com jcraft jsch JSchException UnknownHostKey

Question

I m trying to use Jsch to establish an SSH connection in Java  My code produces the following exception   com jcraft jsch JSchException  UnknownHostKey  mywebsite com   RSA key fingerprint is 22 fb ee fe 18 cd aa 9a 9c 78 89 9f b4 78 75 b4   I cannot find how to verify the host key in the Jsch documentation  I have included my code below   import com jcraft jsch JSch  import com jcraft jsch Session   public class ssh       public static void main String   arg             try               JSch jsch   new JSch                   create SSH connection             String host    mywebsite com               String user    username               String password    123456                Session session   jsch getSession user  host  22               session setPassword password               session connect               catch Exception e                System out println e

User · Answer

I lost a lot of time on this stupid issue, and i think the message is quite right "there is not the host in the file i'm accessing" but you can have more than a know_host file around on your system (as example i'm using mobaXterm and it keep it's own inside the installation directory mounting the home from that root).

If you are experiencing : it's working from command line but not form the application try to access to your remote server with ssh and check with verbose -v option which file is currently used an example following:

 ssh -v [email protected]
 OpenSSH_6.2p2, OpenSSL 1.0.1g 7 Apr 2014
 debug1: Reading configuration data /etc/ssh_config
 debug1: Connecting to gitlab.com [104.210.2.228] port 22.
 debug1: Connection established.
 debug1: identity file /home/mobaxterm/.ssh/id_rsa type 1
 debug1: identity file /home/mobaxterm/.ssh/id_rsa-cert type -1
 debug1: identity file /home/mobaxterm/.ssh/id_dsa type -1
 debug1: identity file /home/mobaxterm/.ssh/id_dsa-cert type -1
 debug1: identity file /home/mobaxterm/.ssh/id_ecdsa type -1
 debug1: identity file /home/mobaxterm/.ssh/id_ecdsa-cert type -1
 debug1: Enabling compatibility mode for protocol 2.0
 debug1: Local version string SSH-2.0-OpenSSH_6.2
 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2      Ubuntu-4ubuntu2.1
 debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 pat OpenSSH*
 debug1: SSH2_MSG_KEXINIT sent
 debug1: SSH2_MSG_KEXINIT received
 debug1: kex: server->client aes128-ctr [email protected] [email protected]
 debug1: kex: client->server aes128-ctr [email protected] [email protected]
 debug1: sending SSH2_MSG_KEX_ECDH_INIT
 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
 debug1: Server host key: RSA b6:03:0e:39:97:9e:d0:e7:24:ce:a3:77:3e:01:42:09
 debug1: Host 'gitlab.com' is known and matches the RSA host key.
 debug1: Found key in /home/mobaxterm/.ssh/known_hosts:19
 debug1: ssh_rsa_verify: signature correct

as you can see the key was found in :

debug1: Found key in /home/mobaxterm/.ssh/known_hosts:19

and not in my windows home under C:\Users\my_local_user\.ssh , i simply merged them and aligned for solve the issue.

Hope this help someone in future

User · Answer

Has anyone been able to solve this problem  I am using Jscp to scp files using public key   authentication  i dont want to use password authentication   Help will be appreciated      This stackoverflow entry is about the host-key checking  and there is no relation to the public key authentication   As for the public key authentication  try the following sample with your plain non ciphered  private key

User · Answer

Just substitute  user    pass    SSHD IP   And create a file called known hosts txt with the content of the server s    ssh known hosts  You will get a shell   public class Known Hosts   public static void main String   arg        try           JSch jsch   new JSch            jsch setKnownHosts  known hosts txt            Session session   jsch getSession  user    SSHD IP   22           session setPassword  pass            session connect            Channel channel   session openChannel  shell            channel setInputStream System in           channel setOutputStream System out           channel connect          catch  Exception e            System out println e

User · Answer

You can also simply do  session setConfig  StrictHostKeyChecking    no      It s not secure and it s a workaround not suitable for live environment as it will disable globally known host keys checking

User · Answer

It is a security risk to avoid host key checking    JSch uses HostKeyRepository interface and its default implementation KnownHosts class to manage this  You can provide an alternate implementation that allows specific keys by implementing HostKeyRepository  Or you could keep the keys that you want to allow in a file in the known hosts format and call  jsch setKnownHosts knownHostsFileName     Or with a public key String as below   String knownHostPublicKey    mysite com ecdsa-sha2-nistp256 AAAAE             3vplY   jsch setKnownHosts new ByteArrayInputStream knownHostPublicKey getBytes        see Javadoc for more details   This would be a more secure solution    Jsch is open source and you can download the source from here  In the examples folder  look for KnownHosts java to know more details

