Documentation

Introduction
Open Source Release Policy
Export Compliance
Using BouncyCastle
Installing the API
Enabling Logging
Per-Connection Logging
Third Party Dependencies
Generating SSH Keys
Using BouncyCastle
Using SSH Public Keys in Java
Supporting ED25519/Curve25519
Supporting Compression
Integrating Licensing into Maven Builds
Client API
Server API

Executing Interactive Commands with Sudo

Introduction

This example shows you how to use the Maverick Synergy Java SSH API to execute commands using sudo.

In our Executing Interactive Commands within a Remote Shell example, we showed you how to use the Maverick Synergy Java SSH Client API to automate the execution of interactive commands in a remote shell. The major problem is that the SSH shell is just a stream of characters and terminal emulation sequences, so it’s incredibly difficult to determine where one command starts and another one ends.

With the Maverick Synergy Java SSH API, we solved this with the ExpectShell implementation. With ExpectShell, you can execute commands over a Java SSH connection, filtering the output of each command for processing, waiting for completion and obtaining the exit code of commands run in the interactive shell.

However, good practice dictates that privileged commands should be executed using sudo. And again, within the ExpectShell implementation, this becomes a problem because the sudo command may or may not ask for the user’s password at the start of the operation.

ExpectShell overcomes this problem by monitoring the process output stream, looking for a match to the password prompt and providing the password if required. This requires us to pass the password in each sudo call, letting the API decide whether or not to send this over the secure channel.

Source Code

package examples;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;

import com.sshtools.client.SessionChannelNG;
import com.sshtools.client.SshClient;
import com.sshtools.client.shell.ExpectShell;
import com.sshtools.client.shell.ShellProcess;
import com.sshtools.client.shell.ShellTimeoutException;
import com.sshtools.client.tasks.ShellTask;
import com.sshtools.common.ssh.SshException;
import com.sshtools.common.util.Utils;

public class Sudo {

   public static void main(String[] args) throws IOException {

      try (BufferedReader reader = new BufferedReader(new InputStreamReader(System.in))) {
			
         String hostname = Utils.prompt(reader, "Hostname", "localhost");
         int port = 22;
         if (Utils.hasPort(hostname)) {
            port = Utils.getPort(hostname);
         }

         String username = Utils.prompt(reader, "Username", System.getProperty("user.name"));
         String password = Utils.prompt(reader, "Password");

         try (SshClient ssh = new SshClient(hostname, port, username, password.toCharArray())) {

            ssh.runTask(new ShellTask(ssh) {
               @Override
               protected void onOpenSession(SessionChannelNG session)
                      throws IOException, SshException, 
                                   ShellTimeoutException {

                  ExpectShell shell = new ExpectShell(this);
                  ShellProcess process = shell.sudo("systemctl stop apache2", new String(password));

                  process.drain();
                  
                  /**
                  * If you want to pass the output of the command, call process.getCommandOutput() once
                  * the command has drained. i.e. ended. 
                  **/
                  process = shell.sudo("systemctl start apache2", new String(password));
                  process.drain();
                  process = shell.sudo("systemctl status apache2", new String(password));
                  process.drain();
               }
            });

            ssh.disconnect();
         }

      } catch (IOException | SshException e) {
         System.out.println(e);
      }
   }
}