youys
/
ant
Not watched
1
0
Fork 1
Code
Releases 0 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: 9e1bd1445d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9e1bd1445d'
${ noResults }
ant/manual/Tasks/sshsession.html

254 lines
9.1 KiB
Raw Blame History 

  1. <!--

  2.    Licensed to the Apache Software Foundation (ASF) under one or more

  3.    contributor license agreements.  See the NOTICE file distributed with

  4.    this work for additional information regarding copyright ownership.

  5.    The ASF licenses this file to You under the Apache License, Version 2.0

  6.    (the "License"); you may not use this file except in compliance with

  7.    the License.  You may obtain a copy of the License at

  8. 

  9.        http://www.apache.org/licenses/LICENSE-2.0

  10. 

  11.    Unless required by applicable law or agreed to in writing, software

  12.    distributed under the License is distributed on an "AS IS" BASIS,

  13.    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  14.    See the License for the specific language governing permissions and

  15.    limitations under the License.

  16. -->

  17. <html>

  18. 

  19. <head>

  20. <meta http-equiv="Content-Language" content="en-us">

  21. <link rel="stylesheet" type="text/css" href="../stylesheets/style.css">

  22. <title>SSHSESSION Task</title>

  23. </head>

  24. 

  25. <body>

  26. 

  27. <h2 id="sshsession">SSHSESSION</h2>

  28. <p><em>Since Apache Ant 1.8.0</em></p>

  29. <h3>Description</h3>

  30. 

  31. <p>A Task which establishes an SSH connection with a remote machine running SSH daemon, optionally

  32. establishes any number of local or remote tunnels over that connection, then executes any nested

  33. tasks before taking down the connection.</p>

  34. 

  35. <p><strong>Note</strong>: This task depends on external libraries not included in the Ant

  36. distribution. See <a href="../install.html#librarydependencies">Library Dependencies</a> for more

  37. information.  This task has been tested with JSCh 0.1.33 and above and won't work with versions of

  38. JSCh earlier than 0.1.28.</p>

  39. 

  40. <p>See also the <a href="sshexec.html">sshexec</a> and <a href="scp.html">scp</a> tasks</p>

  41. 

  42. <h3>Parameters</h3>

  43. <table class="attr">

  44.   <tr>

  45.     <th scope="col">Attribute</th>

  46.     <th scope="col">Description</th>

  47.     <th scope="col">Required</th>

  48.   </tr>

  49.   <tr>

  50.     <td>host</td>

  51.     <td>The hostname or IP address of the remote host to which you wish to connect.</td>

  52.     <td>Yes</td>

  53.   </tr>

  54.   <tr>

  55.     <td>username</td>

  56.     <td>The username on the remote host to which you are connecting.</td>

  57.     <td>Yes</td>

  58.   </tr>

  59.   <tr>

  60.     <td>port</td>

  61.     <td>The port to connect to on the remote host.</td>

  62.     <td>No; defaults to <q>22</q></td>

  63.   </tr>

  64.   <tr>

  65.     <td>localtunnels</td>

  66.     <td>A comma-delimited list of colon-delimited <samp>lport:rhost:rport</samp> triplets defining

  67.       local port forwarding.<br/>If nested <a href="#LocalTunnel">localtunnel</a> elements are also

  68.       provided, both sets of tunnels will be established.</td>

  69.     <td>No</td>

  70.   </tr>

  71.   <tr>

  72.     <td>remotetunnels</td>

  73.     <td>A comma-delimited list of colon-delimited <samp>rport:lhost:lport</samp> triplets defining

  74.       remote port forwarding.<br/>  If nested <a href="#RemoteTunnel">remotetunnel</a> elements are

  75.       also provided, both sets of tunnels will be established.</td>

  76.     <td>No</td>

  77.   </tr>

  78.   <tr>

  79.     <td>trust</td>

  80.     <td>This trusts all unknown hosts if set to <q>yes</q>

  81.       or <q>true</q>.<br/><strong>Note</strong>: If you set this to <q>false</q> (the default), the

  82.       host you connect to must be listed in your <var>knownhosts</var> file, this also implies that

  83.       the file exists.</td>

  84.     <td>No; defaults to <q>no</q></td>

  85.   </tr>

  86.   <tr>

  87.     <td>knownhosts</td>

  88.     <td>This sets the known hosts file to use to validate the identity of the remote host. This must

