Thread: [JSch-users] Connection with private key
Status: Alpha
Brought to you by:
ymnk
Menu
▾
▴
jsch-users
|
From: Luca D. <lu...@de...> - 2010-05-24 15:18:27
|
Good afteroon,
I'm working on a java project and I'm going to use JSch for SFTP connection.
My test class worked fine when I used user/pass authentication, while it
ends with "*Auth fail*" when I try to switch to user/key authentication.
If I manually connect to the server using OpenSSH client it works, so SSH
server should work and accept the key.
I set up a simple logger, from its output it seems JSch skips publickey
method... without errors.
Where am I wrong? Thanks!
My code:
---
public class JSchTest {
public JSchTest() {
JSch jsch = new JSch();
JSch.setLogger(new MyLogger());
try {
jsch.addIdentity("C:\\id_dsa");
} catch (JSchException e) {
e.printStackTrace();
System.exit(1);
}
Session session = null;
try {
session = jsch.getSession("myuser", "myhost");
} catch (JSchException e) {
e.printStackTrace();
System.exit(1);
}
Properties properties = new Properties();
properties.put("StrictHostKeyChecking", "no");
session.setConfig(properties);
try {
session.connect();
System.out.println("Connected!");
} catch (JSchException e) {
e.printStackTrace();
System.exit(1);
}
System.exit(0);
}
---
MyLogger output:
---
INFO: Connecting to myhost port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-OpenSSH_4.3
INFO: Local version string: SSH-2.0-JSCH-0.1.42
INFO: CheckCiphers:
aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: aes256-ctr is not available.
INFO: aes192-ctr is not available.
INFO: aes256-cbc is not available.
INFO: aes192-cbc is not available.
INFO: arcfour256 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server->client aes128-ctr hmac-md5 none
INFO: kex: client->server aes128-ctr hmac-md5 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: ssh_rsa_verify: signature true
WARN: Permanently added 'myhost' (RSA) to the list of known hosts.
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: SSH_MSG_SERVICE_ACCEPT received
INFO: Authentications that can continue:
gssapi-with-mic,publickey,keyboard-interactive,password
INFO: Next authentication method: gssapi-with-mic
INFO: Authentications that can continue:
publickey,keyboard-interactive,password
INFO: Next authentication method: publickey
INFO: Authentications that can continue: password
INFO: Next authentication method: password
INFO: Disconnecting from devnagios port 22
com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:452)
at com.jcraft.jsch.Session.connect(Session.java:150)
at JSchTest.<init>(JSchTest.java:38)
at JSchTest.main(JSchTest.java:51)
---
|
|
From: <ym...@jc...> - 2010-05-25 02:00:22
|
Hi,
+-From: Luca Dentella <lu...@de...> --
|_Date: Mon, 24 May 2010 17:18:19 +0200 ___
|
|I'm working on a java project and I'm going to use JSch for SFTP
|connection. My test class worked fine when I used user/pass
|authentication, while it ends with "*Auth fail*" when I try to switch
|to user/key authentication.
|If I manually connect to the server using OpenSSH client it works, so SSH
|server should work and accept the key.
|I set up a simple logger, from its output it seems JSch skips publickey
|method... without errors.
|Where am I wrong? Thanks!
Is it possible to check the sever side log?
I mean that running sshd with debug options,
# /usr/sbin/sshd -d -d -d
Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
+1-415-578-3454
Skype callto://jcraft/
Twitter: @ymnk
|
|
From: Luca D. <lu...@de...> - 2010-05-26 14:18:13
|
Hi Atsuhiko, today I was able to perform several tests... with strange behaviors: (I'm working on Windows XP with Eclipse Ganimede) 1) New key pair from linux box (ssh-keygen -t dsa -b 1024), copied the private one (id_dsa) to my PC and added the public one to authorized_keys2. Converted the private key to "putty" format and test ok with WinSCP (using the converted key as WinSCP needs keys in that format). With JSch the error I reported before... 2) Using puttygen (a keygen tool included in Putty) generated a new key pair (DSA/1024), exported the private one in OpenSSH format and added the public one to authorized_keys2... JSch: *connection successful!* So I think there could be differences between the two private keys... but the two files seem identical (Unix format, same END-of-LINE...) I was able to reproduce the behavior: if I use puttygen-generated keys JSch works, if I use OpenSSH-generated keys it doesn't work... the same keys with OpenSSH client (cygwin port) or - converted - with WinSCP work fine. Suggestions? Thanks! 2010/5/25 Atsuhiko Yamanaka <ym...@jc...> > Hi, > > +-From: Luca Dentella <lu...@de...> -- > |_Date: Mon, 24 May 2010 17:18:19 +0200 ___ > | > |I'm working on a java project and I'm going to use JSch for SFTP > |connection. My test class worked fine when I used user/pass > |authentication, while it ends with "*Auth fail*" when I try to switch > |to user/key authentication. > |If I manually connect to the server using OpenSSH client it works, so > SSH > |server should work and accept the key. > |I set up a simple logger, from its output it seems JSch skips publickey > |method... without errors. > |Where am I wrong? Thanks! > > Is it possible to check the sever side log? > I mean that running sshd with debug options, > # /usr/sbin/sshd -d -d -d > > > Sincerely, > -- > Atsuhiko Yamanaka > JCraft,Inc. > 1-14-20 HONCHO AOBA-KU, > SENDAI, MIYAGI 980-0014 Japan. > Tel +81-22-723-2150 > +1-415-578-3454 > Skype callto://jcraft/ > Twitter: @ymnk > > |
|
From: Luca D. <lu...@de...> - 2010-05-26 09:31:52
|
Hi John
2010/5/25 Stote, John (RBC Dexia IS) <joh...@rb...>
> Oops I forgot to mention the key handling part and thus failed to answer
> the question - here is how I handle the keyfile with the key in it in my
> unattended solution - I do this before setting up the UserInfo obect
> below.
