com jcraft jsch JSchException UnknownHostKey

Question

I m trying to use Jsch to establish an SSH connection in Java  My code produces the following exception   com jcraft jsch JSchException  UnknownHostKey  mywebsite com   RSA key fingerprint is 22 fb ee fe 18 cd aa 9a 9c 78 89 9f b4 78 75 b4   I cannot find how to verify the host key in the Jsch documentation  I have included my code below   import com jcraft jsch JSch  import com jcraft jsch Session   public class ssh       public static void main String   arg             try               JSch jsch   new JSch                   create SSH connection             String host    mywebsite com               String user    username               String password    123456                Session session   jsch getSession user  host  22               session setPassword password               session connect               catch Exception e                System out println e

User · Answer

Has anyone been able to solve this problem? I am using Jscp to scp files using public key authentication (i dont want to use password authentication). Help will be appreciated!!!

This stackoverflow entry is about the host-key checking, and there is no relation to the public key authentication.

As for the public key authentication, try the following sample with your plain(non ciphered) private key,

User · Answer

I lost a lot of time on this stupid issue  and i think the message is quite right  there is not the host in the file i m accessing  but you can have more than a know host file around on your system  as example i m using mobaXterm and it keep it s own inside the installation directory mounting the home from that root     If you are experiencing   it s working from command line but not form the application try to access to your remote server with ssh and check with verbose -v option which file is currently used an example following     ssh -v git gitlab com  OpenSSH 6 2p2  OpenSSL 1 0 1g 7 Apr 2014  debug1  Reading configuration data  etc ssh config  debug1  Connecting to gitlab com  104 210 2 228  port 22   debug1  Connection established   debug1  identity file  home mobaxterm  ssh id rsa type 1  debug1  identity file  home mobaxterm  ssh id rsa-cert type -1  debug1  identity file  home mobaxterm  ssh id dsa type -1  debug1  identity file  home mobaxterm  ssh id dsa-cert type -1  debug1  identity file  home mobaxterm  ssh id ecdsa type -1  debug1  identity file  home mobaxterm  ssh id ecdsa-cert type -1  debug1  Enabling compatibility mode for protocol 2 0  debug1  Local version string SSH-2 0-OpenSSH 6 2  debug1  Remote protocol version 2 0  remote software version OpenSSH 7 2p2      Ubuntu-4ubuntu2 1  debug1  match  OpenSSH 7 2p2 Ubuntu-4ubuntu2 1 pat OpenSSH   debug1  SSH2 MSG KEXINIT sent  debug1  SSH2 MSG KEXINIT received  debug1  kex  server- gt client aes128-ctr hmac-sha1-etm openssh com zlib openssh com  debug1  kex  client- gt server aes128-ctr hmac-sha1-etm openssh com zlib openssh com  debug1  sending SSH2 MSG KEX ECDH INIT  debug1  expecting SSH2 MSG KEX ECDH REPLY  debug1  Server host key  RSA b6 03 0e 39 97 9e d0 e7 24 ce a3 77 3e 01 42 09  debug1  Host  gitlab com  is known and matches the RSA host key   debug1  Found key in  home mobaxterm  ssh known hosts 19  debug1  ssh rsa verify  signature correct   as you can see the key was found in    debug1  Found key in  home mobaxterm  ssh known hosts 19   and not in my windows home under C  Users my local user  ssh   i simply merged them and aligned for solve the issue   Hope this help someone in future

User · Answer

Depending on what program you use for ssh  the way to get the proper key could vary  Putty  popular with Windows  uses their own format for ssh keys  With most variants of Linux and BSD that I ve seen  you just have to look in    ssh known hosts  I usually ssh from a Linux machine and then copy this file to a Windows machine  Then I use something similar to   jsch setKnownHosts  C   Users  cabbott  known hosts      Assuming I have placed the file in C  Users cabbott on my Windows machine  If you don t have access to a Linux machine  try http   www cygwin com   Maybe someone else can suggest another Windows alternative  I find putty s way of handling SSH keys by storing them in the registry in a non-standard format bothersome to extract

User · Answer

Just substitute  user    pass    SSHD IP   And create a file called known hosts txt with the content of the server s    ssh known hosts  You will get a shell   public class Known Hosts   public static void main String   arg        try           JSch jsch   new JSch            jsch setKnownHosts  known hosts txt            Session session   jsch getSession  user    SSHD IP   22           session setPassword  pass            session connect            Channel channel   session openChannel  shell            channel setInputStream System in           channel setOutputStream System out           channel connect          catch  Exception e            System out println e

