Re: Using Ant with SSH
- Original Message - From: Conor MacNeill [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 27, 2001 1:31 AM Subject: RE: Using Ant with SSH You presumably could run ssh-agent to enter the passphrase before starting Ant. I haven't verified that this will work when execing scp from Ant. At least it works fine on Windows using putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/). Nico
Re: Using Ant with SSH
healey, alex wrote: Naah. If you use public/private key system you never have to enter a passphrase ... ever ;) I don't even know my passwords on most systems I have accounts on because I don't need it ;) Surely this means it is insecure or you are assuming total physical security of your computer (so that it is safe to store you full credentials there). All PKI systems I have used require both physical key (disk, card, or hard drive files) and a password / passphrase otherwise they aren't secure as there is nothing to stop anyone using your computer to impersonate you. Maybe I am missing something. Nope ;) But I run linux and thus I have consequently learnt that once a user compromises a local account then it is trivial to compromise root. Once root is compromised they can easily compromise ssh binary. Also if they can get to physical location it is trivial to compromise root. Using passworded keystores often gives people a false sense of security I guess and it only really protects against script kiddies. But if script kiddies can compromise a local account ... then you have faaar more problems to think about ;) If I need to develope securely then I disconnect from network and lock it it behind a metal door. Unfortunately it is damn cold down there so I usually only do that when forced to ;) Cheers, Pete *-* | Faced with the choice between changing one's mind, | | and proving that there is no need to do so - almost | | everyone gets busy on the proof. | | - John Kenneth Galbraith | *-*
Re: Using Ant with SSH
why not? what's wrong with prompting the user for input?
I'll even supply the task (see attachment)
Filip Cruz wrote:
Thanks, Paul
I'll give it a try.
At 11:36 AM 7/26/2001 -0400, you wrote:
I'm doing SSH deployment using SecureCRT.
SecureCRT has VCP command line utility to transfer files over SSH.
One problem - you can't input password during deployment so I'm
providing it
in a password file.
Here is an example of target:
target name=doSSH description=Copies file to remote server over
SSH.
!-- Secure CRT location --
property name=vcp.dir value=C:\Progra~1\Secure~1.0/
property name=pwd.file value=pwd/
property name=pwd value=x/
echo message=Copying ${source.file} to ${dest.dir} at
.../
!-- Create password file --
echo message=${pwd} file=${source.dir}/${pwd.file}/
exec dir=${source.dir} executable=cmd
arg line=/S /C ${vcp.dir}\vcp.exe ${source.file}
[EMAIL PROTECTED]:${dest.dir} lt; ${pwd.file}/
/exec
!-- delete password file when we've done --
delete file=${source.dir}/${pwd.file}/
/target
Good luck,
Paul Perevalov,
Bridium,Inc.
-Original Message-
From: Filip Cruz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 26, 2001 11:18 AM
To: [EMAIL PROTECTED]
Subject: Re: Using Ant with SSH
Sorry,
I am trying to use Ant to deploy to our production servers through
SSH. In
brief I want to be able to deploy the files over SSH to the server
from a
task in the Ant build.xml file. I am using a Win2K client and I have SSH
Secure Shell client and SecureCRT.
Is there a way to deploy over SSH from Ant?? If so, how is it done?
/*
**
* $RCSfile: Prompt.java,v $ $Revision: 1.3 $ $Date: 2001/06/15 20:30:57 $
**
*/
import org.apache.tools.ant.BuildException;
import org.apache.tools.ant.Project;
import org.apache.tools.ant.Task;
import java.io.LineNumberReader;
import java.io.InputStreamReader;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
/***
* Task definition for the ANT task to prompt the user for information
* Usage:
*
* Task declaration in the project:
* taskdef name=prompt classname=Prompt /
*
* Task calling syntax:
* prompt message=message propertyname=propname
* [defaultvalue=value | allowempty=true|false]
*
*[ allow value=value ]*
* /prompt
*
* Attributes:
* message - The message to display to the user
* propertyname - The name of the property to set with the received input
* defaultValue - The default value if the user just hits enter
* allowempty - Whether or not an empty value is allowed
*
* Subitems:
* allow value=value / -- allow this value to be input. By supplying
*one or more of this subitem, you limit the
*input to a range of specific allowable
*values. Any value input that is not explicitly
*allowed is rejected. (good for y/n questions)
*
* Notes:
* 1. The defaultvalue and allowempty attributes are mutually exclusive,
* and if both are specified, the defaultvalue attribute takes precedence.
