Repository: airavata Updated Branches: refs/heads/master ab0bf86c5 -> d88488a9a
Fixed JSch initialization error with regect HostKey Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/d88488a9 Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/d88488a9 Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/d88488a9 Branch: refs/heads/master Commit: d88488a9a60d4e42d043c3e09690e47d7ca540f1 Parents: ab0bf86 Author: Shameera Rathanyaka <[email protected]> Authored: Wed Jul 8 12:09:29 2015 -0400 Committer: Shameera Rathanyaka <[email protected]> Committed: Wed Jul 8 12:09:29 2015 -0400 ---------------------------------------------------------------------- .../main/resources/airavata-server.properties | 9 +++-- .../authentication/SSHKeyAuthentication.java | 41 +++++++++++++++++--- .../org/apache/airavata/gfac/impl/Factory.java | 23 +++++++---- .../airavata/gfac/impl/HPCRemoteCluster.java | 8 +++- 4 files changed, 62 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/d88488a9/modules/configuration/server/src/main/resources/airavata-server.properties ---------------------------------------------------------------------- diff --git a/modules/configuration/server/src/main/resources/airavata-server.properties b/modules/configuration/server/src/main/resources/airavata-server.properties index 0b0305f..0045935 100644 --- a/modules/configuration/server/src/main/resources/airavata-server.properties +++ b/modules/configuration/server/src/main/resources/airavata-server.properties @@ -164,11 +164,14 @@ [email protected] # if user specify both password authentication gets the higher preference ################# ---------- For ssh key pair authentication ------------------- ################ -#public.ssh.key=/path to public key for ssh -#private.ssh.key=/path to private key file for ssh +#ssh.public.key=/path to public key for ssh +#ssh.private.key=/path to private key file for ssh #ssh.keypass=passphrase for the private key #ssh.username=username for ssh connection -### Incase of password authentication. +## If you set "yes" for ssh.strict.hostKey.checking, then you must provide known hosts file path +#ssh.strict.hostKey.checking=yes/no +#ssh.known.hosts.file=/path to known hosts file +### Incase of password authentication. #ssh.password=Password for ssh connection ################ ---------- BES Properties ------------------- ############### http://git-wip-us.apache.org/repos/asf/airavata/blob/d88488a9/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/authentication/SSHKeyAuthentication.java ---------------------------------------------------------------------- diff --git a/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/authentication/SSHKeyAuthentication.java b/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/authentication/SSHKeyAuthentication.java index 94beadd..191d7a8 100644 --- a/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/authentication/SSHKeyAuthentication.java +++ b/modules/gfac/gfac-core/src/main/java/org/apache/airavata/gfac/core/authentication/SSHKeyAuthentication.java @@ -34,28 +34,57 @@ public class SSHKeyAuthentication implements AuthenticationInfo { private String privateKeyFilePath; private String publicKeyFilePath; private String passphrase; + private String knownHostsFilePath; + private String strictHostKeyChecking; // yes or no - public SSHKeyAuthentication(String userName, String privateKeyFilePath, String publicKeyFilePath, String - passphrase) { - this.userName = userName; - this.privateKeyFilePath = privateKeyFilePath; - this.publicKeyFilePath = publicKeyFilePath; - this.passphrase = passphrase; + public SSHKeyAuthentication() { } public String getUserName() { return userName; } + public void setUserName(String userName) { + this.userName = userName; + } + public String getPrivateKeyFilePath() { return privateKeyFilePath; } + public void setPrivateKeyFilePath(String privateKeyFilePath) { + this.privateKeyFilePath = privateKeyFilePath; + } + public String getPublicKeyFilePath() { return publicKeyFilePath; } + public void setPublicKeyFilePath(String publicKeyFilePath) { + this.publicKeyFilePath = publicKeyFilePath; + } + public String getPassphrase() { return passphrase; } + + public void setPassphrase(String passphrase) { + this.passphrase = passphrase; + } + + public String getKnownHostsFilePath() { + return knownHostsFilePath; + } + + public void setKnownHostsFilePath(String knownHostsFilePath) { + this.knownHostsFilePath = knownHostsFilePath; + } + + public String getStrictHostKeyChecking() { + return strictHostKeyChecking; + } + + public