Since Apache Ant 1.8.0
A Task which establishes an SSH connection with a remote machine running SSH daemon, optionally establishes any number of local or remote tunnels over that connection, then executes any nested tasks before taking down the connection.
Note: This task depends on external libraries not included in the Ant distribution. See Library Dependencies for more information. This task has been tested with JSCh 0.1.33 and above and won't work with versions of JSCh earlier than 0.1.28.
See also the sshexec and scp tasks
| Attribute | Description | Required |
|---|---|---|
| host | The hostname or IP address of the remote host to which you wish to connect. | Yes |
| username | The username on the remote host to which you are connecting. | Yes |
| port | The port to connect to on the remote host. | No; defaults to 22 |
| localtunnels | A comma-delimited list of colon-delimited lport:rhost:rport triplets defining
local port forwarding. If nested localtunnel elements are also provided, both sets of tunnels will be established. |
No |
| remotetunnels | A comma-delimited list of colon-delimited rport:lhost:lport triplets defining
remote port forwarding. If nested remotetunnel elements are also provided, both sets of tunnels will be established. |
No |
| trust | This trusts all unknown hosts if set to yesor true. Note: If you set this to false(the default), the host you connect to must be listed in your knownhosts file, this also implies that the file exists. |
No; defaults to no |
| knownhosts | This sets the known hosts file to use to validate the identity of the remote host. This must be a SSH2 format file. SSH1 format is not supported. | No; defaults to ${user.home}/.ssh/known_hosts |
| failonerror | Whether to halt the build if the command does not complete successfully. | No; defaults to true |
| password | The password. | Yes, unless you are using key based authentication or the password has been given in the file or todir attribute |
| keyfile | Location of the file holding the private key. | Yes, if you are using key based authentication |
| passphrase | Passphrase for your private key. | No; defaults to an empty string |
| sshConfig | Location of the file holding the OpenSSH style configuration (e.g. ${user.home}/.ssh/config).
The username and the key file are read from the configuration file,
unless they are already specified in the task parameters.
since Ant 1.10.8 |
No |
| timeout | Give up if the connection cannot be established within the specified time (given in milliseconds). | No; defaults to 0which means never |
Optionally, any number of localtunnel elements can be used to define local port
forwarding over the SSH connection. If the localtunnels parameter was also specified,
both sets of tunnels will be established.
| Attribute | Description | Required |
|---|---|---|
| lport | The number of the local port to be forwarded. | Yes |
| rhost | The hostname or IP address of the remote host to which the local port should be forwarded. | Yes |
| rport | The number of the port on the remote host to which the local port should be forwarded. | Yes |
Optionally, any number of remotetunnel elements can be used to define remote port
forwarding over the SSH connection. If the remotetunnels parameter was also specified,
both sets of tunnels will be established.
| Attribute | Description | Required |
|---|---|---|
| rport | The number of the remote port to be forwarded. | Yes |
| lhost | The hostname or IP address of the local host to which the remote port should be forwarded. | Yes |
| lport | The number of the port on the local host to which the remote port should be forwarded. | Yes |
since Ant 1.10.10
Adds configuration settings for the JSch Session created that are not directly supported by specific Ant attributes.
| Attribute | Description | Required |
|---|---|---|
| key | The key of the configuration setting. | Yes |
| value | The value of the configuration setting. | Yes |
The sequential element is a required parameter. It is a container for nested Tasks
which are to be executed once the SSH connection is established and all local and/or remote tunnels
established.
Connect to a remote machine using password authentication, forward the local CVS port to the remote host, and execute a CVS command locally, which can use the tunnel.
<sshsession host="somehost"
username="dude"
password="yo"
localtunnels="2401:localhost:2401">
<sequential>
<cvs command="update ${cvs.parms} ${module}"
cvsRoot="${cvs.root}"
dest="${local.root}"
failonerror="true"/>
</sequential>
</sshsession>
Do the same thing using nested localtunnel element.
<sshsession host="somehost"
username="dude"
password="yo">
<localtunnel lport="2401" rhost="localhost" rport="2401"/>
<sequential>
<cvs command="update ${cvs.parms} ${module}"
cvsRoot="${cvs.root}"
dest="${local.root}"
failonerror="true"/>
</sequential>
</sshsession>
Connect to a remote machine using key authentication, forward port 1080 to port 80 of an intranet
server which is not directly accessible, then run a get task using that tunnel.
<sshsession host="somehost"
username="dude"
keyfile="${user.home}/.ssh/id_dsa"
passphrase="yo its a secret"/>
<LocalTunnel lport="1080" rhost="intranet.mycomp.com" rport="80"/>
<sequential>
<get src="http://localhost:1080/somefile" dest="temp/somefile"/>
</sequential>
</sshsession>
Security Note: Hardcoding passwords or passphrases and/or usernames
in sshsession task can be a serious security hole. Consider using variable substitution
and include the password on the command line. For example:
<sshsession host="somehost"
username="${username}"
password="${password}"
localtunnels="2401:localhost:2401">
<sequential>
<sometask/>
</sequential>
</sshsession>
Invoking Ant with the following command line:
ant -Dusername=me -Dpassword=mypassword target1 target2
is slightly better, but the username/password is exposed to all users on an Unix system (via
the ps command). The best approach is to use the <input> task and/or
retrieve the password from a (secured) .properties file.