is / jsch Goto Github PK

Currently, only RSA format private keys are compatible with jsch. Are there any plans to supports the openssh key format? I'm willing to take a crack at a PR if there is nobody else working on this.

Am currently navigating remote sftp server using JSch and i can get the files wth no issues,but the moment i rename the file manually with mv command,i get "No Such File" exception.
Exception happens in this code section and inly after renaming the file manually and rerunning the application even after rebooting the machine.
sftp.get(sftp.pwd() + "/" + ls.getFilename().trim(),

   public void executeSourceTask(String sourcePath) throws Exception {
    log.log(Level.INFO, "******************SOURCE START PROCESSING***************************");
    if (sftp == null) {

        sftp = (ChannelSftp) session.openChannel("sftp");
        sftp.connect();
    }
    if (!session.isConnected()) {
        session.connect();
        sftp = (ChannelSftp) session.openChannel("sftp");
        sftp.connect();

    }
    SftpATTRS attrs = null;
    Vector<LsEntry> v = null;
    if (firstTime) {
        sftp.cd(sourcePath);
        v = sftp.ls(sourcePath);
        firstTime = false;
    } else {
        attrs = sftp.stat(sourcePath);
        if (attrs.isDir()) {
            sftp.cd(sourcePath);
            v = sftp.ls(sourcePath);
        }
    }
 
    int fileNumber = v == null ? 0 : v.size();
    for (int i = 0; i < fileNumber; i++) {
        LsEntry ls = v.get(i);
        attrs = ls.getAttrs();
       //Navigate recursively through folders and subfolders
        if (attrs.isDir()) {
            if (!ls.getFilename().startsWith(".")) {
                executeSourceTask(sourcePath + "/" + ls.getFilename());
            }

        } else if (!attrs.isDir()) {
            if (!ls.getFilename().startsWith(".")) {

                if (search_type.trim().equalsIgnoreCase("contains")) {
                    if (ls.getFilename().trim().contains(fileName.trim())) {
                        FileOutputStream fos = new FileOutputStream(new File(properties.getString("description") + "/" + ls.getFilename()));
                        try {

                            **sftp.get(sftp.pwd() + "/" + ls.getFilename().trim(),** 

 fos);
                            fos.close();

                        } catch (Exception ex) {
                            ex.printStackTrace();
                        } finally {
                            fos.close();
                        }

                    }
                } else if (search_type.equalsIgnoreCase("equals")) {
                    if (ls.getFilename().equals(fileName)) {
                        sftp.get(ls.getFilename(), properties.getString("description") + File.separatorChar + ls.getFilename());
                    }
                }
            }
        }
    }
    log.log(Level.INFO, "******************SOURCE END PROCESSING***************************");

}

SFTP server - Secure Transport no longer supports the following SFTP legacy Message Authentication Codes (MACs):
[email protected]
[email protected]

Supported MACs:
hmac-sha2-256
[email protected]
hmac-sha2-512
[email protected]

Looking at the Jsch code it seems we do not have a support for supported MACs so what is the recommended way.
I did tried
config.put("mac.s2c", "hmac-sha1");
config.put("mac.c2s", "hmac-sha1");
With multiple options given below but does not help.
hmac-sha2-256
hmac-sha2-512
hmac-sha2-512-etm

-Thanks and Regards
Yoges

Hi,
my use case is to test the performance of the Sftp server where I am trying to open multiple connections and push the 5 GB files in order of 50,100,150,200, and so on to test the performance.

When I try to push more and more files, I observe slow data transfer. Which is almost the same ratio.

is there any config that can reduce the time to transfer the file in parallel under the thread?

Thanks,
shyam.

com.jcraft.jsch.ProxyHTTP:
Can you throw the exception out...
`
try{
foo=response.indexOf(' ');
int bar=response.indexOf(' ', foo+1);
code=Integer.parseInt(response.substring(foo+1, bar));
reason=response.substring(bar+1);
}
catch(Exception e){
// Can you throw the exception out...