  89.       be a SSH2 format file.  SSH1 format is not supported.</td>

  90.     <td>No; defaults to <q>${user.home}/.ssh/known_hosts</q></td>

  91.   </tr>

  92.   <tr>

  93.     <td>failonerror</td>

  94.     <td>Whether to halt the build if the command does not complete successfully.</td>

  95.     <td>No; defaults to <q>true</q></td>

  96.   </tr>

  97.   <tr>

  98.     <td>password</td>

  99.     <td>The password.</td>

  100.     <td>Yes, unless you are using key based authentication or the password has been given in the

  101.       file or <var>todir</var> attribute</td>

  102.   </tr>

  103.   <tr>

  104.     <td>keyfile</td>

  105.     <td>Location of the file holding the private key.</td>

  106.     <td>Yes, if you are using key based authentication</td>

  107.   </tr>

  108.   <tr>

  109.     <td>passphrase</td>

  110.     <td>Passphrase for your private key.</td>

  111.     <td>No; defaults to an empty string</td>

  112.   </tr>

  113.   <tr>

  114.     <td>timeout</td>

  115.     <td>Give up if the connection cannot be established within the specified time (given in

  116.       milliseconds).</td>

  117.     <td>No; defaults to <q>0</q> which means <q>never</q></td>

  118.   </tr>

  119. </table>

  120. 

  121. <h3>Parameters specified as nested elements</h3>

  122. 

  123. <h4 id="LocalTunnel">localtunnel</h4>

  124. <p>Optionally, any number of <code>localtunnel</code> elements can be used to define local port

  125. forwarding over the SSH connection.  If the <var>localtunnels</var> parameter was also specified,

  126. both sets of tunnels will be established.</p>

  127. 

  128. <table class="attr">

  129.   <tr>

  130.     <th scope="col">Attribute</th>

  131.     <th scope="col">Description</th>

  132.     <th scope="col">Required</th>

  133.   </tr>

  134.   <tr>

  135.     <td>lport</td>

  136.     <td>The number of the local port to be forwarded.</td>

  137.     <td>Yes</td>

  138.   </tr>

  139.   <tr>

  140.     <td>rhost</td>

  141.     <td>The hostname or IP address of the remote host to which the local port should be

  142.       forwarded.</td>

  143.     <td>Yes</td>

  144.   </tr>

  145.   <tr>

  146.     <td>rport</td>

  147.     <td>The number of the port on the remote host to which the local port should be forwarded.</td>

  148.     <td>Yes</td>

  149.   </tr>

  150. </table>

  151. 

  152. <h4 id="RemoteTunnel">remotetunnel</h4>

  153. <p>Optionally, any number of <code>remotetunnel</code> elements can be used to define remote port

  154. forwarding over the SSH connection.  If the <var>remotetunnels</var> parameter was also specified,

  155. both sets of tunnels will be established.</p>

  156. 

  157. <table class="attr">

  158.   <tr>

  159.     <th scope="col">Attribute</th>

  160.     <th scope="col">Description</th>

  161.     <th scope="col">Required</th>

  162.   </tr>

  163.   <tr>

  164.     <td>rport</td>

  165.     <td>The number of the remote port to be forwarded.</td>

  166.     <td>Yes</td>

  167.   </tr>

  168.   <tr>

  169.     <td>lhost</td>

  170.     <td>The hostname or IP address of the local host to which the remote port should be

  171.       forwarded.</td>

  172.     <td>Yes</td>

  173.   </tr>

  174.   <tr>

  175.     <td>lport</td>

  176.     <td>The number of the port on the local host to which the remote port should be forwarded.</td>

  177.     <td>Yes</td>

  178.   </tr>

  179. </table>

  180. 

  181. <h4 id="Sequential">sequential</h4>

  182. <p>The <code>sequential</code> element is a required parameter.  It is a container for nested Tasks

  183. which are to be executed once the SSH connection is established and all local and/or remote tunnels

  184. established.</p>

  185. 

  186. <h3>Examples</h3>

  187. 

  188. <p>Connect to a remote machine using password authentication, forward the local CVS port to the

  189. remote host, and execute a CVS command locally, which can use the tunnel.</p>

  190. 

