Using certificates with NetconfX
91 views
Skip to first unread message
A.V.
Apr 12, 2012, 4:09:14 PM4/12/12
to netc...@googlegroups.com
The following question was received via email:
Hi,
Hi,
How do you use a certificate with NetConfX?
Is there an example that I can use?
Thanks,
Joe
A.V.
Apr 12, 2012, 4:22:24 PM4/12/12
to netc...@googlegroups.com
Hello Joe,
First, if you would post queries on Google groups, that would be appreciated - that way, everyone can benefit from the response.
The way this works is like so:
NetconfX connects to the target system over SSH. There are multiple authentication schemes you can use for SSH - the preferred method is using certificate/passphrase with a fallback of username/password. NetconfX is set up to try the first (if it is set up to do so) and the second (if it is not, or the first one fails).
To use certificates, a you need to do the following things:
- Generate the certificate pair (private and public). Note that the file MUST be in (OpenSSH) PEM format - either DSA or RSA.
- Upload the public key to your target device
- Configure your target device's SSH application to use the public key for authentication
- Pass in the path-name to the the private key establishing an SSH connection. This is done by setting the "certificate" property in the setup method.
- If the private key is encrypted, specify the passphrase (by setting the "passphrase" property to the setup method).
Once you do these, NetconfX will connect using certificate-based authentication. Upon connection, target SSH application will validate the SSH session initiator (by verifying that the private key presented by NetconfX corresponds to the public key stored in the target). If another (intruder) system tries to connect to the target over SSH, it will not be able to provide the private key and hence the connection will be rejected.
Please refer to the com.centeredlogic.net.netconf.transport.ssh.SshConnection.java file to review the actual code for more details.
Regards,
A.V.
Carl Roberts
Apr 12, 2012, 9:27:08 PM4/12/12
to NetconfX
just tried this but didn't work:
Here is the login from putty, showing I can log in with the private
key:
Using username "oracle".
Authenticating with public key "rsa-key-20120412"
Last login: Thu Apr 12 20:08:17 2012 from 192.168.56.1
On 4/12/2012 9:09 PM, carl roberts wrote:
> Hi I am simply trying to connect to the regular SSH server right now at port 22 - no netconf server involved on linux right now.
>
> Here is what I am trying:
>
> /*
> * To change this template, choose Tools | Templates
> * and open the template in the editor.
> */
> package netconfxtest;
>
> import com.centeredlogic.net.netconf.Capabilities;
> import com.centeredlogic.net.netconf.Client;
> import java.util.Properties;
>
> /**
> *
> * @author joe
> */
> public class NetConfXTest {
>
> /**
> * @param args the command line arguments
> */
> public static void main(String[] args) {
> System.out.println("Setting up SSH transport client .. ");
> Client client = new Client();
> Properties props = new Properties();
> props.put("protocol", "ssh");
> props.put("host", "192.168.56.101");
> props.put("socketTimeout", "30000");
> props.put("port", "22");
> //props.put("username", "oracle");
> //props.put("password", "oracle");
> props.put("certificate", "c:/dev/tools/puttygen/ssh_key.ppk");
> // You could use a certificate with a passphrase instead of a password
> client.setup(props);
> System.out.println("SSH transport client setup complete.");
> Capabilities caps = client.getDeviceCapabilities();
> System.out.println(caps.toString());
> client.shutdown();
> }
> }
>
>
> And here is what I am getting
>
> debug:
> Setting up SSH transport client ..
> Apr 12, 2012 9:02:46 PM com.centeredlogic.util.CLThread run
> INFO: Starting thread - NotificationStreamPinger-192.168.56.101; transferring control to runnable ..
> Apr 12, 2012 9:03:14 PM com.centeredlogic.net.ssh.SshConnection authenticateWithKey
> SEVERE: Error authenticating with key: Publickey authentication failed.
