Creating an SSH Client

Lee Painter

It's relatively simple to create an SSH Client using the Maverick Synergy Java SSH API. The SshClient class provides a high-level implementation that enables you to authenticate via a number of different ways. 

The most simple way is to connect a SshClient using a password. 

try(SshClient ssh = new SshClient(hostname, port, username, password.toCharArray())) {

}

 

Note that the SshClient is itself Closable, so you can wrap it within try/catch to ensure that resources are closed and the client disconnected when your operation is complete.

If you want to create a client that authenticates using a public key, try

try(SshClient ssh = new SshClient(hostname, port, username, new File("~/.ssh/id_rsa"), "mypassphrase") {

}

 

If you prefer you can load a number of public key identities and pass these so any of the keys can be used for authentication.

try(SshClient ssh = new SshClient(hostname, port, username,try(
SshClient ssh = new SshClient(hostname, port, username,
SshKeyUtils.getPrivateKey(new File("~/.ssh/id_rsa"), "passphrase"),
SshKeyUtils.getPrivateKey(new File("~/.ssh/id_ed25519"), "passphrase"))) {
}

 

You may need to authenticate by password and public key. There is also a constructor to suit this.

try(SshClient ssh = new SshClient(hostname, port, username, 
password.toCharArray(),
new File(".ssh/id_rsa"), "passphrase")) { 
}

 

There are times, however, where you may need to prompt the user for authentication, or you do not know at compile time what authentication mechanism to use. For this there is a constructor to SshClient that allows connection only.

try(SshClient ssh = new SshClient(hostname, port, username)) {

}

 

We can now implement a password prompt within the try/catch. We will prompt for the users password via System.out and read it back through System.in. If the password fails we will prompt again until the server disconnects which usually happens after a number of failed attempts.

BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); 
System.out.println(ssh.getAuthenticationMethods());
ClientAuthenticator auth;
do {
System.out.print("Password: ");
auth = new PasswordAuthenticator(reader.readLine());
if(ssh.authenticate(auth, 30000)) {
break;
}
} while(ssh.isConnected());

 

Here we are creating a PasswordAuthenticator with the password read from System.in. We then pass it into the SshClient via the authenticate method, this returns a boolean to indicate that the attempt was successful or not. Note, that the return from authenticate is only the success of the individual authentication attempt. If the server requires additional authentication, you may need to perform a different authentication, for example authenticating with a public key. The getAuthenticationMethods method of SshClient will provide you with the list of support authentication methods at any time. This may change after you perform a successful authentication.

You can check the overall authentication state with the following code:

if(ssh.isAuthenticated()) { 
System.out.println("Authenticated");
} else {
System.out.println("Authentication failed");
}