我想ssh到一台服务器从后面另一个SSH服务器。网关服务器要求用户名/密码，我可以做到这一点。我使用的是隧道进入下一个服务器，但是这一次需要的仅 SSH密钥。我产生过腻子的关键，因此它的存在对我的用户名，但我不知道如何找回我的Java程序。它是一个结构？即setConfig（userauth.publickey，com.jcraft.jsch.UserAuthPublicKey），那我怎么用这个还是其他什么东西？文档似乎是稀疏，我AP preciate任何帮助。任何事情我已经试过给我一个错误：验证失败当我连接本次会议

I want to ssh into a server from behind another ssh server. The gateway server requires a username/password and I can do this. I am using a tunnel to get into the next server, but this one requires only an ssh key. I've generated the key through PuTTY, so it exists for my username but I'm not sure how to retrieve it for my Java program. Is it a configuration? i.e. setConfig("userauth.publickey", "com.jcraft.jsch.UserAuthPublicKey") then how do I use this or something else? Documentation seems to be sparse and I appreciate any help. Anything I've tried gives me an error :"Auth fail" when I connect this session

谢谢！

我使用该隧道的方法是：http://sourceforge.net/apps/mediawiki/jsch/index.php?title=ProxySSH所以感谢谁写的家伙！

The tunnel method I use is: http://sourceforge.net/apps/mediawiki/jsch/index.php?title=ProxySSH so thanks to the guy who wrote it!

有关背景下，我想读/写一个服务器从我的Andr​​oid手机我的学校。

For context, I'd like to read/write to a server at my school from my Android phone.

推荐答案

要启用public-key验证，你必须使用的 JSch.addIdentity 的方法之一。

To enable public-key authentication, you have to use one of the JSch.addIdentity methods.

这些走在OpenSSH密钥格式的公钥和私钥 - 所以一定要确保你从腻子这种格式导出。 （JSch不明白腻子的原始格式，但你可以写一个适配器实现身份接口，你自己分析它）。

These take the public and private key in the OpenSSH key format - so make sure you export it from PuTTY in this format. (JSch doesn't understand PuTTY's native format, though you could write an adapter implementing the Identity interface, parsing it yourself).

添加到JSch的身份是全球性的，而不是每个会话。这通常不是一个问题，因为JSch会尝试这两者都是由自己和服务器，以支持的所有身份验证方法和公钥认证通常是密码认证前。

The identities added to JSch are global, not per-session. This is normally not a problem, as JSch will try all authentication methods which are supported both by itself and the server in order, and public-key authentication is normally before password authentication.

所有的认证方法都需要一个用户名（通常是登录到帐户的名称）。

All authentication methods need a user name (usually the name of the account to be logged into).

使用公钥认证，公共密钥必须以某种方式previously可用于服务器。对于OpenSSH的的sshd的，公共密钥应列在的〜/ .ssh / authorized_keys中。 （如果你只有一个公共密钥，只需将它复制到这个文件，如果你有多个的（每个将被允许），每次要在一行中。）

With public-key authentication, the public key must be somehow previously available to the server. For OpenSSH's sshd, the public key should be listed in ~/.ssh/authorized_keys. (If you have only one public key, simply copy it to this file, if you have multiple ones (each of which will be allowed), each should be on one line.)

所以应该设置标识后，工作框中的-出。

So it should work out-of-the box after setting the identity.

如果你想确保第一届会议使用密码验证和第二（隧道）人使用公共密钥，您可以使用每个会话的配置，覆盖了全球性的：

If you want to make sure the first session uses password authentication and the second (tunneled) one uses public-key, you can use the per-session configuration, overriding the global one:

tunnelSession.setConfig("PreferredAuthentications", "password");

innerSession.setConfig("PreferredAuthentications", "publickey");

（这是逗号分隔的列表，在这里每一个元素的。）

(These are comma-separated lists, here of one element each.)

关于ProxySSH的例子，那就是由我（有一些帮助，JSch的作者，Atsuhiko山）。我应该把这个信息传递给Wiki页面，也许吧。

About the ProxySSH example, that is by me (with some help by JSch's author, Atsuhiko Yamanaka). I should add this information to the Wiki page, maybe.