我的目的是连接到位于防火墙后面的服务器(主机).我可以通过连接到网络中的另一台服务器(隧道)然后通过SSH到该服务器来访问此服务器.但是,我无法通过JSch实现相同的方案.
My aim is to connect to a server (host) which is behind a firewall. I am able to access this server by connecting to another server (tunnel) in the network and then SSH to this server. However I am not able to implement the same scenario via JSch.
我无法为此目的编写以下代码.请让我知道我是否在这里做任何愚蠢的事情.
I am not able to have the below code work, which I have written for this purpose. Please let me know if I am doing anything silly here.
public class JschExecutor { public static void main(String[] args){ JschExecutor t=new JschExecutor(); try{ t.go(); } catch(Exception ex){ ex.printStackTrace(); } } public void go() throws Exception{ StringBuilder outputBuffer = new StringBuilder(); String host="xxx.xxx.xxx.xxx"; // The host to be connected finally String user="user"; String password="passwrd"; int port=22; String tunnelRemoteHost="xx.xx.xx.xx"; // The host from where the tunnel is created JSch jsch=new JSch(); Session session=jsch.getSession(user, host, port); session.setPassword(password); localUserInfo lui=new localUserInfo(); session.setUserInfo(lui); session.setConfig("StrictHostKeyChecking", "no"); ProxySOCKS5 proxyTunnel = new ProxySOCKS5(tunnelRemoteHost, 22); proxyTunnel.setUserPasswd(user, password); session.setProxy(proxyTunnel); session.connect(30000); Channel channel=session.openChannel("exec"); ((ChannelExec)channel).setCommand("hostname"); channel.setInputStream(null); ((ChannelExec)channel).setErrStream(System.err); InputStream in=channel.getInputStream(); BufferedReader ebr = new BufferedReader(new InputStreamReader(in)); channel.connect(); while (true) { byte[] tmpArray=new byte[1024]; while(in.available()>0){ int i=in.read(tmpArray, 0, 1024); if(i<0)break; outputBuffer.append(new String(tmpArray, 0, i)).append("\n"); } if(channel.isClosed()){ System.out.println("exit-status: "+channel.getExitStatus()); break; } } ebr.close(); channel.disconnect(); session.disconnect(); System.out.println(outputBuffer.toString()); } class localUserInfo implements UserInfo{ String passwd; public String getPassword(){ return passwd; } public boolean promptYesNo(String str){return true;} public String getPassphrase(){ return null; } public boolean promptPassphrase(String message){return true; } public boolean promptPassword(String message){return true;} public void showMessage(String message){} } }上面的代码在session.connect(30000);行上给出了以下异常.
The above code gives the below exception on the session.connect(30000); line.
com.jcraft.jsch.JSchException: ProxySOCKS5: com.jcraft.jsch.JSchException: fail in SOCKS5 proxy at com.jcraft.jsch.ProxySOCKS5.connect(ProxySOCKS5.java:317) at com.jcraft.jsch.Session.connect(Session.java:231) at com.ukris.main.JschExecutor.go(JschExecutor.java:50) at com.ukris.main.JschExecutor.main(JschExecutor.java:19) Caused by: com.jcraft.jsch.JSchException: fail in SOCKS5 proxy at com.jcraft.jsch.ProxySOCKS5.connect(ProxySOCKS5.java:200) ... 3 more推荐答案
jsch上的SOCKS代理设置允许您连接到远程端的运行代理服务器.远程端的sshd将不被视为SOCKS代理.您需要做的是建立一个本地端口,该本地端口转发到您要隧道连接到的计算机上的ssh端口,然后使用api建立与此系统的辅助ssh连接.
a SOCKS proxy setting on jsch allows you to connect to a running proxy server on the remote side. An sshd on the remote side would not be considered a SOCKS proxy. What you will have to do is establish a local port forward to the ssh port on the machine you're tunneling to, then establish a secondary ssh connection to this system using the api.
我以您的示例为例,对其进行了略微重写以完成此操作:
I've taken your example and slightly rewritten it to accomplish this:
import com.jcraft.jsch.*; import java.io.*; public class JschExecutor2 { public static void main(String[] args){ JschExecutor2 t=new JschExecutor2(); try{ t.go(); } catch(Exception ex){ ex.printStackTrace(); } } public void go() throws Exception{ StringBuilder outputBuffer = new StringBuilder(); String host="firstsystem"; // First level target String user="username"; String password="firstlevelpassword"; String tunnelRemoteHost="secondlevelhost"; // The host of the second target String secondPassword="targetsystempassword"; int port=22; JSch jsch=new JSch(); Session session=jsch.getSession(user, host, port); session.setPassword(password); localUserInfo lui=new localUserInfo(); session.setUserInfo(lui); session.setConfig("StrictHostKeyChecking", "no"); // create port from 2233 on local system to port 22 on tunnelRemoteHost session.setPortForwardingL(2233, tunnelRemoteHost, 22); session.connect(); session.openChannel("direct-tcpip"); // create a session connected to port 2233 on the local host. Session secondSession = jsch.getSession(user, "localhost", 2233); secondSession.setPassword(secondPassword); secondSession.setUserInfo(lui); secondSession.setConfig("StrictHostKeyChecking", "no"); secondSession.connect(); // now we're connected to the secondary system Channel channel=secondSession.openChannel("exec"); ((ChannelExec)channel).setCommand("hostname"); channel.setInputStream(null); InputStream stdout=channel.getInputStream(); channel.connect(); while (true) { byte[] tmpArray=new byte[1024]; while(stdout.available() > 0){ int i=stdout.read(tmpArray, 0, 1024); if(i<0)break; outputBuffer.append(new String(tmpArray, 0, i)); } if(channel.isClosed()){ System.out.println("exit-status: "+channel.getExitStatus()); break; } } stdout.close(); channel.disconnect(); secondSession.disconnect(); session.disconnect(); System.out.print(outputBuffer.toString()); } class localUserInfo implements UserInfo{ String passwd; public String getPassword(){ return passwd; } public boolean promptYesNo(String str){return true;} public String getPassphrase(){ return null; } public boolean promptPassphrase(String message){return true; } public boolean promptPassword(String message){return true;} public void showMessage(String message){} } }此代码的作用是创建一个本地端口,将其转发到目标系统上的ssh端口,然后通过它进行连接. hostname命令的运行表明它确实在转发的系统上运行.
What this code does is create a local port forwarding to the ssh port on the target system, then connects through it. The running of the hostname command illustrates that it is, indeed, running on the forwarded-to system.
更多推荐
通过JSch的SSH隧道
发布评论