posts: 14
Did you created key and then tested in your machine? I want to know one more thing here like where i need to add key in server machine. Because my server machine login ID is different and user(host) name is different.

I have added public key under host account of server\ .ssh\authorized_keys and in All users folder created .ssh folder and added there also. Please let me know this details.

Regards,
Shwetha
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1067
    
  10

shwetha raghavachar wrote:The private key generation is same format as you mentioned.


Good. One possible problem eliminated.


This is key which is under my local account place and i put the public key in remote machine and tried that also. Am trying localhost connection and for remote machine too.

Then where the wrong is?? Please looking forward from you.


Have you tried connecting using an SSH client such as Putty? If not then do so.

You don't say what SSH/SFTP server type you are connecting to or what type of machine it is running on or what OS it is running on. Even with this information, sitting this side of the Internet there is little further I can help with since you obviously have a configuration problem. If the SSH/SFTP server is OpenSSH running on *Nix, make sure you have appended your public key file content to the 'authorized_keys' file in the '.ssh' directory in the remote user's home directory. Make sure you are specifying the correct remote user name. If your private key file is password protected make sure you specify the correct password when specifying it in your addIdentity() statement. Make sure the public key is the one associated with private key.


NOTE - NOTE - NOTE - since everyone now has access to it the private you have published is now useless. Generate a new private/public key pair .
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1067
    
  10

shwetha raghavachar wrote:Did you created key and then tested in your machine? I want to know one more thing here like where i need to add key in server machine. Because my server machine login ID is different and user(host) name is different.

I have added public key under host account of server\ .ssh\authorized_keys and in All users folder created .ssh folder and added there also. Please let me know this details.

Regards,
Shwetha


1) Generate a private/public key pair on your client computer.
2) Copy the public key to the server and append the content to the 'authorized_keys' file in the '.ssh' directory of the remote user you want to connect as on the server.
3) Make sure you specify the correct private key (and password if password protected), the correct remote user name, the correct IP address or hostname and the correct port.
4) Since you are not using strict host key checking you don't need to add the remote computer to the known hosts file but it is worth doing anyway then you can do strict host key checking. Easiest way to do this is using and openssh client to connect to the server.
Junilu Lacar
Bartender

Joined: Feb 26, 2001
Posts: 4699
    
    7

shwetha raghavachar wrote:Thanks for the reply Richard. The private key generation is same format as you mentioned.


-----BEGIN RSA PRIVATE KEY-----
MIICWgIBAAKBgQD0BbOG3UvcuccWZdAR6maBmlqmi6h50PeKTGfxKXNjkJnACYKb
S7luf/aTudbEKywajlgkZNzb/JUT6WJG2Nos4pUQanFdETC1B8IvJ6a6soLWGqay
...
Az1zddOXzXRsfrvhAkBmIJFva4+ctNKIMzdkqXQSKAl/+RDMusDcha4C7I9/ZMDA
0nBnzr3vYEFbBnOSKDA1qQsPnR6lhOMrIysPPZwB
-----END RSA PRIVATE KEY-----


This is key which is under my local account place and i put the public key in remote machine and tried that also. Am trying localhost connection and for remote machine too.

Dude, if your security officer saw this, you could get fired! Private keys are just that: private. Under NO circumstances should you be posting it on a public forum such as this. You need to change your keys ASAP.


Junilu - [How to Ask Questions] [How to Answer Questions]
Junilu Lacar
Bartender

Joined: Feb 26, 2001
Posts: 4699
    
    7

Richard Tookey wrote:NOTE - NOTE - NOTE - since everyone now has access to it the private you have published is now useless. Generate a new private/public key pair .


Actually, until shwetha removes all traces of this key and it's corresponding public key, this private key will be VERY useful for attacking any servers that have the public key.

ACTION ITEM (URGENT) - delete your keys, both public and private from all the servers you copied them to, then generate and install new keys. And this time, don't divulge your new private key!
shwetha raghavachar
Greenhorn

Joined: Aug 01, 2011
Posts: 14
Hi...
thanks for your inputs... and i have removed the keys..

