-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
I've got a compatibility problem (or so it seems) when I try to use a
private/public key pair not generated by JSch.
My Java code looks the following way:
public class ScpSender {
public ScpSender(String user, File privateKey, String host, int port)
throws JSchException {
JSch jSch = new JSch();
jSch.setKnownHosts(KNOWN_HOSTS);
jSch.addIdentity(privateKey.toString());
session = jSch.getSession(user, host, port);
}
public void connect() throws JSchException {
if(!session.isConnected()) {
session.connect();
}
}
...
}
ScpSender scpSender = new ScpSender(prompter.getUsername(), new
File("D:\\DSAKey768"), server, 22);
scpSender.connect();
If I generate a DSA key pair using the key generator of the JSch
library, then authentication via ssh to a remote computer works fine.
However, if I try to use an existing RSA or DSA key, I always get an
Auth fail exception:
Exception in thread "main" com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:449)
at com.jcraft.jsch.Session.connect(Session.java:149)
at ScpSender.connect(ScpSender.java:50)
at ScpSender.main(ScpSender.java:225)
I tried to generate keys with putty and exported these to OpenSSH
format. I tried SSH-2 DSA 768 bit and DSA 1024 bit. After adding the key
to the .ssh/authorized_keys, I still get the Auth fail exception.
If I use putty to connect to the remote machine (with the .ppk file),
the authentication works fine.
The private key generated with JSch looks the following way:
- -----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR
+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb
+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg
UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX
TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj
rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB
TDv+z0kqAoGAJUw8RQ6boKetg51tR+r1GAUAMQ0CLnE2TkyhS1RwgV4TSmmaCxaO
Y4ZJKUsHCsBT2GVNZngJOT/JO9EhkCyIsCLrKyA1EsXH9C7LTOsBYPjZwN6gYmrz
NOUErAmm8fTMpKN1X6QAKill4wWb+mtuH4QJftEioRuMMYoaPeIqBW0CFCu5WiPA
IDtCmTg8r5Wji6TkDZNR
- -----END DSA PRIVATE KEY-----
The exported Open SSH DSA 768 private key of putty looks this way:
- -----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,AF3E635DA1A8A2D6
M6reJo1LwuZYM9pdACGX9K6Lg4CgvFOkeJP9Qygz4GEGF5OQnocjw70KoFgvcr4Y
TAYw6mnZ5Yy34y+c29/wFjbbqm1Kq00jAnskBVwXowNne1mRDpy3QGRJk6LuNvrP
26SHKurDdbzhtAEdmuAggddz9Q3qZI0iQ+ul+4PRR5zNluzGOjnQ+Cp1HijVMNWK
o07Ucp6T2F0KfHj66smv6abGSKhoPiGIypMvFkybvNh4xANHME9wi3USfUKOcVi7
JnSSIZ5VZWDDByRtvFWikkWhExXL/wrHYlBctCLOy+AkgCXG8fAAeZm+82AInYvg
I/ozsO13ZZEtZmgkkZ56JMvnMVX/de92lfQOop/T1UduiKlbVldh6lo1tSbK9oal
EMqASqZ82r+gXMSglpDSCZv5hoNK1hJk639S+VAd5K/9xgeAgFLcUdY/BvoIwan6
zgS9VWQLnyk2efW3tcBjIQ==
- -----END DSA PRIVATE KEY-----
I even removed the headers (Proc-Type and DEK-Info) by hand but the
error is the same.
The same is true, if I use the SSH Secure Shell client. I tried to
generate DSA 2048, DSA 1024, and DSA 768 keys resulting in the same
error. Again, if I use the SSH Secure client with the generated key
everything works fine.
DSA 2048 private key:
- ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
Comment: "[2048-bit dsa, [EMAIL PROTECTED], Thu Oct 25 2007 12:09:3\
2]"
P2/56wAAA4oAAAAmZGwtbW9kcHtzaWdue2RzYS1uaXN0LXNoYTF9LGRoe3BsYWlufX0AAA
AIM2Rlcy1jYmMAAANI3jAcInQw6+ank3I3byXsQp8wVtZyIyV6AhIbqGdNbagrK9v2sJ9C
7Opc5/fxGLzf52aea8X1h9Nguj3LDvMbuGg37hMk1DiYsSZhct3GpcAnTG3gBi4AeRgV6d
KCUeym/adCD6IfHfQJFR76JcqynvJJQuX5nK/fBlFNB/XyAevs5t+VdCvCifxSlA27mtvO
G2RnYmvnwMyvvcEP8pozgfWa64zcRhy7qdX1VW2+JHwfLK9Z16a1aKE6QAMgSlwCJxXV2m
ONehwZFrWoNYYRMvek2vRDaY1iLrhdTQX2A+6eaaLpZAxysI9XQ5Mko6yVhIPCTYE6Dinb
8cYPjvFI6Y1lfAZGMUoizdKqBpiEx2pUzlFbhAhf5+l1YAKJKXBTlJuP9/0k7DPjbBbA5e
dlBVxDBZMju1lOZ4Ajd++ORD52y1K9G0Heexdo3E8Xp+qvQYfg6Qon0TqyoJe+xj8HePv7
cZ+bJ5nL9eSk3P98ABRjnLsZ9s3JtJBPJJyHUMQ0bKD9h8dbo5N3WcwR06t/8g3GBkAvTg
e404ihNJAZtX4x7RKu+jj/eTYei6JjVAIWccxpBxO3tyNisIuB7cXWSZ3+B43AbPTmFnzA
Y5nNzOovXaQvWQDGWJbuz3we/SGESbzGFalAvO+CYXbgBBG5IVlDpx4TbFBQynLiaUGMBS
D+P+WNPkLDqhRBWw1fxTgVYniWcIYh8oMKi9b+vMCuuZiwDSaRy+eR0NzcAkfgMSW466VK
yyTHvpZVvBVWHOMt5fDPx1NpAbaX94Blmai0EKwuZv6XsfTPhMiCGqzU07D+AG+emyFx0y
W8QkrIfY8WEQ7JFdtBGL9MAlENpTHBY2DezDLOoWt7hi4i/j3X53fN9VSzbTTzkjmLkzxy
9pdfY0q/6zAaRNhYbh7dzh5zrNBr1CD+/dSvJ9C1mdR4vQkqPhJmHhMqEhtzstUuoOpZNc
9qHO9W25Wp4jgFH/+J0cspwpLOtawb7o9Yx0Pc+vaXZRCcy3gIKruNT3n8lpuT6sBHfNWo
NYICuK2JFiFk6ARH69uoZ8wBvEbZRFkIbvVk8Te43hz8pgljgMfIxylPf5R/1S/B4jdhQw
XMBIO2frTjCIg2JpCY
- ---- END SSH2 ENCRYPTED PRIVATE KEY ----
The DSA 1024 and 768 look similar.
Is it possible to use existing keys, keys from certificates (X.509), or
keys generated with other SSH Tools with JSch?
Help would be highly appreciated.
Best Regards,
Steffen
- --
Dipl.-Inf. Steffen Heinzl
Distributed Systems Group
University of Marburg, Germany
PHONE +49-6421-2821521
FAX +49-6421-2821573
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHIc1HZu3jB9XIUZERAgIUAKDfoZQl3ptFP/9Bzlj6ydOkOEZZ2QCggwiZ
U0QrVGKB+1x9ox/Hr1mBqtk=
=f8pv
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users
