5

I'm trying to write a java program that will connect via ssh and do some stuff on a server at work (redhat linux). My box is windows. I read about sshj and I'm trying to get the example to work. I've worked through most of the dependencies and now I have an error dealing with public/private keys and unfortunately I don't know much there either (yes, it's a perfect storm of newbie-ness!). Here's the error:

Exception in thread "main" net.schmizz.sshj.transport.TransportException: [HOST_KEY_NOT_VERIFIABLE] Could not verify ssh-rsa host key with fingerprint 5f:d6:94:00:9e:ec:7e:34:6d:d0:d3:76:df:5e:dd:3d for myserver on port 22

Here's the code:

import net.schmizz.sshj.SSHClient;
import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.connection.channel.direct.Session;
import net.schmizz.sshj.connection.channel.direct.Session.Command;

import java.io.IOException;
import java.util.concurrent.TimeUnit;

/** This examples demonstrates how a remote command can be executed. */
public class sshBuddy {

    public static void main(String... args)
            throws IOException {
        final SSHClient ssh = new SSHClient();
        ssh.loadKnownHosts();
        //ssh.addHostKeyVerifier("5f:d6:94:00:9e:ec:7e:34:6d:d0:d3:76:df:5e:dd:3d");

        ssh.connect("myserver");
        try {
            ssh.authPublickey(System.getProperty("myusername"));
            final Session session = ssh.startSession();
            try {
                final Command cmd = session.exec("ping -c 1 google.com");
                System.out.println(IOUtils.readFully(cmd.getInputStream()).toString());
                cmd.join(5, TimeUnit.SECONDS);
                System.out.println("\n** exit status: " + cmd.getExitStatus());
            } finally {
                session.close();
            }
        } finally {
            ssh.disconnect();
        }
    }

}

Any help would be appreciated, thanks!

hatrickpatrick
  • 195
  • 1
  • 2
  • 9

3 Answers3

9

just try this

ssh.addHostKeyVerifier(new PromiscuousVerifier());

this should work

lennon_liang
  • 119
  • 1
  • 4
  • 3
    This is not a solution. You are basically saying to disable host key verification as such. – Matiss Jun 17 '16 at 13:50
1

try this

    public class sshBuddy {

    public static void main(String... args)
            throws IOException {
        final SSHClient ssh = new SSHClient();
        //ssh.loadKnownHosts();
        ssh.addHostKeyVerifier("5f:d6:94:00:9e:ec:7e:34:6d:d0:d3:76:df:5e:dd:3d");

        ssh.connect("myserver");
        try {
            ssh.authPublickey(System.getProperty("myusername"));
            final Session session = ssh.startSession();
            try {
                final Command cmd = session.exec("ping -c 1 google.com");
                System.out.println(IOUtils.readFully(cmd.getInputStream()).toString());
                cmd.join(5, TimeUnit.SECONDS);
                System.out.println("\n** exit status: " + cmd.getExitStatus());
            } finally {
                session.close();
            }
        } finally {
            ssh.disconnect();
        }
    }
}

Uncomment the addHostKeyVerifier and comment loadKnownHosts. It should work.

rgksugan
  • 3,521
  • 12
  • 45
  • 53
0

This should work:

ssh.addHostKeyVerifier("MD5:5f:d6:94:00:9e:ec:7e:34:6d:d0:d3:76:df:5e:dd:3d")

The method addHostKeyVerifier can receive as a parameter a final String which is used to perform a validation in the class FingerprintVerifier.java.

According to the repo, other inputs can be used such as:

  • "SHA1:2Fo8c/96zv32xc8GZWbOGYOlRak="
  • "SHA256:oQGbQTujGeNIgh0ONthcEpA/BHxtt3rcYY+NxXTxQjs="
  • "MD5:d3:5e:40:72:db:08:f1:6d:0c:d7:6d:35:0d:ba:7c:32"
  • "d3:5e:40:72:db:08:f1:6d:0c:d7:6d:35:0d:ba:7c:32"


In case of having multiple keys, double check the fingerprint of the default public key of the ssh server.

MarcosBernal
  • 562
  • 5
  • 13