*/
public class Prompt extends Task
{
private String message;
private String defaultValue;
private String propertyName;
private boolean allowEmpty;
private List allows;
/***
* Default Constructor
*/
public Prompt()
{
allows = new ArrayList();
allowEmpty = true;
}
public void execute()
throws BuildException
{
if (message == null)
throw new BuildException(Message is missing);
if (propertyName == null)
throw new BuildException(PropertyName is missing);
if (defaultValue != null allows.size() 0)
{
if (! allows.contains(new Allow(defaultValue)))
throw new BuildException(Default Value is not in the set of allowed
values.);
}
StringBuffer sb = new StringBuffer();
sb.append(message);
sb.append( );
int asize = allows.size();
if (asize 0)
{
sb.append( ();
for (int i=0;iasize;i++)
{
if (i != 0) sb.append(',');
sb.append(allows.get(i));
}
sb.append() );
}
if (defaultValue != null)
{
sb.append('[');
sb.append(defaultValue);
sb.append(']');
sb.append( : );
}
boolean done = false;
LineNumberReader lnr = new LineNumberReader(new InputStreamReader(System.in
Re: Using Ant with SSH
This task works great as long as you're not logging. That's why I've
created a Swing-based task to handle getting input. If anyone's
interested, let me know and I'll send it to you.
-- Don
--- Matthew Inger [EMAIL PROTECTED] wrote:
why not? what's wrong with prompting the user for input?
I'll even supply the task (see attachment)
Filip Cruz wrote:
Thanks, Paul
I'll give it a try.
At 11:36 AM 7/26/2001 -0400, you wrote:
I'm doing SSH deployment using SecureCRT.
SecureCRT has VCP command line utility to transfer files over SSH.
One problem - you can't input password during deployment so I'm
providing it
in a password file.
Here is an example of target:
target name=doSSH description=Copies file to remote server
over
SSH.
!-- Secure CRT location --
property name=vcp.dir value=C:\Progra~1\Secure~1.0/
property name=pwd.file value=pwd/
property name=pwd value=x/
echo message=Copying ${source.file} to ${dest.dir} at
.../
!-- Create password file --
echo message=${pwd} file=${source.dir}/${pwd.file}/
exec dir=${source.dir} executable=cmd
arg line=/S /C ${vcp.dir}\vcp.exe ${source.file}
[EMAIL PROTECTED]:${dest.dir} lt; ${pwd.file}/
/exec
!-- delete password file when we've done --
delete file=${source.dir}/${pwd.file}/
/target
Good luck,
Paul Perevalov,
Bridium,Inc.
-Original Message-
From: Filip Cruz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 26, 2001 11:18 AM
To: [EMAIL PROTECTED]
Subject: Re: Using Ant with SSH
Sorry,
I am trying to use Ant to deploy to our production servers through
SSH. In
brief I want to be able to deploy the files over SSH to the server
from a
task in the Ant build.xml file. I am using a Win2K client and I
have SSH
Secure Shell client and SecureCRT.
Is there a way to deploy over SSH from Ant?? If so, how is it
done?
/*
**
* $RCSfile: Prompt.java,v $ $Revision: 1.3 $ $Date: 2001/06/15
20:30:57 $
**
*/
import org.apache.tools.ant.BuildException;
import org.apache.tools.ant.Project;
import org.apache.tools.ant.Task;
import java.io.LineNumberReader;
import java.io.InputStreamReader;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
/***
* Task definition for the ANT task to prompt the user for
information
* Usage:
*
* Task declaration in the project:
* taskdef name=prompt classname=Prompt /
*
* Task calling syntax:
* prompt message=message propertyname=propname
* [defaultvalue=value | allowempty=true|false]
*
*[ allow value=value ]*
* /prompt
*
* Attributes:
* message - The message to display to the user
* propertyname - The name of the property to set with the
received input
* defaultValue - The default value if the user just hits
enter
* allowempty - Whether or not an empty value is allowed
*
* Subitems:
* allow value=value / -- allow this value to be input.
