import dssh.*;
import dssh.authenticators.password.PasswordAuthenticator;
import dssh.exceptions.*;
import java.net.*;
import java.util.regex.Pattern;
import java.util.regex.Matcher;
public class dssh implements SSHConnectionCreator {
boolean verbose = false;
// Called by DSSH to inform us if we should be verbose or not
public void setVerbose(boolean verbose) {
this.verbose = verbose;
}
// utility function for regexp match
private boolean regexMatches(String where, String regexp) {
return Pattern.compile(".*" + regexp + ".*").matcher(where).matches();
}
// Let's create authenticated connection
public SSHConnection getAuthenticatedSSHConnection(String username, String host, int port, SSHConnection
par, SSHAuthenticator auth) {
/* "par" contains parent connection (if we do SSH over SSH tunneling).
DSSH would call this method with par = null, but we can use this
method ourselves recursively, see below */
SSHConnection parent = par;
String user = username;
String myuser = System.getenv("USER");
String orighost = host;
// let's start by simple examples. machine1.example.com does not listen on port
// 22, but on port 31337, so we'll fix this here, so user does not have to pass -p 31337
// to DSSH
if ((host.equals("machine1.example.com")) && (port == 22))
port = 31337;
/* let's continue with something more difficult. Hosts machine1.example.com and machine2.example.com, ...
have port 22 protected by firewall and allow connections only from gateway.example.com or
gateway2.example.com. So we'll first check if we are on one of these machines. If not, we
connect to gateway.example.com and create our connection to target machine from there.
Please note, that we connect to gateway.example.com as user myuser, which contains
content of USER environment variable, which should contain our username. This assumes, that
you have the same account on local and target machine. You can as well connect as a
particular user to the gateway machine.
Note: we use this exact function to get to gateway.example.com
*/
if (
((host.equals("machine1.example.com")) || (host.equals("machine2.example.com")) || (host.equals("fw1.example2.com")) )
&&
((System.getenv("HOSTNAME") == null) || (!(System.getenv("HOSTNAME").equals("gateway.example.com")) &&
(!System.getenv("HOSTNAME").equals("gateway2.example.com")))))
parent = getAuthenticatedSSHConnection(myuser, "gateway.example.com", 22, parent, auth);
/* These machines don't allow root login, so just for now log in as user "adminuser". Later (when
DSSH requests interactive session), we will use command "su -" and type password from agent. */
if ( ((host.equals("machine3.example.com")) || (host.equals("machine4.example.com")) || (host.equals("machine5.example.com")))
&& (user.equals("root")) )
user = "adminuser";
/* This host's DNS entry does not actually exist, it's on a private address and can be reached only from
gateway.example.com as seen above. machine2.example.com is just fake hostname, we will replace it with
IP address. (Note: if you create DNS or /etc/hosts entry on gateway.example.com, which resolves
machine2.example.com, you don't have to do this. Resolving is done on parent connection, not on
client side) */
if (host.equals("machine2.example.com"))
host = "192.168.1.6";
/* We handle anything, that contains .example2.com using this branch. It is a small network hidden
by two firewalls. This should be pretty self-explanatory, if you understood examples above.
Note: fw1.example2.com is reachable only from gateway.example.com or gateway2.example.com (see above),
so if we connect from somewhere else, this script will first log into gateway.example.com, then to
fw1.example.com and then to target machine. Recursion is very useful here :)
*/
if (regexMatches(host, "\\.example2\\.com")) {
if ((!host.equals("fw1.example2.com")) && (!host.equals("fw2.example2.com"))) {
parent = getAuthenticatedSSHConnection("adminuser", "fw1.example2.com", 22, parent, auth);
if (host.equals("www1.example2.com")) host = "192.168.121.220";
if (host.equals("www2.example2.com")) host = "192.168.121.221";
if (host.equals("www.example2.com")) host = "192.168.121.222";
if (host.equals("smtp1.example2.com")) host = "192.168.121.231";
if (host.equals("smtp2.example2.com")) host = "192.168.121.232";
if ((host.equals("smtp.example2.com")) || (host.equals("mail.example2.com"))) host = "192.168.121.230";
}
}
if (verbose)
System.out.println("Connecting to "+host);
SSHConnection conn = new SSHConnection(orighost, host, port, parent, auth);
conn.connect();
conn.authenticate(user);
return conn;
}
/* User requested interactive session. host parameter contains host name as passed to command line (which
can be different from conn.getHost(), since we could have it rewritten by the function above*/
public InteractiveSession getInteractiveSession(SSHConnection conn, String username, PasswordAuthenticator pass, String host) {
// considering InteractiveSuSession only if we want to log in as root
if (username.equals("root")) {
// these machines have permitrootlogin disabled and we are authenticated as user adminuser, not root
if ((host.equals("machine3.example.com")) || (host.equals("machine4.example.com")) || (host.equals("machine5.example.com")))
return new InteractiveSuSession(conn.openSession(), host, username, pass);
}
// other users are authenticated normally and we create normal interactive session
return new InteractiveSession(conn.openSession());
}
}