问题
We are trying to provide an SFTP adapter in a Spring based environment to transfer files from local to either local or remote server.But, we dont have any password configured for the users in the remote location. All implementations like apache-commons VFS or Jsch require password or private key pairs to do file transfer. We cannot configure a password to the users now as that would need multiple changes in other APIs from which we get the user infromation.
How do you suggest we tackle it?
回答1:
You can use SFTP/SSH without any password needed, for automated purposes. 2 ways, your choice.
1 - Make a key pair, where the secret key has a blank password. Use ssh-keygen:
$ ssh-keygen -f myInsecureKey
when it prompts for the secret (private) key passphrase (password), just hit return. Then take the public key (myInsecureKey.pub) and txfer it to the server, into the .ssh dir in the remote account's home directory. Must name it 'authorized_keys', if it already exists, append your new key (use an editor to see what you're doing). Beware, though, that your secret key is now totally naked so you should adjust permissions or something to guard it.
2 - Use an 'agent' with a regular SSH keypair. It's a bit involved, but once you get it going, it's cool, and great for interactive use. On unix/mac, the command ssh-agent will run a personal secret-key-server on your client machine. It cranks out some shell commands that you need to source. Like this:
$ ssh-agent > ~/.ssh/.myAgentContactInfo
$ source ~/.ssh/.myAgentContactInfo
Every shell must do the last step to use the agent; put it in your .profile so new shell windows you open up will be good to go. I think each user needs their own agent.
Then you load it up with whatever secret keys: $ ssh-add mySecretKey That step will demand your sec key password, but after that, you're password-free.
Both these methods work with ssh and sftp, and maybe work with the ssh libraries (i never tried them).
回答2:
I don't understand how you could do SFTP without authenticate with a user login and a password. A user may have an empty password though.
With JSch you can use StrictHostKeyChecking:
final int PORT = 22;
// Server belongs to the model
Server server = new Server("root", "password");
JSch client = new JSch();
Session session = client.getSession(server.getLogin(), server.getAddress(), PORT);
// This is the important line!
session.setConfig("StrictHostKeyChecking", "no");
session.setPassword(server.getPassword());
来源:https://stackoverflow.com/questions/23650838/sftp-to-a-remote-location-without-a-password-key-pair