By supplying
*one or more of this subitem,
you limit the
*input to a range of specific
allowable
*values. Any value input that
is not explicitly
*allowed is rejected. (good for
y/n questions)
*
* Notes:
* 1. The defaultvalue and allowempty attributes are mutually
exclusive,
* and if both are specified, the defaultvalue attribute
takes precedence.
*/
public class Prompt extends Task
{
private String message;
private String defaultValue;
private String propertyName;
private boolean allowEmpty;
private List allows;
/***
* Default Constructor
*/
public Prompt()
{
allows = new ArrayList();
allowEmpty = true;
}
public void execute()
throws BuildException
{
if (message == null)
throw new BuildException(Message is missing);
if (propertyName == null)
throw new BuildException(PropertyName is missing);
if (defaultValue != null allows.size() 0)
{
if (! allows.contains(new Allow(defaultValue)))
throw new BuildException(Default Value is not in the
set of allowed values.);
}
StringBuffer sb = new StringBuffer();
sb.append(message);
sb.append( );
int asize = allows.size();
if (asize 0)
{
sb.append( ();
for (int i=0;iasize;i++)
{
if (i != 0) sb.append
Re: Using Ant with SSH
On Fri, 27 Jul 2001 01:05, Filip Cruz wrote: Hi all, Ant is great, but I can't seem to get it to work with SSH for deploying to our production servers. Has anybody gotten this to work?? well what do you mean got it to work. You need to be a little more specific if you want anyone to help you. Cheers, Pete *-* | Faced with the choice between changing one's mind, | | and proving that there is no need to do so - almost | | everyone gets busy on the proof. | | - John Kenneth Galbraith | *-*
Re: Using Ant with SSH
Sorry, I am trying to use Ant to deploy to our production servers through SSH. In brief I want to be able to deploy the files over SSH to the server from a task in the Ant build.xml file. I am using a Win2K client and I have SSH Secure Shell client and SecureCRT. Is there a way to deploy over SSH from Ant?? If so, how is it done?
Re: Using Ant with SSH
On Fri, 27 Jul 2001 01:17, Filip Cruz wrote: Sorry, I am trying to use Ant to deploy to our production servers through SSH. In brief I want to be able to deploy the files over SSH to the server from a task in the Ant build.xml file. I am using a Win2K client and I have SSH Secure Shell client and SecureCRT. Is there a way to deploy over SSH from Ant?? If so, how is it done? I don't know about SSH on win32 but on linux I can do something like. scp myfile.zip [EMAIL PROTECTED]:/my/deployment/dir and use public/private key system to authenticate. So to do it in ant it would be as simple as exec executable=scp os=Linux arg value=myfile.zip/ arg value=[EMAIL PROTECTED]:/my/deployment/dir/ /exec Cheers, Pete *-* | Faced with the choice between changing one's mind, | | and proving that there is no need to do so - almost | | everyone gets busy on the proof. | | - John Kenneth Galbraith | *-*
Re: Using Ant with SSH