> Apr 12, 2012 9:03:14 PM com.centeredlogic.net.ssh.SshConnection authenticateWithKey
> SEVERE: Failed to authenticate user: admin on host: 192.168.56.101 using certificates
> Apr 12, 2012 9:03:14 PM com.centeredlogic.net.ssh.SshConnection authenticateWithPassword
> SEVERE: Error authenticating with password: password argument is null
> Apr 12, 2012 9:03:14 PM com.centeredlogic.net.ssh.SshConnection authenticateWithPassword
> SEVERE: Failed to authenticate user: admin on host: 192.168.56.101
> Apr 12, 2012 9:03:14 PM com.centeredlogic.net.netconf.transport.ssh.SshTransportClient obtainConnection
> SEVERE: Exception acquiring SSH connection
> java.lang.RuntimeException: Failed to authenticate user: admin on host: 192.168.56.101
> at com.centeredlogic.net.ssh.SshConnection.authenticateWithPassword(Unknown Source)
> at com.centeredlogic.net.ssh.SshConnection.connectAndAuthenticate(Unknown Source)
> at com.centeredlogic.net.netconf.transport.ssh.SshConnection.<init>(Unknown Source)
> at com.centeredlogic.net.netconf.transport.ssh.SyncSshConnection.<init>(Unknown Source)
> at com.centeredlogic.net.netconf.transport.ssh.SshConnectionPoolHandler.makeObject(Unknown Source)
> at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:840)
> at com.centeredlogic.net.netconf.transport.ssh.SshConnectionPoolHandler.getConnection(Unknown Source)
> at com.centeredlogic.net.netconf.transport.ssh.SshTransportClient.obtainConnection(Unknown Source)
> at com.centeredlogic.net.netconf.transport.ssh.SshTransportClient.send(Unknown Source)
> at com.centeredlogic.net.netconf.Client.sendRaw(Unknown Source)
> at com.centeredlogic.net.netconf.Client.send(Unknown Source)
> at com.centeredlogic.net.netconf.Client.loadDeviceCaps(Unknown Source)
> at com.centeredlogic.net.netconf.Client.setup(Unknown Source)
> at netconfxtest.NetConfXTest.main(NetConfXTest.java:32)
>
> Apr 12, 2012 9:03:14 PM com.centeredlogic.net.netconf.transport.ssh.SshTransportClient send
> SEVERE: Exception during NETCONF rpc send
> java.lang.RuntimeException: An error occured in the transport layer: Failed to authenticate user: admin on host: 192.168.56.101
> at com.centeredlogic.net.netconf.transport.ssh.SshTransportClient.obtainConnection(Unknown Source)
> at com.centeredlogic.net.netconf.transport.ssh.SshTransportClient.send(Unknown Source)
> at com.centeredlogic.net.netconf.Client.sendRaw(Unknown Source)
> at com.centeredlogic.net.netconf.Client.send(Unknown Source)
> at com.centeredlogic.net.netconf.Client.loadDeviceCaps(Unknown Source)
> at com.centeredlogic.net.netconf.Client.setup(Unknown Source)
> at netconfxtest.NetConfXTest.main(NetConfXTest.java:32)
Here is the login from putty, showing I can log in with the private
key:
Using username "oracle".
Authenticating with public key "rsa-key-20120412"
Last login: Thu Apr 12 20:08:17 2012 from 192.168.56.1
On 4/12/2012 9:09 PM, carl roberts wrote:
> Hi I am simply trying to connect to the regular SSH server right now at port 22 - no netconf server involved on linux right now.
>
> Here is what I am trying:
>
> /*
> * To change this template, choose Tools | Templates
> * and open the template in the editor.
> */
> package netconfxtest;
>
> import com.centeredlogic.net.netconf.Capabilities;
> import com.centeredlogic.net.netconf.Client;
> import java.util.Properties;
>
> /**
> *
> * @author joe
> */
> public class NetConfXTest {
>
> /**
> * @param args the command line arguments
> */
> public static void main(String[] args) {
> System.out.println("Setting up SSH transport client .. ");
> Client client = new Client();
> Properties props = new Properties();
> props.put("protocol", "ssh");
> props.put("host", "192.168.56.101");
> props.put("socketTimeout", "30000");
> props.put("port", "22");
> //props.put("username", "oracle");
> //props.put("password", "oracle");
> props.put("certificate", "c:/dev/tools/puttygen/ssh_key.ppk");
> // You could use a certificate with a passphrase instead of a password
> client.setup(props);
> System.out.println("SSH transport client setup complete.");
> Capabilities caps = client.getDeviceCapabilities();
> System.out.println(caps.toString());
> client.shutdown();
> }
> }
>
>
> And here is what I am getting
>
> debug:
> Setting up SSH transport client ..
