Search code examples
javawindowsjschopenssh

How to connect to Windows SFTP server using SSH authentication without password?

I tried different options:

JSch jSch = new JSch();
try {
     jSch.setKnownHosts("C:/Users/User/.ssh/known_hosts");
     jSch.addIdentity("C:/Keys/id_rsa", "pass");
     Session session = jSch.getSession("test", "127.0.0.1", 22);
     session.connect();
//   Channel channel = session.openChannel("sftp");
} catch (JSchException e) {
     e.printStackTrace();
}

I have a local server-OpenSSH, which when installed generated several pairs of SSH keys (hosts) in the directory C:\ProgramData\ssh.

Then I generated 3 keys (user) myself using the PuTTYgen program: privat, public and authorized_keys. Placed the authorized_keys key in the ~/directory.ssh/ on the server.

When using the SFTP client FileZilla and WinSCP specified the path to his privat user key and managed to successfully connect, but before connecting you need to accept host key. But in the service it is impossible to connect.

jSch.setKnownHosts ("‪C:/Users/User/.ssh/known_hosts") doesn't help.

I used the command:

    ssh-keyscan 127.0.0.1 >> ~/.ssh/known_hosts

in PowerShell to generate the 'known_hosts' file. The file contains three lines:

127.0.0.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK5r69e63KfNv/QYrrbaxqsDupXy5vYdTrul6Hh+4ZxpIvPOemdWkdDI26RK2Kh2FSkDJiBlItzsy14ZXVXT6/k=
127.0.0.1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCq2cC2f1vPiiobWIEofDEK7noSs1Pl7nqkzz1Qe0Q0wACtekHq3xf3rUGScw58gX/8hm2XquDhj2k/oSK+STU4llCSJ9z1MVIifL+deXh3KF9BboRbHpNGH4tMwuxqL/EppBEkwNup9nf2u9icrBwuyvb93Go4aLEGzlLCbuxubX2r0Da+NLQQ1v4NjIkwq9a7xLHTvoP3Z7VZ1K0kS9arLdGRojL1u97hZ2D6qETWYyGpK4ppMdDUqc7IEijsY5ojQ1NZa4hmxqI3og5nNyNTUfbmUmXGjy5aXN8XXbvWCdrlU27TWdy/Zb+Z0F3XCfXln8ufJUWW4aQJno320R8Z
127.0.0.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2W2zOC06JQ37+2a3pBJsWruW1/FpqWpyd/yuTmUFY6

I tried to start the service with different variants of the file 'known_hosts', but this did not give a solution.

I use the same account that has the OpenSSH server, PowerShell, and my app installed. '~/.ssh/known_hosts' points to the path 'C:/Users/User/.ssh/known_hosts'.

com.jcraft.jsch.JSchException: UnknownHostKey: 127.0.0.1. RSA key fingerprint is 17:5a:76:22:e4:f2:80:69:b1:49:53:62:60:1c:fd:af
at com.jcraft.jsch.Session.checkHost(Session.java:805)
at com.jcraft.jsch.Session.connect(Session.java:345)
at com.jcraft.jsch.Session.connect(Session.java:183)
at com.example.demo.controller.Controller.writeCat(Controller.java:96)

Logfile:

Connecting to 127.0.0.1 port 22
Connection established
Remote version string: SSH-2.0-OpenSSH_for_Windows_7.7
Local version string: SSH-2.0-JSCH-0.1.54
CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
SSH_MSG_KEXINIT sent
SSH_MSG_KEXINIT received
kex: server: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
kex: server: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
kex: server: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
kex: server: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
kex: server: none
kex: server: none
kex: server: 
kex: server: 
kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
kex: client: none
kex: client: none
kex: client: 
kex: client: 
kex: server->client aes128-ctr hmac-sha1 none
kex: client->server aes128-ctr hmac-sha1 none
SSH_MSG_KEX_ECDH_INIT sent
expecting SSH_MSG_KEX_ECDH_REPLY
ssh_rsa_verify: signature true
Disconnecting from 127.0.0.1 port 22
Solution

  • It turned out to connect in this way:

    jSch.setKnownHosts(new ByteArrayInputStream("127.0.0.1 ssh-rsa AAAAB3Nza...".getBytes()));

    Many thanks to Martin Prikryl for the advice to check jSch.getHostKeyRepository().getHostKey()