The topic is too wide to cover in a short mail message - I suggest you look into the code of Apache MINA SSHD (https://github.com/apache/mina-sshd) especially the tests where you will find many examples how to achieve anything you like. However, here are the basics (for client side): - Initialize an SshClient instance- Use that instance to open a session to your server- Provide username/password or private key and authenticate the session- Once you have the session authenticated there are many choices open to you: * Open a "shell" channel and run interactive commands * Open an "exec" channel and run a single command * Obtain an SftpClient instance and access remote files * Obtain an ScpClient instance and upload/download files * Create a local/remote tunnel * Clean up/close the resources you opened once no longer needed (note: the SshClient should be stopped/closed once your application no longer needs to access SSH servers - usually on application exit...). All this and more using the session you just obtained, or (if you like/need) create a new session for each usage - there are advatanges and disadvantages to each approach. There are many details to take into account, but if you don't have any special requirements then the defaults you get should be good enough. The vast majority of the APIs have Javadoc that should help make sense of the options - again, I recommend you look at how the tests are coded - there are very good chances you will find a suitable example similar to what you want to achieve. The same applies for the server side, although it is a bit tricker...Hope this gives you a good lead how to proceed.
> Date: Tue, 21 Jun 2016 22:45:57 +0530 > Subject: RE: Partial Disabling of port 22 using apache-mina SSHD > From: jain.garim...@gmail.com > To: dev@mina.apache.org > > Hey, > > What shell commands can be executed and how? Or how to provide tunnel? > Can you provide sample code for the same? > > Any methods from sftp class? > > -Garima Jain > On Jun 21, 2016 10:02 PM, "elijah baley" <e_ba...@outlook.com> wrote: > > > No, SFTP is not a protocol that runs on a specific port it is a > > sub-protocol (actually a subsystem) of SSH. FYI, SSH enables opening > > multiple channels on the same session. You can run shell commands (what > > many mistakenly call SSH) SFTP and SCP as well as tunnels concurrently on > > the same SSH session. The port is always 22 (SSH) for SFTP and SCP (and any > > other channel - e.g. PROXY, SOCKS, etc...).. > > > > > From: jain.garim...@gmail.com > > > Date: Tue, 21 Jun 2016 11:42:58 +0530 > > > Subject: Re: Partial Disabling of port 22 using apache-mina SSHD > > > To: dev@mina.apache.org > > > > > > Can I keep the port open for sftp and close for ssh? > > > > > > -Garima Jain. > > > > > > On Mon, Jun 20, 2016 at 10:33 PM, garima jain <jain.garim...@gmail.com> > > > wrote: > > > > > > > Thanks. Will use that. > > > > > > > > -Garima Jain > > > > On Jun 20, 2016 10:31 PM, "Ashish" <paliwalash...@gmail.com> wrote: > > > > > > > >> On Mon, Jun 20, 2016 at 9:43 AM, garima jain <jain.garim...@gmail.com > > > > > > >> wrote: > > > >> > Can we use black list/whitelist feature? > > > >> > > > >> This is what you should use. > > > >> > > > >> > > > > >> > -Garima Jain > > > >> > On Jun 20, 2016 10:12 PM, "elijah baley" <e_ba...@outlook.com> > > wrote: > > > >> > > > > >> >> There are many options - depending on the actual setup: > > > >> >> - You can move SSHD to a non-standard port on all interfaces - > > easy to > > > >> do > > > >> >> when setting up the server - just call "setPort" on the SshServer > > > >> instance- > > > >> >> You can bind SSHD to a specific interface (e.g., 127.0.0.1)om port > > 22 > > > >> and > > > >> >> bind SFTP to the public interface on port 22 - easy to do just call > > > >> >> "setAddress" (or something to that effect) on the SshServer > > instance > > > >> >> I could think of more exotic options - e.g. similar to sslh, using > > > >> >> HAPROXY, etc., etc. > > > >> >> > From: jain.garim...@gmail.com > > > >> >> > Date: Mon, 20 Jun 2016 12:10:26 +0530 > > > >> >> > Subject: Re: Partial Disabling of port 22 using apache-mina SSHD > > > >> >> > To: dev@mina.apache.org > > > >> >> > > > > >> >> > Hi elijah, > > > >> >> > > > > >> >> > The requirement is to block port 22 for SSH and accept SFTP > > > >> connections > > > >> >> on > > > >> >> > Port 22. Is there a class/method that can help us achieve the > > aim? > > > >> >> > > > > >> >> > -Garima Jain. > > > >> >> > > > > >> >> > On Fri, Jun 17, 2016 at 3:27 PM, elijah baley < > > e_ba...@outlook.com> > > > >> >> wrote: > > > >> >> > > > > >> >> > > Is there some reason your code cannot examine the incoming > > client > > > >> >> address > > > >> >> > > and reject it if it does not match some specified criteria > > (e.g., > > > >> mask, > > > >> >> > > network, closed group of IPs - whatever...) ? > > > >> >> > > > > > >> >> > > > From: jain.garim...@gmail.com > > > >> >> > > > Date: Fri, 17 Jun 2016 14:50:51 +0530 > > > >> >> > > > Subject: Partial Disabling of port 22 using apache-mina SSHD > > > >> >> > > > To: dev@mina.apache.org > > > >> >> > > > > > > >> >> > > > Hi, > > > >> >> > > > > > > >> >> > > > > > > >> >> > > > > > > >> >> > > > We are using com.springsource.org.apache.mina-1.0.2.jar in > > our > > > >> >> product. > > > >> >> > > > The requirement is to disable port 22 for all incoming > > traffic > > > >> over > > > >> >> SSH > > > >> >> > > but > > > >> >> > > > the same port is required to communicate with few IP’s over > > 22. > > > >> Is > > > >> >> there > > > >> >> > > a > > > >> >> > > > way to handle selective port blocking? > > > >> >> > > > > > > >> >> > > > > > > >> >> > > > -Garima Jain. > > > >> >> > > > > > >> >> > > > > > >> >> > > > >> > > > >> > > > >> > > > >> -- > > > >> thanks > > > >> ashish > > > >> > > > >> Blog: http://www.ashishpaliwal.com/blog > > > >> My Photo Galleries: http://www.pbase.com/ashishpaliwal > > > >> > > > > > >