  }
  if(code!=200){
    throw new IOException("proxy error: "+reason);
  }

`

Hi,

Session.java
try { buf = read(buf); stimeout = 0; } catch (InterruptedIOException/*SocketTimeoutException*/ ee) { System.out.println("Caught an exception, stimeout："+ stimeout + " , " + ee.getCause() + ", "+ Arrays.toString(ee.getStackTrace())); JSch.getLogger().log(Logger.INFO, "Caught an exception, " +ee.getMessage() + ", "+ ee.getCause() + ", "+ Arrays.toString(ee.getStackTrace())); if (!in_kex && stimeout < serverAliveCountMax) { sendKeepAliveMsg(); stimeout++; continue; } else if (in_kex && stimeout < serverAliveCountMax) { stimeout++; continue; } throw ee; }

when I set serverAliveInterval=1000 and serverAliveCountMax more than 0,
there is a chance to cause :
Caught an exception, leaving main loop due to com.jcraft.jsch.JSchException: Packet corrupt
I think the reason is when SocketTimeoutException continued, packet size has a chance to excced PACKET_MAX_SIZE(RFC 4253 6.1. Maximum Packet Length, 256*1024)

Can I use it safely

I am attempting to connect to the SFTP server using public key authentication. To do so I need to call JSch.AddIdentity() and pass in the private key.

The private key I need to use is stored in a Java KeyStore object. When the key is retrieved from the KeyStore it is a PrivateKey type. From trawling the internet it appears the private key is in the DER format.

What format is required for AddIdentity()?

I have searched for examples of converting the PrivateKey to a PEM string which is equivalent to the contents of a private key file used by SSH. But no luck so far.

Add the ability to set client terminal size via "pty-req". Now the 'setPtySize' method exists in the ChannelSession class but that class is not public. Channel itself does not have setPtySize.

Hi,

I used spring integration sftp SftpRemoteFileTemplate to upload file. It uses internally jsch library, concretely I see version 0.1.54.
To upload I use piping via PipeOutputStream<->PipeInputStream, that means bytes received from inputstream are sent to sft server in cca 32768B large packets what I understood. But this situation I don't.
My test case.

1. start sftp server
2. start upload bytes after successful connection, I see that data are sent in mentioned size of packet.
3. shutdown sftp server, I received immediately following log:

INFO  com.jcraft.jsch - Caught an exception, leaving main loop due to Connection reset
INFO  com.jcraft.jsch - Disconnecting from localhost port 3373

4. byte uploading still continue up to cca 512Kb without any exception
5. finally I got following exception:

Caused by: com.jcraft.jsch.SftpException: java.io.IOException: Pipe closed
	at com.jcraft.jsch.ChannelSftp._put(ChannelSftp.java:697) ~[jsch-0.1.54.jar:na]
	at com.jcraft.jsch.ChannelSftp.put(ChannelSftp.java:540) ~[jsch-0.1.54.jar:na]
	at com.jcraft.jsch.ChannelSftp.put(ChannelSftp.java:492) ~[jsch-0.1.54.jar:na]
	at org.springframework.integration.sftp.session.SftpSession.write(SftpSession.java:155) ~[spring-integration-sftp-5.1.9.RELEASE.jar:5.1.9.RELEASE]
	... 12 common frames omitted
Caused by: java.io.IOException: Pipe closed
	at java.base/java.io.PipedInputStream.read(PipedInputStream.java:307) ~[na:na]
	at java.base/java.io.PipedInputStream.read(PipedInputStream.java:377) ~[na:na]
	at com.jcraft.jsch.ChannelSftp.fill(ChannelSftp.java:2909) ~[jsch-0.1.54.jar:na]
	at com.jcraft.jsch.ChannelSftp.header(ChannelSftp.java:2935) ~[jsch-0.1.54.jar:na]
	at com.jcraft.jsch.ChannelSftp.checkStatus(ChannelSftp.java:2473) ~[jsch-0.1.54.jar:na]
	at com.jcraft.jsch.ChannelSftp._put(ChannelSftp.java:651) ~[jsch-0.1.54.jar:na]
	... 15 common frames omitted

