ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rhino" <>
Subject Re: Question re sshexec
Date Wed, 21 Dec 2005 00:48:55 GMT
I've read the documentation you suggested - actually, I read the whole 
page - but only half understand it so I have some followup questions.

Am I correct in understanding that Ant needs the original SSH key, not the 
one generated by PuTTYgen and stored in Pageant? Is that original key likely 
to be in the hidden .ssh directory on the server? I just found the .ssh 
directory - right out in the open in /home/rhino - and it contains three 
files: authorized_keys, id_rsa, and Am I correct in assuming 
that the file I want is id_rsa?

Okay, assuming I haven't wandered out into the weeds yet, how do I pass the 
value in that file to my sshexec task? The examples in the manual seem to 
find that file on the local machine, not the server. How do I get it to my 
PC without mangling it along the way or leaving it so that any fool with a 
sniffer can't easily find it and read it in the clear?

Just for the heck of it, I tried downloading /home/rhino/.ssh/id_rsa to my 
PC via WinSCP3 then pointed to that file in the sshexec task. Much to my 
delight the task WORKED!!! Yahoo!

So: did I do the right thing? I'm a little uneasy about having the id_rsa 
file on my PC, especially since you can read it clearly with Notepad. Isn't 
that a security exposure? Or is it harmless without other secret stuff on 
the server that is hopefully encrypted and hidden behind firewalls, 
permissions, etc.?

Also, will the id_rsa file ever change? In other words, will I need to 
replace the version now on my PC with a newer version somewhere down the 

Hmm, maybe I was being overoptimistic when I said I understood half of what 
I read in the documentation you cited ;-)

One other thought: would it make sense to get the developer's to modify 
sshexec and scp so that they support a keyfile parameter that points to the 
.ssh directory on the server, maybe via an explicit URL like 


----- Original Message ----- 
From: "Anderson, Rob (Global Trade)" <>
To: "Rhino" <>; "ant-user" <>
Sent: Tuesday, December 20, 2005 6:01 PM
Subject: RE: Question re sshexec

Actually my question was about the version of ssh you are using on your
client machine, not the server, but both were answered. This does help.
Putty stores ssh-keys in a different format than is expected by openssh,
and the ant sshexec task. Please read the following section of the putty

Read section 8.2.8 through section 8.2.12.

You will need to point ant to the original private key that was
generated with openssl. Ant will not be able to use the one that putty

-Rob Anderson

> -----Original Message-----
> From: Rhino []
> Sent: Tuesday, December 20, 2005 2:51 PM
> To: ant-user
> Cc: Anderson, Rob (Global Trade)
> Subject: Re: Question re sshexec
> I've finally received an answer about our SSH setup from the
> administrator of the server. He's out of town for a few days
> and only checking email sporadically.
> I've lost the original email thread but I've copied and
> pasted from the email that I forwarded to our administrator
> and added his answer.
> ---
> Okay, in a nutshell, the administrator has this to say about
> Rob's question on the setup of SSH on the server:
> "I don't have an answer to that. The original key was made
> with Openssl / Openssh the key was then put on your computer
> and converted for use by Putty."
> I don't know if that is enough to answer your question; I
> suspect not. But I have root access to the server and the
> administrator's permission to do commands to get the version
> number for SSH or whatever else I need to do to answer the question.
> In other words, I'm pretty much on my own with respect to
> getting the information you need to help me. So, if you tell
> me how to figure out the things you need to know, I'm more
> than ready to do whatever it takes to get that information
> for you. I will happily sign on the server and do any command
> you like that isn't destructive. Just tell me what commands
> to run and I'll do them right away and report back.
> For what it's worth, I've just run the 'openssl' command on
> the server and when I got the prompt, I entered: version. The
> result was "0.9.7a Feb 19 2003".
> I would _REALLY_ like to get my sshexec/scp tasks working. I
> am putting together a workaround but it's fairly ugly and is
> more of my time than I wanted to spend: using sshexec and scp
> is definitely my preferred choice.
> Rhino
> > ----- Original Message -----
> > From: "Anderson, Rob (Global Trade)" <>
> > To: "Ant Users List" <>
> > Sent: Monday, December 19, 2005 2:11 PM
> > Subject: RE: Question re sshexec task
> >
> >
> > It may be that your ssh keyfile is in the wrong format. What
> > version/vendor of ssh did you use to generate the keyfile?
> >
> > -Rob Anderson
> >
> >> -----Original Message-----
> >> From: Rhino []
> >> Sent: Saturday, December 17, 2005 3:31 PM
> >> To: ant-user
> >> Subject: Question re sshexec task
> >>
> >> Is there any problem with blanks or apostrophes within the
> name of a
> >> keyfile in an sshexec task? I am running Ant 1.6.5 in
> Eclipse 3.1.1.
> >>
> >> Our environment changed recently so I need to modify my
> build scripts
> >> to use keys instead of passwords. After reading the
> sshexec article
> >> in the Ant manual, I wrote the following trivial task to
> display the
> >> current directory on our Linux server:
> >>
> >> <sshexec host="" username="rhino"
> >> keyfile="C:\Documents and Settings\Rodeo\Desktop\Bob's
> Server\Rodeos
> >> key.ppk"
> >>
> >> passphrase="snarfle" trust="true"
> >>
> >> command="pwd"/>
> >>
> >>
> >> When I executed this task, this is what I found in the output:
> >>
> >> [sshexec] Identity: com.jcraft.jsch.JSchException: invaid
> privatekey:
> >> C:\Documents and Settings\Rodeo\Desktop\Bob's Server\Rodeos key.ppk
> >>
> >>
> >> E:\eclipse\3.1.1\eclipse\workspace\Resume_JDK_1.5.0\xml\tonge.
> >> xml:106:
> >> com.jcraft.jsch.JSchException: invaid privatekey:
> >> C:\Documents and Settings\Rodeo\Desktop\Bob's Server\Rodeos key.ppk
> >>
> >> Although the message seems to be complaining about my private key,
> >> the message contains the path to the key file. The path to the key
> >> file is correct so I'm guessing that the sshexec task has
> a problem
> >> with embedded blanks or apostrophes in the path.
> >>
> >> Can anyone confirm that or suggest an alternate explanation?
> >> I'd like to get this task working again.
> >>
> >> Also, just a little thing but how do I notify the
> developer of this
> >> task about the typo in the error message; he/she's got "invalid"
> >> spelled without the 'l'. This is an optional task so I'm
> not sure if
> >> I have to contact them directly or if I can get a message
> to them via
> >> this mailing list.
> >>
> >>
> >> Rhino
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.371 / Virus Database: 267.14.1/207 - Release
> Date: 19/12/2005

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.1/207 - Release Date: 19/12/2005

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.1/207 - Release Date: 19/12/2005

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message