ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Charles Hudak" <charles.hu...@cardionet.com>
Subject RE: sshexec errors
Date Fri, 22 Oct 2004 00:57:07 GMT
The raw ssh command will usually accept new/changed host keys with a
warning (in my experience). The Jsch implementation doesn't do this, it
uses 'StrictHostKeyChecking' by default (as per the below email), at
least in the Ant task. It looks like you can run Jsch with strict host
checking disabled but then it prompts you if the host key has changed.
This won't work in the ant task very well since it requires manual
intervention.

> -----Original Message-----
> From: EJ Ciramella [mailto:eciramella@upromise.com] 
> Sent: Thursday, October 21, 2004 5:52 PM
> To: Ant Users List
> Subject: RE: sshexec errors
> 
> 
> the same thing I'm trying to do works when executed from the 
> command line:
> 
> ssh -t <servername> "sudo /usr/local/apache/bin/apachectl stop"
> 
> so my exec task looks like:
> 
>  <target name="web-stop" description="Stops the webserver">
>   <sshexec host="${webserver}" 
>       username="usr" 
>       password="pass" 
>       command="sudo /usr/local/apache/bin/apachectl stop"/>  </target>
> 
> And I get this weird error.  What gives?
> 
> -----Original Message-----
> From: Charles Hudak [mailto:charles.hudak@cardionet.com]
> Sent: Thursday, October 21, 2004 8:41 PM
> To: Ant Users List
> Subject: RE: sshexec errors
> 
> 
> "The man-in-the-middle attack has also become inpossible, 
> because the client does of course check the identity of the 
> remote host using his host key, too. To archieve maximum 
> security here, the client should be configured to use 
> ``StrictHostKeyChecking''. Setting this option to ``yes'' 
> tells the client not to accept any new or modified hostkey as 
> real. If a new host has been added to the network, or a host 
> key has been changed, the administrator has to install the 
> new key manually. While this is a bit inconvenient in a fast 
> moving network, it ensure that nobody intercepts your IP 
> packets and claims to be the machine you tried to access."
> 
> From this site: http://cryp.to/publications/the-secure-shell/
> 
> Sounds like the host key HAS CHANGED and you haven't 
> downloaded the new key file for the task to point at? After 
> looking through the jsch source code, that is likely the problem.
> 
> > -----Original Message-----
> > From: EJ Ciramella [mailto:eciramella@upromise.com]
> > Sent: Thursday, October 21, 2004 5:24 PM
> > To: Ant Users List
> > Subject: sshexec errors
> > 
> > 
> > Hello all - I'm getting a strange error with my script when
> > I'm trying to restart apache remotely:
> > 
> > com.jcraft.jsch.JSchException: HostKey has been changed
> > 
> > Could anyone shed some light on this?
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
> > For additional commands, e-mail: user-help@ant.apache.org
> > 
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
> For additional commands, e-mail: user-help@ant.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
> For additional commands, e-mail: user-help@ant.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org


Mime
View raw message