2

I want to create a connection from a Windows system to a Linux machine which uses RSA token Passcode for authentication and I want to run shell commands and get the output from the Java code. When logging into that Linux system using putty has the following steps:

  1. Enter IP and port and connect
  2. Enter username in the PuTTY terminal which asks "login as: "
  3. Enter PASSCODE where we enter RSA SecurID

I have already tried connecting using Jsch package and it doesn't connect. I also tried a jcabi-ssh (http://ssh.jcabi.com/) which a wrapper for Jsch. None of them seem to work for me.

EDIT: I used the following code using the Jsch packages

        String host = "xxx";
        String user = "xxx";
        String password;

        Scanner scanner = new Scanner (System.in);
        System.out.println("Enter rsa token: ");
        password = scanner.nextLine();

        Session session = jsch.getSession(user, host, 2222);
        session.setPassword(password);
        session.connect();

I get the following error after it:

com.jcraft.jsch.JSchException: UnknownHostKey: myservername. RSA key fingerprint is ba:2b:70:2f:4f:fa:f6:20:31:56:e0:e8:8b:16:46:c9

I found a solution by someone saying include this piece of code which sets StrictHostKeyChecking to "no":

    java.util.Properties config = new java.util.Properties(); 
    config.put("StrictHostKeyChecking", "no");
    session.setConfig(config);

Then my error changed to:

com.jcraft.jsch.JSchException: Auth cancel

Trying with that other jcabi-ssh implementation gives similar results.

President James K. Polk
  • 40,516
  • 21
  • 95
  • 125
Pratik Mayekar
  • 121
  • 5
  • 1
    "it doesn't connect" - i.e. step 1 is failing? So you're not getting as far as the RSA token? – Rup Jul 04 '18 at 05:51
  • Or is the TCP Or is the TCP connection made but then some negotiation failing? Do you get any error messages or exceptions? – Rup Jul 04 '18 at 05:57
  • @Rup check the edits – Pratik Mayekar Jul 04 '18 at 06:27
  • Thanks. [Auth cancel](https://stackoverflow.com/questions/2901248/com-jcraft-jsch-jschexception-auth-cancel) sounds like it doesn't have an authentication method it can use. Maybe the RSA token value has a different code internally than password? I think your best bet would be to find the code in JSch that's generating the cancel and work out why, and if it's because it can't find a common authentication method then checking which values are known by both the client and the server. – Rup Jul 04 '18 at 09:28
  • I've had a quick look at the JSch code from SourceForge - annoyingly no source browser I can link to, but here's [an old snapshot on GitHub](https://github.com/is/jsch/) and the relevant bits haven't changed. It looks like this is triggered by JschAuthCancelException, so if you can get your debugger to break on that that would help you track down where this is coming from: it's triggered either by a public key that it can't decrypt, or password auth without a password, or if it's unable to show a password prompt (or if the user cancels an interactive password prompt). – Rup Jul 04 '18 at 11:05
  • You should try and find out which one of these you're hitting. If it's something unexpected then have a look at the loop where this is caught, as that's the loop over agreed authentication methods. – Rup Jul 04 '18 at 11:06

1 Answers1

0

What you are looking for is a dialog which will accept the passphrase at that point in time and establish connection. Here is what you need to integrate RSA SecureId - http://www.jcraft.com/jsch/examples/UserAuthPubKey.java.html

Rishi Parmar
  • 17
  • 3
  • That example is obviously for private key authentication not SecureId, and he has the value he wants to use already - he doesn't need a dialog. Is there something else specific in that code he should be doing you're trying to highlight? – Rup Jul 17 '18 at 10:46
  • Obviously you will have to modify that code. Use com.rsa.authagent.authapi.AuthAgentException com.rsa.authagent.authapi.AuthSession com.rsa.authagent.authapi.AuthSessionFactory. You can google for examples which use RSA authagent. – Rishi Parmar Jul 17 '18 at 12:20