  191. <pre>

  192. &lt;sshsession host=&quot;somehost&quot;

  193.             username=&quot;dude&quot;

  194.             password=&quot;yo&quot;

  195.             localtunnels=&quot;2401:localhost:2401&quot;&gt;

  196.   &lt;sequential&gt;

  197.     &lt;cvs command=&quot;update ${cvs.parms} ${module}&quot;

  198.          cvsRoot=&quot;${cvs.root}&quot;

  199.          dest=&quot;${local.root}&quot;

  200.          failonerror=&quot;true&quot;/&gt;

  201.   &lt;/sequential&gt;

  202. &lt;/sshsession&gt;</pre>

  203. 

  204. <p>Do the same thing using nested <code>localtunnel</code> element.</p>

  205. 

  206. <pre>

  207. &lt;sshsession host=&quot;somehost&quot;

  208.             username=&quot;dude&quot;

  209.             password=&quot;yo&quot;&gt;

  210.   &lt;localtunnel lport=&quot;2401&quot; rhost=&quot;localhost&quot; rport=&quot;2401&quot;/&gt;

  211.   &lt;sequential&gt;

  212.     &lt;cvs command=&quot;update ${cvs.parms} ${module}&quot;

  213.          cvsRoot=&quot;${cvs.root}&quot;

  214.          dest=&quot;${local.root}&quot;

  215.          failonerror=&quot;true&quot;/&gt;

  216.   &lt;/sequential&gt;

  217. &lt;/sshsession&gt;</pre>

  218. 

  219. <p>Connect to a remote machine using key authentication, forward port 1080 to port 80 of an intranet

  220. server which is not directly accessible, then run a <code>get</code> task using that tunnel.</p>

  221. 

  222. <pre>

  223. &lt;sshsession host=&quot;somehost&quot;

  224.             username=&quot;dude&quot;

  225.             keyfile=&quot;${user.home}/.ssh/id_dsa&quot;

  226.             passphrase=&quot;yo its a secret&quot;/&gt;

  227.   &lt;LocalTunnel lport=&quot;1080&quot; rhost=&quot;intranet.mycomp.com&quot; rport=&quot;80&quot;/&gt;

  228.   &lt;sequential&gt;

  229.     &lt;get src=&quot;http://localhost:1080/somefile&quot; dest=&quot;temp/somefile&quot;/&gt;

  230.   &lt;/sequential&gt;

  231. &lt;/sshsession&gt;</pre>

  232. 

  233. <p><strong>Security Note</strong>: Hardcoding passwords or passphrases and/or usernames

  234. in <code>sshsession</code> task can be a serious security hole. Consider using variable substitution

  235. and include the password on the command line. For example:</p>

  236. 

  237. <pre>

  238. &lt;sshsession host=&quot;somehost&quot;

  239.             username=&quot;${username}&quot;

  240.             password=&quot;${password}&quot;

  241.             localtunnels=&quot;2401:localhost:2401&quot;&gt;

  242.   &lt;sequential&gt;

  243.     &lt;sometask/&gt;

  244.   &lt;/sequential&gt;

  245. &lt;/sshsession&gt;</pre>

  246. 

  247. <p>Invoking Ant with the following command line:</p>

  248. <pre class="input">ant -Dusername=me -Dpassword=mypassword target1 target2</pre>

  249. <p>is slightly better, but the username/password is exposed to all users on an Unix system (via

  250. the <kbd>ps</kbd> command). The best approach is to use the <code>&lt;input&gt;</code> task and/or

  251. retrieve the password from a (secured) <samp>.properties</samp> file.</p>

  252. </body>

  253. </html>
Please read the following content carefully:

Dear OpenI User

Thank you for your continuous support to the Openl Qizhi Community AI Collaboration Platform. In order to protect your usage rights and ensure network security, we updated the Openl Qizhi Community AI Collaboration Platform Usage Agreement in January 2024. The updated agreement specifies that users are prohibited from using intranet penetration tools. After you click "Agree and continue", you can continue to use our services. Thank you for your cooperation and understanding.

For more agreement content, please refer to the《Openl Qizhi Community AI Collaboration Platform Usage Agreement》

Agree and continue
Disagree, exit