>
[...]
Thanks for your reply, I tried with UserInfo subclass but it doesn't work...
My code with your suggestion (follows the output)...
---
import java.util.Properties;
import com.jcraft.jsch.JSch;
import com.jcraft.jsch.JSchException;
import com.jcraft.jsch.Session;
import com.jcraft.jsch.UserInfo;
public class JSchTest {
public JSchTest() {
JSch jsch = new JSch();
JSch.setLogger(new MyLogger());
try {
jsch.addIdentity("C:\\id_dsa");
} catch (JSchException e) {
e.printStackTrace();
System.exit(1);
}
Session session = null;
try {
session = jsch.getSession("myuser", "myhost");
} catch (JSchException e) {
e.printStackTrace();
System.exit(1);
}
Properties properties = new Properties();
properties.put("StrictHostKeyChecking", "no");
session.setConfig(properties);
MyUserInfo ui = new MyUserInfo();
session.setUserInfo(ui);
try {
session.connect();
System.out.println("Connected!");
} catch (JSchException e) {
e.printStackTrace();
System.exit(1);
}
System.exit(0);
}
public static void main(String args[]) {
new JSchTest();
}
public static class MyLogger implements com.jcraft.jsch.Logger {
static java.util.Hashtable name = new java.util.Hashtable();
static{
name.put(new Integer(DEBUG), "DEBUG: ");
name.put(new Integer(INFO), "INFO: ");
name.put(new Integer(WARN), "WARN: ");
name.put(new Integer(ERROR), "ERROR: ");
name.put(new Integer(FATAL), "FATAL: ");
}
public boolean isEnabled(int level) {
return true;
}
public void log(int level, String message){
System.out.print(name.get(new Integer(level)));
System.out.println(message);
}
}
class MyUserInfo implements UserInfo {
public String getPassphrase() {
System.out.println("JSch asked passphrase");
return null;
}
public String getPassword() {
System.out.println("JSch asked password");
return null;
}
public boolean promptPassphrase(String arg0) {
System.out.println("promptPassphrase: " + arg0);
return true;
}
public boolean promptPassword(String arg0) {
System.out.println("promptPassword: " + arg0);
return true;
}
public boolean promptYesNo(String arg0) {
System.out.println("promptYesNo: " + arg0);
return true;
}
public void showMessage(String arg0) {
System.out.println("showMessage: " + arg0);
}
}
}
---
Output:
---
INFO: Connecting to myhost port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-OpenSSH_4.3
INFO: Local version string: SSH-2.0-JSCH-0.1.42
INFO: CheckCiphers:
aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: aes256-ctr is not available.
INFO: aes192-ctr is not available.
INFO: aes256-cbc is not available.
INFO: aes192-cbc is not available.
INFO: arcfour256 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server->client aes128-ctr hmac-md5 none
INFO: kex: client->server aes128-ctr hmac-md5 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: ssh_rsa_verify: signature true
WARN: Permanently added 'myhost' (RSA) to the list of known hosts.
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: SSH_MSG_SERVICE_ACCEPT received
INFO: Authentications that can continue:
gssapi-with-mic,publickey,keyboard-interactive,password
INFO: Next authentication method: gssapi-with-mic
INFO: Authentications that can continue:
publickey,keyboard-interactive,password
INFO: Next authentication method: publickey
INFO: Authentications that can continue: password
INFO: Next authentication method: password
*promptPassword: Password for myuser@myhost
JSch asked password*
INFO: Disconnecting from devnagios port 22
com.jcraft.jsch.JSchException: Auth cancel
at com.jcraft.jsch.Session.connect(Session.java:451)
at com.jcraft.jsch.Session.connect(Session.java:150)
at JSchTest.<init>(JSchTest.java:42)
at JSchTest.main(JSchTest.java:55)
---
|
|
From: <ym...@jc...> - 2010-05-27 02:06:08
|
Hi,
+-From: Luca Dentella <lu...@de...> --
|_Date: Wed, 26 May 2010 16:18:05 +0200 ___
|
...
|So I think there could be differences between the two private keys... but
|the two files seem identical (Unix format, same END-of-LINE...)
|I was able to reproduce the behavior: if I use puttygen-generated keys JSch
|works, if I use OpenSSH-generated keys it doesn't work... the same keys with
|OpenSSH client (cygwin port) or - converted - with WinSCP work fine.
|Suggestions? Thanks!
Could you send me the sample key pair generated by OpenSSH?
Which OpenSSH version are you using?
I have not encountered such an error with OpenSSH-generated keys.
Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
+1-415-578-3454
Skype callto://jcraft/
Twitter: @ymnk
|
|
From: <ym...@jc...> - 2010-05-28 07:25:27
|
Hi,
+-From: Luca Dentella <lu...@de...> --
|_Date: Thu, 27 May 2010 16:20:36 +0200 ___
|
|Attached two keys:
|- id_dsa is the OpenSSH generated one, which doesn't work
|- id_dsa2 is the Puttygen generated (and exported) one, which works
I tried both keys, but I could not reproduce your problem.
I could successfully login to the remote with those keys.
# Of course, I generated their public keys by 'ssh-keygen -y' command.
Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
+1-415-578-3454
Skype callto://jcraft/
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X