Cool! I'll give it a try. At 01:26 AM 7/27/2001 +1000, you wrote: On Fri, 27 Jul 2001 01:17, Filip Cruz wrote: Sorry, I am trying to use Ant to deploy to our production servers through SSH. In brief I want to be able to deploy the files over SSH to the server from a task in the Ant build.xml file. I am using a Win2K client and I have SSH Secure Shell client and SecureCRT. Is there a way to deploy over SSH from Ant?? If so, how is it done? I don't know about SSH on win32 but on linux I can do something like. scp myfile.zip [EMAIL PROTECTED]:/my/deployment/dir and use public/private key system to authenticate. So to do it in ant it would be as simple as exec executable=scp os=Linux arg value=myfile.zip/ arg value=[EMAIL PROTECTED]:/my/deployment/dir/ /exec Cheers, Pete *-* | Faced with the choice between changing one's mind, | | and proving that there is no need to do so - almost | | everyone gets busy on the proof. | | - John Kenneth Galbraith | *-*
RE: Using Ant with SSH
But I suppose the only way of doing this without human interaction is having an empty passphrase? (I tried scp:ing in an expect script to enter the passphrase automatically, but it didn't work.) Klara -Original Message- From: Filip Cruz [mailto:[EMAIL PROTECTED]] Sent: den 26 juli 2001 15:34 To: [EMAIL PROTECTED] Subject: Re: Using Ant with SSH Cool! I'll give it a try. At 01:26 AM 7/27/2001 +1000, you wrote: On Fri, 27 Jul 2001 01:17, Filip Cruz wrote: Sorry, I am trying to use Ant to deploy to our production servers through SSH. In brief I want to be able to deploy the files over SSH to the server from a task in the Ant build.xml file. I am using a Win2K client and I have SSH Secure Shell client and SecureCRT. Is there a way to deploy over SSH from Ant?? If so, how is it done? I don't know about SSH on win32 but on linux I can do something like. scp myfile.zip [EMAIL PROTECTED]:/my/deployment/dir and use public/private key system to authenticate. So to do it in ant it would be as simple as exec executable=scp os=Linux arg value=myfile.zip/ arg value=[EMAIL PROTECTED]:/my/deployment/dir/ /exec Cheers, Pete *-* | Faced with the choice between changing one's mind, | | and proving that there is no need to do so - almost | | everyone gets busy on the proof. | | - John Kenneth Galbraith | *-*
RE: Using Ant with SSH
I'm doing SSH deployment using SecureCRT.
SecureCRT has VCP command line utility to transfer files over SSH.
One problem - you can't input password during deployment so I'm providing it
in a password file.
Here is an example of target:
target name=doSSH description=Copies file to remote server over SSH.
!-- Secure CRT location --
property name=vcp.dir value=C:\Progra~1\Secure~1.0/
property name=pwd.file value=pwd/
property name=pwd value=x/
echo message=Copying ${source.file} to ${dest.dir} at .../
!-- Create password file --
echo message=${pwd} file=${source.dir}/${pwd.file}/
exec dir=${source.dir} executable=cmd
arg line=/S /C ${vcp.dir}\vcp.exe ${source.file}
[EMAIL PROTECTED]:${dest.dir} lt; ${pwd.file}/
/exec
!-- delete password file when we've done --
delete file=${source.dir}/${pwd.file}/
/target
Good luck,
Paul Perevalov,
Bridium,Inc.
-Original Message-
From: Filip Cruz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 26, 2001 11:18 AM
To: [EMAIL PROTECTED]
Subject: Re: Using Ant with SSH
Sorry,
I am trying to use Ant to deploy to our production servers through SSH. In
brief I want to be able to deploy the files over SSH to the server from a
task in the Ant build.xml file. I am using a Win2K client and I have SSH
Secure Shell client and SecureCRT.
Is there a way to deploy over SSH from Ant?? If so, how is it done?