User · Answer

Supply the public rsa key of the host  -  String knownHostPublicKey    mywebsite com ssh-rsa AAAAB3NzaC1     XL4Jpmp     session setKnownHosts new ByteArrayInputStream knownHostPublicKey getBytes

User · Answer

I would either    Try to ssh from the command line and accept the public key  the host will be added to    ssh known hosts and everything should then work fine from Jsch  -OR- Configure JSch to not use  StrictHostKeyChecking   this introduces insecurities and should only be used for testing purposes   using the following code   java util Properties config   new java util Properties     config put  StrictHostKeyChecking    no    session setConfig config      Option  1  adding the host to the    ssh known hosts file  has my preference

User · Answer

setting known host is better  than setting fingure print value   When you set known host  try to manually ssh  very first time  before application runs  from the box the application runs

User · Answer

You can also execute the following code  It is tested and working   import com jcraft jsch Channel  import com jcraft jsch JSch  import com jcraft jsch JSchException  import com jcraft jsch Session  import com jcraft jsch UIKeyboardInteractive  import com jcraft jsch UserInfo   public class SFTPTest        public static void main String   args            JSch jsch   new JSch            Session session   null          try               session   jsch getSession  username    mywebsite com   22     default port is 22             UserInfo ui   new MyUserInfo                session setUserInfo ui               session setPassword  123456  getBytes                 session connect                Channel channel   session openChannel  sftp                channel connect                System out println  Connected              catch  JSchException e                e printStackTrace System out             catch  Exception e               e printStackTrace System out             finally              session disconnect                System out println  Disconnected                         public static class MyUserInfo implements UserInfo  UIKeyboardInteractive             Override         public String getPassphrase                 return null                     Override         public String getPassword                 return null                     Override         public boolean promptPassphrase String arg0                return false                     Override         public boolean promptPassword String arg0                return false                     Override         public boolean promptYesNo String arg0                return false                     Override         public void showMessage String arg0                       Override         public String   promptKeyboardInteractive String arg0  String arg1                  String arg2  String   arg3  boolean   arg4                return null                      Please substitute the appropriate values

User · Answer

You can also simply do  session setConfig  StrictHostKeyChecking    no      It s not secure and it s a workaround not suitable for live environment as it will disable globally known host keys checking

User · Answer

While the question has been answered in general  I ve found myself that there s a case when even existing known hosts entry doesn t help  This happens when an SSH server sends ECDSA fingerprint and as a result  you ll have an entry like this    1  HASH  HASH  ecdsa-sha2-nistp256 FINGERPRINT    The problem is that JSch prefers SHA RSA and while connecting it will try to compare SHA-RSA fingerprint  which will result with error about  unknown host    To fix this simply run     ssh-keyscan -H -t rsa example org  gt  gt  known hosts   or complain to Jcraft about prefering SHA RSA instead of using the local HostKeyAlgorithms setting  although they don t seem to be too eager to fix their bugs

User · Answer

JSch jsch   new JSch    Session session   null  try   session   jsch getSession  user    hostname   22      default UserInfo ui   new MyUserInfo    session setUserInfo ui   session setPassword  password  getBytes     java util Properties config   new java util Properties    config put  StrictHostKeyChecking    no    session setConfig config   session connect    Channel channel   session openChannel  sftp    channel connect    System out println  Connected      catch  JSchException e    e printStackTrace System out     catch  Exception e    e printStackTrace System out     finally   session disconnect    System out println  Disconnected

User · Answer

It is a security risk to avoid host key checking    JSch uses HostKeyRepository interface and its default implementation KnownHosts class to manage this  You can provide an alternate implementation that allows specific keys by implementing HostKeyRepository  Or you could keep the keys that you want to allow in a file in the known hosts format and call  jsch setKnownHosts knownHostsFileName     Or with a public key String as below   String knownHostPublicKey    mysite com ecdsa-sha2-nistp256 AAAAE             3vplY   jsch setKnownHosts new ByteArrayInputStream knownHostPublicKey getBytes        see Javadoc for more details   This would be a more secure solution    Jsch is open source and you can download the source from here  In the examples folder  look for KnownHosts java to know more details

[java] com.jcraft.jsch.JSchException: UnknownHostKey

Examples related to java

Examples related to ssh

Examples related to jsch