Jsch Exception: Auth Fail with private key

Question

I'm using below code to connect remote server and I followed below steps to connect private/public key generation & concatenate of public key with authorized key.

Code:

private Session createSession() throws JSchException {
        JSch jsch = new JSch();
            jsch.addIdentity(privateKey);                   //add private key path as ~/.ssh/id_rsa
            Session session;
            session = jsch.getSession(user, host, port);
            java.util.Properties config = new java.util.Properties();

        Properties cfg = new Properties();
            cfg.put("trust", "true");
            cfg.put("StrictHostKeyChecking", "no");
            cfg.put("HashKnownHosts", "yes");

            session.setConfig(cfg);
            session.connect();
            return session;
    }

Steps:

1. I can able to generate private/public key in the path ~/.ssh/id_rsa(private key) and ~/.ssh/id_rsa.pub(public key)
    >> ssh-keygen (or) ssh-keygen -t rsa -b 4096
   Note: Generated key with no passphrase
2. I have added public key with authorized_keys with below command
    >> ssh user@host "echo \"`cat ~/.ssh/id_rsa.pub`\" >> .ssh/authorized_keys"

Still I'm facing the exception "com.jcraft.jsch.JSchException: Auth fail". Please guide me to proceed.

score 4 · Answer 1 · answered Jan 02 '18 at 19:30

I believe this can happen for several reasons:

The private key is password protected, which you have already verified is not the case.
The directory containing the keys is encrypted.
The file permissions on the .ssh directory and or public/private keys are too open. They should be:
- ssh directory: 700
- public key: 644
- private key: 600 (possibly even 400)
What also might be going on is the format of the public key within the authorized keys file is incompatible. You might need to convert it to a different format. Assuming OpenSSH:
- Convert to SSH2: ssh-keygen -i -f /path/to/private/key ssh-keygen -i -f /path/to/public/key
- Convert from SSH2: ssh-keygen -e -f /path/to/private/key ssh-keygen -e -f /path/to/public/key

I had Jsch successfully authenticate once. Then I re-did keygen and udpated keys everywhere and now I'm getting the error above too — Fueled By Coffee, Feb 09 '18 at 18:18

score 1 · Answer 2 · answered Apr 28 '23 at 17:32

1

JSch does not support rsa-sha2. And as JSch seems not to be updated anymore, it quite likely never will. Try this ssh-keygen -m PEM -t rsa -b 2048 its work.

answered Apr 28 '23 at 17:32

Indravijaysinh

11
1

Jcraft hasn't updated since 2018, but a fork in https://github.com/mwiede/jsch is current and includes rsa-sha2-# signatures -- _and_ 'new' format keyfiles (OPENSSH PRIVATE KEY), which Jcraft's 1.55 does not, and is the _only_ thing you changed by `-m PEM` (exactly the same RSA keys, in either old or new format, can be used for both rsa-sha2-# and ssh-rsa signatures in OpenSSH, except in 8.8 up ssh-rsa is disabled by default and must be reenabled). – dave_thompson_085 Apr 29 '23 at 01:54

Jsch Exception: Auth Fail with private key

2 Answers2