Background:
During the installation script, some database operations are performed, which can be performed only by the DBA account.
We use jsch to create an SSH channel and directly connect it to the target machine for execution. The effect is the same as opening the command line. The only special issue is the DBA password.
The Oracle (Oracle for our database) script provides the function of inputting the password together,! I'm afraid of everything! The customer's requirement is: there is no tolerance for plaintext storage of the account and password!
OK. To put it bluntly, you cannot write the DBA password in the configuration file and then execute it in batches. You must enter the password when prompted by Oracle.
Problem:
The original channels provided by jsch are relatively straightforward. SFTP, channelshell, and channelexec are commonly used. In order to take environment variables conveniently, we use channelshell.
Channelshell can be used to set inputstream and outputstream.
However, the password can only be entered from the console, so does channelshell. setinputstream (system. In?
But other commands are input from the configuration file, so does channelshell. setinputstream (New fileinputstream (filename?
In any case, only one inputstream can be set. How can this problem be solved?
Investigation:
Step 1: Google. There are several articles for reference, but they are not suitable.
Step 2: Try to use except4j, but it is also full-script and cannot be switched to system. In.
The third step is to control the input/output stream of jsch according to the except4j practice. So with this article.
Solution:
The purpose of talking so much nonsense is to introduce the ins and outs. Maybe some heroes have found that I have done a repetitive task and have a better solution. Could you give me some advice.
If you are also troubled by this problem, let's take a look and discuss it together.
My method is:
Write inputstream and outputstream by yourself, and then set them to the channelshell of jsch so that it will read and write from me.
Then, I read it from my file while reading it. I told it to input "xyz" and it will get XYZ;
When writing, it will be written into my outputstream, And I will know that the result is ABC.
With the above two prerequisites, I will add some minor functions:
1. When I read the file, I wrote more configuration information and found that the current password is used. Then I read the data from system. In and then sent it to jsch channel;
2. When I get response, I will determine whether the result is the same as I expected, and then I will execute the next one.
So we have the configuration file:
## This file format just for POC, you can define yours.## For my format, it is:## 1. # starts for comments## 2. There are 3 parts: [<expect>]<type>[<content>]## 3. For <expect>, it's easy: [$] means you expect a '$' ends;## 4. For <type>, support 'send' and 'password'. ## If 'send', means the <content> will be send to SSH channel. ## If 'password', means the <content> come from system console, that is, need you type in.[$]send[pwd][$]send[whoami][$]send[su - root][Password:]password[][#]send[pwd][#]send[ls][#]send[whoami][#]send[exit][$]send[ls][$]send[pwd][$]send[whoami][$]send[su - root][Password:]password[][#]send[pwd][#]send[ls][#]send[whoami][#]send[exit][$]send[exit]
That's how it works. It's easy to work hard.
Source code can be downloaded from here: http://download.csdn.net/detail/clariones/4947155