Re: Using Ant with SSH
On Fri, 27 Jul 2001 03:08, Klara Ward wrote: But I suppose the only way of doing this without human interaction is having an empty passphrase? (I tried scp:ing in an expect script to enter the passphrase automatically, but it didn't work.) Naah. If you use public/private key system you never have to enter a passphrase ... ever ;) I don't even know my passwords on most systems I have accounts on because I don't need it ;) -Original Message- From: Filip Cruz [mailto:[EMAIL PROTECTED]] Sent: den 26 juli 2001 15:34 To: [EMAIL PROTECTED] Subject: Re: Using Ant with SSH Cool! I'll give it a try. At 01:26 AM 7/27/2001 +1000, you wrote: On Fri, 27 Jul 2001 01:17, Filip Cruz wrote: Sorry, I am trying to use Ant to deploy to our production servers through SSH. In brief I want to be able to deploy the files over SSH to the server from a task in the Ant build.xml file. I am using a Win2K client and I have SSH Secure Shell client and SecureCRT. Is there a way to deploy over SSH from Ant?? If so, how is it done? I don't know about SSH on win32 but on linux I can do something like. scp myfile.zip [EMAIL PROTECTED]:/my/deployment/dir and use public/private key system to authenticate. So to do it in ant it would be as simple as exec executable=scp os=Linux arg value=myfile.zip/ arg value=[EMAIL PROTECTED]:/my/deployment/dir/ /exec Cheers, Pete *-* | Faced with the choice between changing one's mind, | | and proving that there is no need to do so - almost | | everyone gets busy on the proof. | | - John Kenneth Galbraith | *-* -- Cheers, Pete *-* | Faced with the choice between changing one's mind, | | and proving that there is no need to do so - almost | | everyone gets busy on the proof. | | - John Kenneth Galbraith | *-*
RE: Using Ant with SSH
Thanks, Paul
I'll give it a try.
At 11:36 AM 7/26/2001 -0400, you wrote:
I'm doing SSH deployment using SecureCRT.
SecureCRT has VCP command line utility to transfer files over SSH.
One problem - you can't input password during deployment so I'm providing it
in a password file.
Here is an example of target:
target name=doSSH description=Copies file to remote server over SSH.
!-- Secure CRT location --
property name=vcp.dir value=C:\Progra~1\Secure~1.0/
property name=pwd.file value=pwd/
property name=pwd value=x/
echo message=Copying ${source.file} to ${dest.dir} at .../
!-- Create password file --
echo message=${pwd} file=${source.dir}/${pwd.file}/
exec dir=${source.dir} executable=cmd
arg line=/S /C ${vcp.dir}\vcp.exe ${source.file}
[EMAIL PROTECTED]:${dest.dir} lt; ${pwd.file}/
/exec
!-- delete password file when we've done --
delete file=${source.dir}/${pwd.file}/
/target
Good luck,
Paul Perevalov,
Bridium,Inc.
-Original Message-
From: Filip Cruz [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 26, 2001 11:18 AM
To: [EMAIL PROTECTED]
Subject: Re: Using Ant with SSH
Sorry,
I am trying to use Ant to deploy to our production servers through SSH. In
brief I want to be able to deploy the files over SSH to the server from a
task in the Ant build.xml file. I am using a Win2K client and I have SSH
Secure Shell client and SecureCRT.
Is there a way to deploy over SSH from Ant?? If so, how is it done?
RE: Using Ant with SSH
Naah. If you use public/private key system you never have to enter a passphrase ... ever ;) I don't even know my passwords on most systems I have accounts on because I don't need it ;) Surely this means it is insecure or you are assuming total physical security of your computer (so that it is safe to store you full credentials there). All PKI systems I have used require both physical key (disk, card, or hard drive files) and a password / passphrase otherwise they aren't secure as there is nothing to stop anyone using your computer to impersonate you. Maybe I am missing something. Alex -Original Message- From: Peter Donald [mailto:[EMAIL PROTECTED]] Sent: 26 July 2001 16:58 To: [EMAIL PROTECTED] Subject: Re: Using Ant with SSH On Fri, 27 Jul 2001 03:08, Klara Ward wrote: But I suppose the only way of doing this without human interaction is having an empty passphrase? (I tried scp:ing in an expect script to enter the passphrase automatically, but it didn't work.) Naah. If you use public/private key system you never have to enter a passphrase ... ever ;) I don't even know my passwords on most systems I have accounts on because I don't need it ;) -Original Message- From: Filip Cruz [mailto:[EMAIL PROTECTED]] Sent: den 26 juli 2001 15:34 To: [EMAIL PROTECTED] Subject: Re: Using Ant with SSH Cool! I'll give it a