I have used putty gen to generate key and using putty as i am trying to connect am getting server refused our key message. I have used winscp, filezilla and atlast using silvershield am able to connect to my localhost.
Because of urgency i moved to implementation part. Now also am getting same error in putty.


login as: Integrator

****USAGE WARNING****

This is a private computer system. This computer system, including all
related equipment, networks, and network devices (specifically including
Internet access) are provided only for authorized use. This computer system
may be monitored for all lawful purposes, including to ensure that its use
is authorized, for management of the system, to facilitate protection against
unauthorized access, and to verify security procedures, survivability, and
operational security. Monitoring includes active attacks by authorized entities
to test or verify the security of this system. During monitoring, information
may be examined, recorded, copied and used for authorized purposes. All
information, including personal information, placed or sent over this system
may be monitored.

Use of this computer system, authorized or unauthorized, constitutes consent
to monitoring of this system. Unauthorized use may subject you to criminal
prosecution. Evidence of unauthorized use collected during monitoring may be
used for administrative, criminal, or other adverse action. Use of this system
constitutes consent to monitoring for these purposes.


Server refused our key



Please is there any configuration missing while generating key. Because i saw while googling using conversion tab in putty will generate openssh key based. i tried this too.....

Time is very less and i need to look on this and need to fine solution.

thanks,
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1067
    
  10

shwetha raghavachar wrote:
Please is there any configuration missing while generating key. ,


You must MUST MUST copy the new public key to the server and append the content to the authorized_keys' file (assuming openssh) located in the .ssh directory of the home directory of the user you are trying to connect as! I see no evidence of you having done this! If you can't do this yourself then you must pass a copy of the key to the server administrator and get him to do this. This is the way the server knows that a particular user has been authorized to connect using SSH/SFTP !
Junilu Lacar
Bartender

Joined: Feb 26, 2001
Posts: 4699
    
    7

Richard's instructions should be enough but you'll find lots of step-by-step guides out there with a search for ssh login with keys
shwetha raghavachar
Greenhorn

Joined: Aug 01, 2011
Posts: 14
Hi..

Thanks for all your suggestions.... I have tried all the way after that only i post the question. I have created keys, put in server machine under .ssh as authorized_keys. Using openssh, i mean installed openssh server and tried in localhost by creating keys through command prompt. Followed all the instructions. Since am trying out this first time and i asked my colleagues, there also no solution. Still R&D is going on... Trial error is going on am getting error in all the ways...


Please i want to know how it is working for you???

thanks,
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1067
    
  10

shwetha raghavachar wrote: Followed all the instructions


Sorry but you can't have done. I use SSH every day and have installed it on dozens of computers (Windows, Linux and OSX) and it works every time just by following the basic instructions. The only problems I ever see are due to firewalls not being configured properly which is normally trivial to diagnose and correct.

Of course it could be that I am so familiar with SSH that I perform some obscure configuration step without thinking but I don't think I do. It is difficult to see how one can help any further from this side of the Internet.
shwetha raghavachar
Greenhorn

Joined: Aug 01, 2011
Posts: 14
hmm... can you send me the steps you follow like basic steps one can able to connect either localhost or some other host using public key generation.
So that i can look and do comparison. Since you have connected many times, please specify the things correctly. i will check it.

My senior and manager trying out in linux machine with errors and trial.


Thanks,
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1067
    
  10

shwetha raghavachar wrote:hmm... can you send me the steps you follow like basic steps one can able to connect either localhost or some other host using public key generation.
So that i can look and do comparison. Since you have connected many times, please specify the things correctly.


I already have specified the steps in earlier responses to this thread !!! In summary - generate the key pair on the client, copy the public key to the server and append to the authorized_keys file in the .ssh directory of the user you want to connect as! You should then be able to connect using Putty making sure you tell putty where the private key is and what user to connect as !
Junilu Lacar
Bartender

Joined: Feb 26, 2001
Posts: 4699
    
    7

Read this: http://www.linuxproblem.org/art_9.html to see if one the obscure config steps Richard mentioned will work for you. Read the last part of that page carefully.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: sftp communication with private/public key authentication