My question is: Why am I able to put so many data after connection is closed? Is possible to configure something?
I would like to receive error as soon as possible in order to stop data producing.

thanks

sSHClient.registerX11Forwarder(new ConnectListener() {

				@Override
				public void gotConnect(Forwarded chan) throws IOException {

                            //How to use this method
                             }

}

While executing echo $JAVA_HOME command, output is null

We are using jsch 0.1.54. We use it to simply create a SSH connection with a remote SSH server with PAM enabled in our application (Let's call it Application ALPHA)
Now, our current code is working fine for all our users. However, recently one user is getting
Session.connect: java.net.SocketException: Socket is not connected (Read failed)

This user simply uses a username and password authentication. Now, this user has VPN via which client can talk to SSH . But we have ruled out a server issue, since other clients/products are able to connect to the SSH server and the application ALPHA is also able to connect to the same SSH server in a different machine and using a different username . The user was not able to test using his credentials on a different machine due to various compliance issues.

I am listing out the properties that we use

final Properties pty= new Properties();
pty.put("StrictHostKeyChecking", "no");
pty.put("PreferredAuthentications", "publickey,password,keyboard-interactive");

What can be the different reason for this to happen, since we have been unable to recreate this as of now.

You'd better read
http://stackoverflow.com/questions/6263630/jschexception-algorithm-negotiation-fail

And i found the sshd_config method in Malte Clasen's comment, really works for me.

Add one line:

KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1

in /etc/ssh/sshd_config, if you can.

I found a bug that Remote Port Forwardings are mixed,
although it's remote server is different from each other.

A method that provides Local Port Forwarding checks a Session instance.

PortWatcher.java
static String[] getPortForwarding(Session session){
  java.util.Vector foo=new java.util.Vector();
 
  synchronized(pool){
    for(int i=0; i<pool.size(); i++){
      PortWatcher p=(PortWatcher)(pool.elementAt(i));
      if(p.session==session){
        foo.addElement(p.lport+":"+p.host+":"+p.rport);
      }
    }
  }
 
  String[] bar=new String[foo.size()];
  for(int i=0; i<foo.size(); i++){
    bar[i]=(String)(foo.elementAt(i));
  }
  return bar;
}

But a method that provides Remote Port Forwardings DO NOT CHECK a Session instance.

ChannelForwardedTCPIP.java
static String[] getPortForwarding(Session session){
  Vector foo = new Vector();
 
  synchronized(pool){
    for(int i=0; i<pool.size(); i++){
      Config config = (Config)(pool.elementAt(i));
      if(config instanceof ConfigDaemon)
        foo.addElement(config.allocated_rport+":"+config.target+":");
      else
        foo.addElement(config.allocated_rport+":"+config.target+":"+((ConfigLHost)config).lport);
    }
  }
 
  String[] bar=new String[foo.size()];
  for(int i=0; i<foo.size(); i++){
    bar[i]=(String)(foo.elementAt(i));
  }
  return bar;
}

Hi ,
I got "java.lang.ArrayIndexOutOfBoundsException: null" when creating a ssh session:

java.lang.ArrayIndexOutOfBoundsException: null
at com.jcraft.jsch.Buffer.getByte(Buffer.java:148)
at com.jcraft.jsch.Buffer.getString(Buffer.java:188)
at com.jcraft.jsch.Session.read(Session.java:1003)
at com.jcraft.jsch.UserAuthPassword.start(UserAuthPassword.java:91)
at com.jcraft.jsch.Session.connect(Session.java:470)
at com.guangyan.collect.jobhandler.utils.SshMmlClient.doConnect(SshMmlClient.java:207)

the jsch version is 0.1.54, and my code is like:

session = jsch.getSession(host.getSshUsername().trim(), host.getIp().trim(), host.getSshPort());
session.setPassword(host.getSshPassword().trim());
session.setConfig(sshConf);
session.connect(timeout);
            
session.sendKeepAliveMsg();
session.setServerAliveInterval(1000);
session.setServerAliveCountMax(120);
            
channel = (ChannelShell)session.openChannel("shell");
 ((ChannelShell)channel).setPty(true);
channel.connect();

with the api setPortForwardingL, we could connect to destination server in the path via the bastion host (client->bastion host->destination server) with password,

but if the connection between bastion host->destination server is authenciated by public key, how could i do ?

