As part of the upgrade from jline1 to jline3 I took the opportunity to migrate jPOS-EE’s SSH module (contributed by Victor) to jPOS, so that we have it handy in all installs.
Try q2 --help
to see the new options.
Running q2 --ssh
will start Q2 and an SSH server in the default port 2222.
You need to place your authorized_keys
in a cfg
directory and then you can:
ssh -p 2222 admin@localhost
to get a q2>
prompt.
The server checks that the cfg/authorized_keys
has read-only permissions and while this works alright in Unix, I wonder if it works in Windows (I’d appreciate some feedback - can you give it a try) ?
Hello,
I downloaded a new jpos-master from github and ran gradlew installApp successfully
Inside build/install/jpos/cfg, I created the authorized_keys file and put my public key (ssh-rsa AAA(….) ), then ran bin/q2 —ssh and got this exception:
<log realm="sshd" at="2016-09-22T10:28:19.904">
<warn>
start
<exception name="null">
java.lang.NullPointerException
at org.jpos.q2.ssh.SshService.checkAuthorizedKeys(SshService.java:100)
at org.jpos.q2.ssh.SshService.startService(SshService.java:53)
at org.jpos.q2.QBeanSupport.start(QBeanSupport.java:118)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.reflect.misc.Trampoline.invoke(Unknown Source)
at sun.reflect.GeneratedMethodAccessor1.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.reflect.misc.MethodUtil.invoke(Unknown Source)
at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(Unknown Source)
at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(Unknown Source)
at com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(Unknown Source)
at com.sun.jmx.mbeanserver.PerInterface.invoke(Unknown Source)
at com.sun.jmx.mbeanserver.MBeanSupport.invoke(Unknown Source)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(Unknown Source)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(Unknown Source)
at org.jpos.q2.QFactory.startQBean(QFactory.java:187)
at org.jpos.q2.Q2.start(Q2.java:569)
at org.jpos.q2.Q2.deploy(Q2.java:353)
at org.jpos.q2.Q2.run(Q2.java:220)
at java.lang.Thread.run(Unknown Source)
</exception>
</warn>
</log>
It’s checking permissions using POSIX attributes, so I put some code to detect OS(if windows, just return;) and rebuild.
Now the ssh server came up.
When I tried to connect, I got another exception:
<log realm="sshd" at="2016-09-22T10:58:04.367">
<error>
<exception name="null">
java.lang.ArrayIndexOutOfBoundsException
at java.lang.System.arraycopy(Native Method)
at org.jpos.q2.ssh.AuthorizedKeysFileBasedPKA$AuthorizedKeysDecoder.decodeBigInt(AuthorizedKeysFileBasedPKA.java:139)
at org.jpos.q2.ssh.AuthorizedKeysFileBasedPKA$AuthorizedKeysDecoder.decodePublicKey(AuthorizedKeysFileBasedPKA.java:102)
at org.jpos.q2.ssh.AuthorizedKeysFileBasedPKA.parseAuthorizedKeys(AuthorizedKeysFileBasedPKA.java:60)
at org.jpos.q2.ssh.AbstractPKA.authenticate(AbstractPKA.java:39)
at org.apache.sshd.server.auth.UserAuthPublicKey.doAuth(UserAuthPublicKey.java:72)
at org.apache.sshd.server.auth.AbstractUserAuth.auth(AbstractUserAuth.java:49)
at org.apache.sshd.server.session.ServerUserAuthService.process(ServerUserAuthService.java:145)
at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:431)
at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:326)
at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:780)
at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:308)
at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:184)
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:170)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
at sun.nio.ch.Invoker.invokeUnchecked(Unknown Source)
at sun.nio.ch.Invoker$2.run(Unknown Source)
at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
</exception>
</error>
</log>
Can you point me a direction to make work?
Thanks,
Felipph
--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
Join us in IRC at http://webchat.freenode.net/?channels=jpos
You received this message because you are subscribed to the "jPOS Users" group.
Please see http://jpos.org/wiki/JPOS_Mailing_List_Readme_first
To post to this group, send email to jpos-...@googlegroups.com
To unsubscribe, send email to jpos-users+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/jpos-users
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3Dk8L1aoKwpWiqy6gEK18vgjcbdSx8hHW%2ByQBN2eq7xtvA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
It’s checking permissions using POSIX attributes, so I put some code to detect OS(if windows, just return;) and rebuild.
Can you share the code you’ve used, perhaps we can add it too.
As for the ArrayIndexOutOfBoundsException
, what key type have you used? I tested it with ssh-dss
.
Are you using admin@localhost
as the user?
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CABCV0czp6fOVcSxvvrQV6mAoLAf6pYrYwVZwHGNS4-H5E-CcWg%40mail.gmail.com.
> Can you share the code you’ve used, perhaps we can add it too.
ssh-dss
.admin@localhost
as the user?To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3DmDDZoityMZ9LF3JmHT9ajo2-QNjx4kR3M0GCoJPjidAA%40mail.gmail.com.
Awesome, thank you for the code snipped, just applied it in https://github.com/jpos/jPOS/commit/89f40dbd0c663d5f3be3b9a6ab4d1cbb9c43e23c
(I’ve also forced a nightly build so a gradle --refresh-dependencies
should get you the new version.
Good catch on the key username, good to know it’s working now.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CABCV0czjQziLmNBXncP_a2t3zUYVhHNeXNXdpYhabKZdbgwO5A%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3Dnw7yo-4LmF8vwf%3DLP2SMec%2BnkO8oJLKvKkxwHvoPw68Q%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CABCV0cy9V-FabuGkY2-Jg-ET9ZUVa2pwS_exmjKHqi8wmSCK5w%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3D%3D%3DADOY9152%2Bskp_y77v%3Dn0%3DkUwoLbwe8b6gK06MMYeJg%40mail.gmail.com.
Awesome. Thank you.
Now it’s time to create your own commands, that’s the idea behind the CLI, your application can create commands relevant to its business logic, like we do in jPOS-EE with the ADDUSER, ADDROLE, etc.
Creating commands is extremely simple, they just have to implement the CLICommand
interface.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CABCV0cyby3izrpOa_B9LZm02aOXBAXRv5qoTEMaqWwCNjguEAA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAAgSK%3Dm%3D3O_GV1Bhkvd0299qBpeq8u6AdkzZUU_HQOKoAvu8aw%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CABCV0cyOaaH2uj8x_HGR3vQjEZZzq3PxAFw6D3CzLKDxaSkT3w%40mail.gmail.com.