1

com.hieronymus:sshj在版本0.31.0中使用在 Spring Boot 应用程序和数据交换服务器之间建立 ssh 连接。为了验证应用程序,使用由默认设置生成的私有 SSH 密钥ssh-keygen,没有密码保护。它以 pem 格式作为文件存储在本地文件系统中。

以下代码用于处理身份验证:

override fun authenticate(ssh: SSHClient) {
    val keys = ssh.loadKeys(
        String(
            resourceLoader.getResource("/path/to/key").inputStream.readBytes()
        ),
        String(
            resourceLoader.getResource("/path/to/key.pub").inputStream.readBytes()
        ),
        null
    )
    ssh.authPublickey(username, keys)
}

当我从 IntelliJ 或 fat jar 运行应用程序时,一切正常。但是,当我将其打包为 war 文件并将其部署到在 JDK 11 上运行的 Tomcat 9 服务器时,问题开始出现,我也使用它来开发它:

java.lang.NoClassDefFoundError: java/security/spec/PKCS8EncodedKeySpec
        at org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi.engineGeneratePrivate(Unknown Source) ~[bcprov-jdk15on-1.68.jar:1.68.0]
        at java.base/java.security.KeyFactory.generatePrivate(KeyFactory.java:384) ~[na:na]
        at com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile.readUnencrypted(OpenSSHKeyV1KeyFile.java:223) ~[sshj-0.31.0.jar:0.31.0]
        at com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile.readDecodedKeyPair(OpenSSHKeyV1KeyFile.java:113) ~[sshj-0.31.0.jar:0.31.0]
        at com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile.readKeyPair(OpenSSHKeyV1KeyFile.java:85) ~[sshj-0.31.0.jar:0.31.0]
        at net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider.getPublic(BaseFileKeyProvider.java:81) ~[sshj-0.31.0.jar:0.31.0]
        at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putPubKey(KeyedAuthMethod.java:45) ~[sshj-0.31.0.jar:0.31.0]
        at net.schmizz.sshj.userauth.method.AuthPublickey.buildReq(AuthPublickey.java:62) ~[sshj-0.31.0.jar:0.31.0]
        at net.schmizz.sshj.userauth.method.AuthPublickey.buildReq(AuthPublickey.java:81) ~[sshj-0.31.0.jar:0.31.0]
        at net.schmizz.sshj.userauth.method.AbstractAuthMethod.request(AbstractAuthMethod.java:68) ~[sshj-0.31.0.jar:0.31.0]
        at net.schmizz.sshj.userauth.UserAuthImpl.authenticate(UserAuthImpl.java:73) ~[sshj-0.31.0.jar:0.31.0]
        at net.schmizz.sshj.SSHClient.auth(SSHClient.java:221) ~[sshj-0.31.0.jar:0.31.0]
        at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:342) ~[sshj-0.31.0.jar:0.31.0]
        at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:360) ~[sshj-0.31.0.jar:0.31.0]
        at SSHClass.authenticate(SSHClass.kt:4711) ~[classes/:0.0.1-SNAPSHOT]

这确实让我很吃惊,因为PKCS8EncodedKeySpec它是“java 核心”的一部分。这些库显然能够解析文件,但在创建关键对象时却失败了。

Tomcat 是否以某种方式阻止部署的应用程序解析私有 SSH 密钥?我是否需要将密钥放在某个密钥库中并从那里加载它们?有没有人遇到过这个问题?

4

0 回答 0