Connection just hangs. I'm successfully connecting with the same host, user, and port from terminal and from an implementation I wrote in python using paramiko (I'm using RSA keys, no passwords). Increasing the timeout has no effect and no exceptions are thrown. I was using version 1.55 but have also tried 1.5 to see if it's version related. I'm connecting between two linux ubuntu/mint systems if that helps.

JSch jsch = new JSch();
jsch.setKnownHosts("/home/user/.ssh/known_hosts");
Session session = jsch.getSession(this.username, this.ip, 21);
Hashtable<String, String> config = new Hashtable<String, String>();
config.put("StrictHostKeyChecking", "no");
config.put("PreferredAuthentications", "publickey");
session.setConfig(config);
session.connect(5000);
System.out.println(session.isConnected());

When I use this JSch lib, I got this error “reject HostKey”.

Anyone who know why ? How debug it ? Any suggest is good.

https://github.com/mwiede/jsch

https://github.com/sschlib/sschlib

OutputStream out = shell.getOutputStream();
out.write((command + "\n").getBytes());
out.flush();

Hi, We are getting error when we are using higher version(0.1.53) of JSCH jar. but it work fine with JSCH version (0.1.52) while using camel-ftp route while making SFTP connection. Here we are using the proxy for getting connected to SFTP. Please let me know if you need more detail.

Camel Ticket : https://issues.apache.org/jira/browse/CAMEL-10903

Please find the below error :
This is the set of credentials was provided by HSBC but we were getting the following error:
org.apache.camel.component.file.GenericFileOperationFailedException: Cannot connect to sftp://[email protected]:22
at org.apache.camel.component.file.remote.SftpOperations.connect(SftpOperations.java:146)
at org.apache.camel.component.file.remote.RemoteFileConsumer.connectIfNecessary(RemoteFileConsumer.java:203)
at org.apache.camel.component.file.remote.SftpConsumer.doStart(SftpConsumer.java:52)
at org.apache.camel.support.ServiceSupport.start(ServiceSupport.java:61)
at org.apache.camel.impl.DefaultCamelContext.startService(DefaultCamelContext.java:3269)
at org.apache.camel.impl.DefaultCamelContext.doStartOrResumeRouteConsumers(DefaultCamelContext.java:3563)
at org.apache.camel.impl.DefaultCamelContext.doStartRouteConsumers(DefaultCamelContext.java:3499)
at org.apache.camel.impl.DefaultCamelContext.safelyStartRouteServices(DefaultCamelContext.java:3429)
at org.apache.camel.impl.DefaultCamelContext.doStartOrResumeRoutes(DefaultCamelContext.java:3197)
at org.apache.camel.impl.DefaultCamelContext.doStartCamel(DefaultCamelContext.java:3053)
at org.apache.camel.impl.DefaultCamelContext.access$000(DefaultCamelContext.java:175)
at org.apache.camel.impl.DefaultCamelContext$2.call(DefaultCamelContext.java:2848)
at org.apache.camel.impl.DefaultCamelContext$2.call(DefaultCamelContext.java:2844)
at org.apache.camel.impl.DefaultCamelContext.doWithDefinedClassLoader(DefaultCamelContext.java:2867)
at org.apache.camel.impl.DefaultCamelContext.doStart(DefaultCamelContext.java:2844)
at org.apache.camel.support.ServiceSupport.start(ServiceSupport.java:61)
at org.apache.camel.impl.DefaultCamelContext.start(DefaultCamelContext.java:2813)
at org.apache.camel.spring.SpringCamelContext.maybeStart(SpringCamelContext.java:270)
at org.apache.camel.spring.SpringCamelContext.onApplicationEvent(SpringCamelContext.java:136)
at org.apache.camel.spring.CamelContextFactoryBean.onApplicationEvent(CamelContextFactoryBean.java:340)
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:163)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:136)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:380)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:334)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:851)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:540)
at org.springframework.context.support.ClassPathXmlApplicationContext.(ClassPathXmlApplicationContext.java:139)
at org.springframework.context.support.ClassPathXmlApplicationContext.(ClassPathXmlApplicationContext.java:93)
at com.bfm.etf.dixie.BDServer.loadApplicationContext(BDServer.java:98)
at com.bfm.etf.dixie.BDServer.main(BDServer.java:60)
Caused by: com.jcraft.jsch.JSchException: Session.connect: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 2048 (inclusive)
at com.jcraft.jsch.Session.connect(Session.java:558)
at org.apache.camel.component.file.remote.SftpOperations.connect(SftpOperations.java:118)

