Categories
java Linux

ssh to linux box using Kerberos from Java

In this post, we will learn about ssh to linux box using Kerberos from Java

If you want to login to VM without using password from Java we can use this Kerberos for this.

Prerequisites
  • JSch.jar
  • Kerberos Configuration file
  • Jaas file
  • Remote Host information
  • Keytab file location
  • Principle Name

In the code we need to set the below system property

  • System.setProperty(“java.security.krb5.conf”, “/etc/krb5.config”);
  • System.setProperty(“java.security.auth.login.config”, “jass.config”); — Jass file

java.security.krb5.conf – you can see the krb5.config file on /etc directory
java.security.auth.login.config- jass.config will look like below

com.sun.security.jgss.krb5.accept {
        com.sun.security.auth.module.Krb5LoginModule required
        useKeyTab=true
        storeKey=true
        doNotPrompt=true
        principal="[email protected]"
		keyTab="location of keytab"
		
    };
Example

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.Properties;

import com.jcraft.jsch.Channel;
import com.jcraft.jsch.ChannelExec;
import com.jcraft.jsch.JSch;
import com.jcraft.jsch.JSchException;
import com.jcraft.jsch.Session;

public class SSHKerberosExample {

	public static void main() {

		// Remote host that we are going to connect
		String host = "10.118.224.56";
		// Remote host user
		String user = "aws-test-user";
		// Command that we are going to execute on remote host
		String command = "mkdir /home/kerberosexample";

		JSch jsch = new JSch();
		// Kerberos config file
		System.setProperty("java.security.krb5.conf", "/etc/krb5.config");
		// Jass file location
		System.setProperty("java.security.auth.login.config", "/home/jaas.config");
		System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
		System.setProperty("sun.security.krb5.debug", "true");

		try {

			Session session = jsch.getSession(user, host, 22);
			Properties config = new java.util.Properties();
			config.put("StrictHostKeyChecking", "no");
			config.put("PreferredAuthentications", "gssapi-with-mic");

			session.setConfig(config);
			session.connect(20000);

			Channel channel = session.openChannel("exec");

			// Creating BufferReader to read input from host
			BufferedReader bufferReader = new BufferedReader(new InputStreamReader(channel.getInputStream()));

			((ChannelExec) channel).setCommand(command);
			channel.connect();

			StringBuilder stringBuilder = new StringBuilder();
			for (String string = bufferReader.readLine(); string != null; string = bufferReader.readLine()) {
				stringBuilder.append(string);
			}

			System.out.println(stringBuilder.toString());

			channel.disconnect();
			session.disconnect();
			System.out.println("created folder using kerberos authentication");

		} catch (JSchException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
	}

}
Output
created folder using kerberos authentication

In case if you didn’t configured the properties correctly you will face auth exception

Github

https://github.com/rkumar9090/BeginnersBug/blob/master/BegineersBug/src/com/geeks/example/SSHKerberosExample.java

Leave a Reply

Your email address will not be published. Required fields are marked *