[JSch-users] jsch-0.1.54.jar throws com.jcraft.jsch.JSchException: invalid privatekey

Fri, 04 Nov 2016 14:22:08 -0700 

Summary: Is there a known problem with SSH and RSA keys with 4096 bits?

Recently I noticed that using the SFTP plugin of my favorite editor
jedit wasn't working anymore. To make a long story short: I've drilled
down the problem to the library JSch (jsch-0.1.54.jar) and compiled one
of your example:

I'm using UserAuthPubKey.java
(http://www.jcraft.com/jsch/examples/UserAuthPubKey.java.html) example
with a 2 different keys:

% ssh-keygen -lf ~/.ssh/id_rsa-2048
2048 SHA256:e8G+h4MsuUMZYUbk2jhk18FGQ88JNB/Lpxzpw/kfAeY
erik.was...@namm.de (RSA)

% ssh-keygen -lf ~/.ssh/id_rsa-4096
4096 SHA256:3M4Mx6KUodWqWfdVWOr0cavdapf8y+zIH3bXcl7umbo
erik.was...@namm.de (RSA)

The first one is working fine, that last one returns the following message

> com.jcraft.jsch.JSchException: invalid privatekey: [B@f5f2bb7

throwing from the code snippet

> jsch.addIdentity(chooser.getSelectedFile().getAbsolutePath());

If've modified UserAuthPubKey.java a little bit to drill down the
JSchException. Here's the relevant part:

    if(returnVal == JFileChooser.APPROVE_OPTION) {
        System.out.println("You chose "+
            chooser.getSelectedFile().getAbsolutePath()+".");
        System.out.println("before jsch.addIdentity()");
        jsch.addIdentity(chooser.getSelectedFile().getAbsolutePath());
        System.out.println("after jsch.addIdentity()");
    }

Compiling (using the oracle JDK 1.8.0_101):

% javac -classpath jsch.jar UserAuthPubKey.java

Starting and using the 2048 bit key:

% java -classpath jsch.jar:. UserAuthPubKey
You chose /home/brassel/.ssh/id_rsa-2048.
before jsch.addIdentity()
after jsch.addIdentity()
...Program goes on...

Starting and using the 4096 bit key:

% java -classpath jsch.jar:. UserAuthPubKey
You chose /home/brassel/.ssh/id_rsa-4096.
before jsch.addIdentity()
com.jcraft.jsch.JSchException: invalid privatekey: [B@48140564
...Program ends here...

Why is that? Why are 4096 bits RSA keys invalid? How can I fix this issue?

-- 
So long... Erik

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users

Reply via email to