ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From DJohn...@desknetinc.com
Subject [SUBMIT] sshsession task
Date Thu, 09 Aug 2007 05:04:30 GMT
Sshsession is a container task which establishes an SSH connection,
and optionally any number of local or remote tunnels over that connection,
then executes any nested tasks before taking down the connection.

My purpose in writing it is that we use cvs, and secure all access by only
allowing cvs connections from localhost, which are tunneled over SSH
connections.  Establishing those connections is the only manual step in an 

otherwise automated build process.   

While I could use exec to issue the putty command (this is done on  
windoze) conditionally if a server is not already accessible at localhost 
port 2401, it gets more complicated with a passphrase on the keypair being 

used.
 
Furthermore, there was no way to ensure that an existing connection is the
connection we should be using, and no way to bring the connection down
once we are done with it.
 
So I wrote SSHSession, extending SSHBase, and implementing TaskContainer.
The TaskContainer implementation is lifted directly from Sequential, and
the remainder is adapted from SSHExec, though all the command execution
related properties and logic were removed.  I added support for defining 
the tunnels via properties and/or nested elements.  I only needed local 
port forwarding, but added remote port forwarding for completeness.   

Using SSHSession with a local tunnel (2401:localhost:2401) and nested CVS 
commands does exactly what we need.  Other uses could involve anything 
needing to make a TCP connection to a server not otherwise accessible 
through a firewall, e.g. HTTP <get>, SMTP <mail>, JDBC <sql>... 

Because I've utilized the existing authentication and connection logic
from SSHExec and SSHBase, the new task is as reliable in that regard as
SSHExec. I've personally tested only the keypair with passphrase method of
authentication, but I tested both local and remote port forwarding.
I have no server setup to accomodate testing the other authentication 
options.

In the attached tgz of an svn diff, please find SSHSession.java,  
sshsession.html, and mods to defaults.properties and optionaltasklist.html 


--------------------------------------------------------
David S. Johnson
 
"Oh scholar, if your scholarship benefits not Mankind,
you deserve not admiration but contempt." -- Kahlil Gibran
Mime
View raw message