Documentation
Open Source Release Policy
Export Compliance
Using BouncyCastle
Installing the API
Enabling Logging
Per-Connection Logging
Third Party Dependencies
Generating SSH Keys
Using BouncyCastle
Using SSH Public Keys in Java
Supporting ED25519/Curve25519
Supporting Compression
Integrating Licensing into Maven Builds
Creating an SSH Client
Public Key Authentication
Keyboard Interactive Authentication
Public Key Authentication with sshagent
Executing Single Commands
Executing Commands within a Shell
Transferring Files
Connecting through Proxies
Display the Authentication Banner
Using the SFTP Client
Port Forwarding
Working Examples
Configuring Listening Interfaces
Configuring Host Keys
Password Authentication
Public Key Authentication
Challenge-Response Authentication
Configuring Port Forwarding
Configuring SFTP
Supporting SCP
Implementing your own File System
Creating an Interactive Terminal
Proxy Protocol Support
Creating an SSH Client
Creating an SSH Client using the Maverick Synergy Java SSH API is relatively simple. The SshClient class provides a high-level implementation that enables you to authenticate in several ways.
From version 3.1.0, the SshClient is now immutable and is created via the SshClientBuilder.
The most simple way is to connect a SshClient using a password.
try(SshClient ssh = SshClientBuilder.create()
.withHostname("localhost")
.withPort(2222)
.withUsername("root")
.withPassword("xxxxx")
.build()) {
}Code language: JavaScript (javascript)Note that the SshClient is itself Closable, so you can wrap it within try/catch to ensure that resources are closed and the client disconnected when your operation is complete.
If you want to create a client that authenticates using a public key, try
try(SshClient ssh = SshClientBuilder.create()
.withHostname("localhost")
.withPort(2222)
.withUsername("root")
.withIdentities(SshKeyUtils.getPrivateKey(
new File(".ssh/id_rsa"), "secure passphrase"))
.build()) {
}Code language: JavaScript (javascript)If you prefer, you can load several public key identities and pass these so any keys can be used for authentication.
try(SshClient ssh = SshClientBuilder.create()
.withHostname("localhost")
.withPort(2222)
.withUsername("root")
.withIdentities(SshKeyUtils.getPrivateKey(
new File(".ssh/id_rsa"), "secure passphrase"),
SshKeyUtils.getPrivateKey(
new File(".ssh/id_ed25519"), "different passphrase"))
.build()) {
}Code language: JavaScript (javascript)You may need to authenticate by password and public key. There is also a constructor to suit this.
try(SshClient ssh = SshClientBuilder.create()
.withHostname("localhost")
.withPort(2222)
.withUsername("root")
.withPassword("my password")
.withIdentities(SshKeyUtils.getPrivateKey(
new File(".ssh/id_rsa"), "secure passphrase"))
.build()) {
}Code language: JavaScript (javascript)There are times, however, when you may need to prompt the user for authentication. In this example, we prompt the user for the password in the console.
try(SshClient ssh = SshClientBuilder.create().withHostname("localhost")
.withPort(2222)
.withUsername("root")
.withPasswordPrompt(()->{
System.out.print("Enter Password: ");
return new String(System.console().readPassword());
})
.build()) {
}Code language: JavaScript (javascript)We can do the same with a private key, prompting for the passphrase if needed. Here the lambda provides a string with the key information.
.withPrivateKeyFile(new File(".ssh/id_rsa"), (info)->{
System.out.print("Key " + info);
System.out.print("Enter Passphrase: ");
return new String(System.console().readPassword());
})Code language: PHP (php)You may be unable to determine what authentication type to support at compile time. So, you may have to implement authentication directly once the SshClient is connected. This also allows us to provide some resilience and retry if authentication fails.
try(SshClient ssh = SshClientBuilder.create()
.withHostname("localhost")
.withPort(2222)
.withUsername("root")
.build()) {
System.out.println(ssh.getAuthenticationMethods());
ClientAuthenticator auth;
do {
System.out.print("Password: ");
auth = new PasswordAuthenticator(
System.console.readPassword());
if(ssh.authenticate(auth, 30000))
break;
} while(ssh.isConnected());
}Code language: PHP (php)Here, we have created a PasswordAuthenticator with the password read from System.console. We then pass it into the SshClient via the authenticate method; this returns a boolean to indicate whether the attempt was successful. Note that the return from authenticate is only the success of the individual authentication attempt. If the server requires additional authentication, you may need to perform a different authentication, for example, authenticating with a public key. The getAuthenticationMethods method of SshClient will provide you with a list of support authentication methods. This may change after you perform a successful authentication.
You can check the overall authentication state with the following code:
if(ssh.isAuthenticated()) {
System.out.println("Authenticated");
} else {
System.out.println("Authentication failed");
}Code language: JavaScript (javascript)