> Apr 12, 2012 9:02:46 PM com.centeredlogic.util.CLThread run
> INFO: Starting thread - NotificationStreamPinger-192.168.56.101; transferring control to runnable ..
> Apr 12, 2012 9:03:14 PM com.centeredlogic.net.ssh.SshConnection authenticateWithKey
> SEVERE: Error authenticating with key: Publickey authentication failed.
> Apr 12, 2012 9:03:14 PM com.centeredlogic.net.ssh.SshConnection authenticateWithKey
> SEVERE: Failed to authenticate user: admin on host: 192.168.56.101 using certificates
> Apr 12, 2012 9:03:14 PM com.centeredlogic.net.ssh.SshConnection authenticateWithPassword
> SEVERE: Error authenticating with password: password argument is null
> Apr 12, 2012 9:03:14 PM com.centeredlogic.net.ssh.SshConnection authenticateWithPassword
> SEVERE: Failed to authenticate user: admin on host: 192.168.56.101
> Apr 12, 2012 9:03:14 PM com.centeredlogic.net.netconf.transport.ssh.SshTransportClient obtainConnection
> SEVERE: Exception acquiring SSH connection
> java.lang.RuntimeException: Failed to authenticate user: admin on host: 192.168.56.101
> at com.centeredlogic.net.ssh.SshConnection.authenticateWithPassword(Unknown Source)
> at com.centeredlogic.net.ssh.SshConnection.connectAndAuthenticate(Unknown Source)
> at com.centeredlogic.net.netconf.transport.ssh.SshConnection.<init>(Unknown Source)
> at com.centeredlogic.net.netconf.transport.ssh.SyncSshConnection.<init>(Unknown Source)
> at com.centeredlogic.net.netconf.transport.ssh.SshConnectionPoolHandler.makeObject(Unknown Source)
> at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:840)
> at com.centeredlogic.net.netconf.transport.ssh.SshConnectionPoolHandler.getConnection(Unknown Source)
> at com.centeredlogic.net.netconf.transport.ssh.SshTransportClient.obtainConnection(Unknown Source)
> at com.centeredlogic.net.netconf.transport.ssh.SshTransportClient.send(Unknown Source)
> at com.centeredlogic.net.netconf.Client.sendRaw(Unknown Source)
> at com.centeredlogic.net.netconf.Client.send(Unknown Source)
> at com.centeredlogic.net.netconf.Client.loadDeviceCaps(Unknown Source)
> at com.centeredlogic.net.netconf.Client.setup(Unknown Source)
> at netconfxtest.NetConfXTest.main(NetConfXTest.java:32)
>
> Apr 12, 2012 9:03:14 PM com.centeredlogic.net.netconf.transport.ssh.SshTransportClient send
> SEVERE: Exception during NETCONF rpc send
> java.lang.RuntimeException: An error occured in the transport layer: Failed to authenticate user: admin on host: 192.168.56.101
> at com.centeredlogic.net.netconf.transport.ssh.SshTransportClient.obtainConnection(Unknown Source)
> at com.centeredlogic.net.netconf.transport.ssh.SshTransportClient.send(Unknown Source)
> at com.centeredlogic.net.netconf.Client.sendRaw(Unknown Source)
> at com.centeredlogic.net.netconf.Client.send(Unknown Source)
> at com.centeredlogic.net.netconf.Client.loadDeviceCaps(Unknown Source)
> at com.centeredlogic.net.netconf.Client.setup(Unknown Source)
> at netconfxtest.NetConfXTest.main(NetConfXTest.java:32)
Reply all
Reply to author
Forward
0 new messages