void setStrictHostKeyChecking(String strictHostKeyChecking) { + this.strictHostKeyChecking = strictHostKeyChecking; + } } http://git-wip-us.apache.org/repos/asf/airavata/blob/d88488a9/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/Factory.java ---------------------------------------------------------------------- diff --git a/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/Factory.java b/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/Factory.java index 0727927..c2ce8dc 100644 --- a/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/Factory.java +++ b/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/Factory.java @@ -23,6 +23,7 @@ package org.apache.airavata.gfac.impl; import com.google.common.eventbus.EventBus; import org.apache.airavata.common.exception.AiravataException; import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.common.utils.ApplicationSettings; import org.apache.airavata.common.utils.LocalEventPublisher; import org.apache.airavata.common.utils.ServerSettings; import org.apache.airavata.gfac.core.GFacEngine; @@ -178,8 +179,8 @@ public abstract class Factory { if (remoteCluster == null) { String hostName = Factory.getDefaultAppCatalog().getComputeResource().getComputeResource(cRP .getComputeResourceId()).getHostName(); - ServerInfo serverInfo = new ServerInfo(cRP.getLoginUserName(), hostName); - + // fixme - read login user name from computeResourcePreference + ServerInfo serverInfo = new ServerInfo(ServerSettings.getSetting("ssh.username"), hostName); List<JobSubmissionInterface> jobSubmissionInterfaces = Factory.getDefaultAppCatalog().getComputeResource() .getComputeResource(cRP.getComputeResourceId()) .getJobSubmissionInterfaces(); @@ -219,12 +220,18 @@ public abstract class Factory { } private static SSHKeyAuthentication getSSHKeyAuthentication() throws ApplicationSettingsException { - String username = ServerSettings.getSetting("ssh.username"); - String privateKeyFilePath = ServerSettings.getSetting("private.ssh.key"); - String publicKeyFilePath = ServerSettings.getSetting("public.ssh.key"); - String passphrase = ServerSettings.getSetting("ssh.keypass"); - return new SSHKeyAuthentication(username, privateKeyFilePath, - publicKeyFilePath, passphrase); + SSHKeyAuthentication sshKA = new SSHKeyAuthentication(); + sshKA.setUserName(ServerSettings.getSetting("ssh.username")); + sshKA.setPassphrase(ServerSettings.getSetting("ssh.keypass")); + sshKA.setPrivateKeyFilePath(ServerSettings.getSetting("ssh.private.key")); + sshKA.setPublicKeyFilePath(ServerSettings.getSetting("ssh.public.key")); + sshKA.setStrictHostKeyChecking(ServerSettings.getSetting("ssh.strict.hostKey.checking", "no")); + sshKA.setKnownHostsFilePath(ServerSettings.getSetting("ssh.known.hosts.file", null)); + if (sshKA.getStrictHostKeyChecking().equals("yes") && sshKA.getKnownHostsFilePath() == null) { + throw new ApplicationSettingsException("If ssh scrict hostky checking property is set to yes, you must " + + "provid known host file path"); + } + return sshKA; } public static JobSubmissionTask getJobSubmissionTask(JobSubmissionProtocol jobSubmissionProtocol) throws http://git-wip-us.apache.org/repos/asf/airavata/blob/d88488a9/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/HPCRemoteCluster.java ---------------------------------------------------------------------- diff --git a/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/HPCRemoteCluster.java b/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/HPCRemoteCluster.java index d847a4d..69cf03e 100644 --- a/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/HPCRemoteCluster.java +++ b/modules/gfac/gfac-impl/src/main/java/org/apache/airavata/gfac/impl/HPCRemoteCluster.java @@ -66,10 +66,14 @@ public class HPCRemoteCluster extends AbstractRemoteCluster{ } jSch = new JSch(); jSch.addIdentity(authentication.getPrivateKeyFilePath(), authentication.getPublicKeyFilePath(), - authentication - .getPassphrase().getBytes()); + authentication.getPassphrase().getBytes()); session = jSch.getSession(serverInfo.getUserName(), serverInfo.getHost(), serverInfo.getPort()); session.setUserInfo(new DefaultUserInfo(serverInfo.getUserName(), null, authentication.getPassphrase())); + if (authentication.getStrictHostKeyChecking().equals("yes")) { + jSch.setKnownHosts(authentication.getKnownHostsFilePath()); + } else { + session.setConfig("StrictHostKeyChecking","no"); + } session.connect(); // 0 connection timeout } catch (JSchException e) { throw new AiravataException("JSch initialization error ", e);