try. At 01:26 AM 7/27/2001 +1000, you wrote: On Fri, 27 Jul 2001 01:17, Filip Cruz wrote: Sorry, I am trying to use Ant to deploy to our production servers through SSH. In brief I want to be able to deploy the files over SSH to the server from a task in the Ant build.xml file. I am using a Win2K client and I have SSH Secure Shell client and SecureCRT. Is there a way to deploy over SSH from Ant?? If so, how is it done? I don't know about SSH on win32 but on linux I can do something like. scp myfile.zip [EMAIL PROTECTED]:/my/deployment/dir and use public/private key system to authenticate. So to do it in ant it would be as simple as exec executable=scp os=Linux arg value=myfile.zip/ arg value=[EMAIL PROTECTED]:/my/deployment/dir/ /exec Cheers, Pete *-* | Faced with the choice between changing one's mind, | | and proving that there is no need to do so - almost | | everyone gets busy on the proof. | | - John Kenneth Galbraith | *-* -- Cheers, Pete *-* | Faced with the choice between changing one's mind, | | and proving that there is no need to do so - almost | | everyone gets busy on the proof. | | - John Kenneth Galbraith | *-*
Re: Using Ant with SSH
healey, alex wrote: Naah. If you use public/private key system you never have to enter a passphrase ... ever ;) I don't even know my passwords on most systems I have accounts on because I don't need it ;) Surely this means it is insecure or you are assuming total physical security of your computer (so that it is safe to store you full credentials there). All PKI systems I have used require both physical key (disk, card, or hard drive files) and a password / passphrase otherwise they aren't secure as there is nothing to stop anyone using your computer to impersonate you. Maybe I am missing something. Nope, you aren't really. A full blow PKI system typically requires at least two factor authentication: something you have, and something you know. In the case of your physical key, its the something you have. Well, actually its the private key on the card, not the card itself. The something you know is the passphrase. The third factor is what you are, which typically implies biometrics. Most systems don't go that far. In the case of SSH, its really more of a single factor authentication. The assumption is that your account on the machine is secure. If an intruder has root, there isn't a lot you can do (well, using tripwire and snort are two very good starts) other than redo your keys once you've hardened your system and kicked the intruder out. If someone has compromised another computer you log into with SSH, it doesn't really matter much from your perspective; all they've got is your public key. They need your private key to authenticate to the SSH server (i.e., impersonate you). If I've messed any of that description up, I'm sure a security expert (which I am most certainly not) will point it out. :-) Glenn McAllister SOMA Networks, Inc.
RE: Using Ant with SSH
You presumably could run ssh-agent to enter the passphrase before starting Ant. I haven't verified that this will work when execing scp from Ant. -Original Message- From: Klara Ward [mailto:[EMAIL PROTECTED]] Sent: Friday, 27 July 2001 3:08 AM To: [EMAIL PROTECTED] Subject: RE: Using Ant with SSH But I suppose the only way of doing this without human interaction is having an empty passphrase? (I tried scp:ing in an expect script to enter the passphrase automatically, but it didn't work.) Klara -Original Message- From: Filip Cruz [mailto:[EMAIL PROTECTED]] Sent: den 26 juli 2001 15:34 To: [EMAIL PROTECTED] Subject: Re: Using Ant with SSH Cool! I'll give it a try. At 01:26 AM 7/27/2001 +1000, you wrote: On Fri, 27 Jul 2001 01:17, Filip Cruz wrote: Sorry, I am trying to use Ant to deploy to our production servers through SSH. In brief I want to be able to deploy the files over SSH to the server from a task in the Ant build.xml file. I am using a Win2K client and I have SSH Secure Shell client and SecureCRT. Is there a way to deploy over SSH from Ant?? If so, how is it done? I don't know about SSH on win32 but on linux I can do something like. scp myfile.zip [EMAIL PROTECTED]:/my/deployment/dir and use public/private key system to authenticate. So to do it in ant it would be as simple as exec executable=scp os=Linux arg value=myfile.zip/ arg value=[EMAIL PROTECTED]:/my/deployment/dir/ /exec Cheers, Pete *-* | Faced with the choice between changing one's mind, | | and proving that there is no need to do so - almost | | everyone gets busy on the proof. | | - John Kenneth Galbraith | *-*