User · Answer

setting known host is better  than setting fingure print value   When you set known host  try to manually ssh  very first time  before application runs  from the box the application runs

User · Answer

Supply the public rsa key of the host  -  String knownHostPublicKey    mywebsite com ssh-rsa AAAAB3NzaC1     XL4Jpmp     session setKnownHosts new ByteArrayInputStream knownHostPublicKey getBytes

User · Answer

I would either    Try to ssh from the command line and accept the public key  the host will be added to    ssh known hosts and everything should then work fine from Jsch  -OR- Configure JSch to not use  StrictHostKeyChecking   this introduces insecurities and should only be used for testing purposes   using the following code   java util Properties config   new java util Properties     config put  StrictHostKeyChecking    no    session setConfig config      Option  1  adding the host to the    ssh known hosts file  has my preference

User · Answer

While the question has been answered in general  I ve found myself that there s a case when even existing known hosts entry doesn t help  This happens when an SSH server sends ECDSA fingerprint and as a result  you ll have an entry like this    1  HASH  HASH  ecdsa-sha2-nistp256 FINGERPRINT    The problem is that JSch prefers SHA RSA and while connecting it will try to compare SHA-RSA fingerprint  which will result with error about  unknown host    To fix this simply run     ssh-keyscan -H -t rsa example org  gt  gt  known hosts   or complain to Jcraft about prefering SHA RSA instead of using the local HostKeyAlgorithms setting  although they don t seem to be too eager to fix their bugs

User · Answer

JSch jsch   new JSch    Session session   null  try   session   jsch getSession  user    hostname   22      default UserInfo ui   new MyUserInfo    session setUserInfo ui   session setPassword  password  getBytes     java util Properties config   new java util Properties    config put  StrictHostKeyChecking    no    session setConfig config   session connect    Channel channel   session openChannel  sftp    channel connect    System out println  Connected      catch  JSchException e    e printStackTrace System out     catch  Exception e    e printStackTrace System out     finally   session disconnect    System out println  Disconnected

User · Answer

You can also execute the following code  It is tested and working   import com jcraft jsch Channel  import com jcraft jsch JSch  import com jcraft jsch JSchException  import com jcraft jsch Session  import com jcraft jsch UIKeyboardInteractive  import com jcraft jsch UserInfo   public class SFTPTest        public static void main String   args            JSch jsch   new JSch            Session session   null          try               session   jsch getSession  username    mywebsite com   22     default port is 22             UserInfo ui   new MyUserInfo                session setUserInfo ui               session setPassword  123456  getBytes                 session connect                Channel channel   session openChannel  sftp                channel connect                System out println  Connected              catch  JSchException e                e printStackTrace System out             catch  Exception e               e printStackTrace System out             finally              session disconnect                System out println  Disconnected                         public static class MyUserInfo implements UserInfo  UIKeyboardInteractive             Override         public String getPassphrase                 return null                     Override         public String getPassword                 return null                     Override         public boolean promptPassphrase String arg0                return false                     Override         public boolean promptPassword String arg0                return false                     Override         public boolean promptYesNo String arg0                return false                     Override         public void showMessage String arg0                       Override         public String   promptKeyboardInteractive String arg0  String arg1                  String arg2  String   arg3  boolean   arg4                return null                      Please substitute the appropriate values

User · Answer

Depending on what program you use for ssh  the way to get the proper key could vary  Putty  popular with Windows  uses their own format for ssh keys  With most variants of Linux and BSD that I ve seen  you just have to look in    ssh known hosts  I usually ssh from a Linux machine and then copy this file to a Windows machine  Then I use something similar to   jsch setKnownHosts  C   Users  cabbott  known hosts      Assuming I have placed the file in C  Users cabbott on my Windows machine  If you don t have access to a Linux machine  try http   www cygwin com   Maybe someone else can suggest another Windows alternative  I find putty s way of handling SSH keys by storing them in the registry in a non-standard format bothersome to extract

[java] com.jcraft.jsch.JSchException: UnknownHostKey

Examples related to java

Examples related to ssh

Examples related to jsch