1. Summary
  2. Files
  3. Support
  4. Report Spam
  5. Create account
  6. Log in

Public key authentication

From jsch

Jump to: navigation, search

In Public-key authentications, the client proves that it is in possession of a private key, where the server trusts the corresponding public key. For this, in principle the client has to sign some data. The SSH 2 protocol standardizes two signature algorithms: DSA and RSA, and both are supported by JSch.



As an application using JSch, you enable this authentication method by adding an identity to the JSch object with one of its addIdentity methods (you can also add more than one - the first one accepted by the server will be used). You can use one of these variants:

  • Supply the file name of the private key (optionally the public key file name, if it is not at the same location with a .pub suffix). This allows sharing the key with other SSH clients (like openssh) on the same host.
  • Supply the private and public keys in the form of byte arrays.
  • Supply your own implementation of the Identity interface. This allows (for example) connecting a hardware implementation of a signature algorithm, including its key (like a SmartCard reader).

The JSch object also allows removing these identities again.


In all cases, you can optionally provide the passphrase, which is needed if the private key is encrypted. If you don't provide one and the key is encrypted, the UserInfo object given to the session will be used to obtain one from the user.


An example is in UserAuthPubKey. Here is the important part:

   JSch jsch=new JSch();
   // we let the user choose the private key file.
   JFileChooser chooser = new JFileChooser();
   chooser.setDialogTitle("Choose your privatekey(ex. ~/.ssh/id_dsa)");
   int returnVal = chooser.showOpenDialog(null);
   if(returnVal == JFileChooser.APPROVE_OPTION) {
     System.out.println("You chose "+
     // we add the identity to JSch.

Key management

The library includes the KeyPair class, which is mainly used internally (for the default Identity implementation), but can also be used by the application to create new key pairs (and write them to files), or to change the pass phrases of existing key pairs, as shown in the examples KeyGen and ChangePassphrase.

This class might also be used as a backing for your own Identity implementation.

Personal tools