in _put and _get method, monitor.count don't pass the total data length read/write, instead passing data length read/write every loop, it's not accordidate to the document as,

boolean count(long count)
Will be called periodically as more data is transfered.
Parameters:
count - the number of bytes transferred so far
Returns:
true if the transfer should go on, false if the transfer should be cancelled.

It would be awesome to refactor to use Netty as the underlying network transport library so that we can perform event-based I/O in a non-blocking manner. I will investigate the feasibility of such an implementation. To facilitate allowing more people to contribute, I will also make my fork build via Maven.

when process waiting for input,how can i get the cursor's staus?

there?are you there?

Enhancement: How can I update the "ls" command to pass thru options such as "+linerule=rdw" to the sftp server (in this case, on a remote mainframe)?

Connecting to satety device with jsch programe，but it‘s not working，the error message is “Connection failed: SSH_MSG_DISCONNECT: 2 The connection is closed by SSH Server”，what‘s the meaning of the message?

Problem is described on here on stackoverflow.

We have deployed some fix in our production which seems to be working fine. Will raise PR here so that it can be verified by experts and help others in need. Thanks.

Hello,

Do you provide support for FTPS, not to be confused with SFTP?
If not what library would you recommend?

Thank you.

known hosts file are easy to detect hashed or not. I know there is "HashKnownHosts" configuration. But I think it is better automatically determine known hosts file using hash or not.

The exit status sometimes return -1 when i use jsch.
Even though -1 is returned, the script executes normally.
When exit status return -1, should I think the script executed successfully or failed? Please help me, thanks.
The implementation is as follows:
Session session = null; ChannelExec channelExec = null; int exitStatus; String responseMsg = null; try { JSch jSch = new JSch(); jSch.addIdentity(null, prvKey.getBytes(), null, null); session = jSch.getSession(user, host, port); session.setConfig("StrictHostKeyChecking", "no"); session.connect(CONNECT_TIMEOUT); channelExec = (ChannelExec) session.openChannel("exec"); InputStream inputStream = channelExec.getInputStream(); channelExec.setCommand(cmd); channelExec.connect(); byte[] tmp = new byte[1024]; while (true) { while (inputStream.available() > 0) { int i = inputStream.read(tmp, 0, 1024); if (i < 0) { break; } responseMsg = new String(tmp, 0, i); } if (channelExec.isClosed()) { if (inputStream.available() > 0) { continue; } exitStatus = channelExec.getExitStatus(); break; } try { Thread.sleep(1000); } catch (Exception e) { // Ignore exception. } } } finally { if (channelExec != null) { channelExec.disconnect(); } if (session != null) { session.disconnect(); } }

Use exec to execute the command, execute it in large concurrency, and block on the stream for a period of time

logger.info(new StringBuilder(this.ip).append(",执行输出命令：").append(command).toString());
try (InputStream stdout = openChannel.getInputStream()) {
openChannel.connect();
long startTime = System.currentTimeMillis();
byte[] tmp = new byte[1024];
while (true) {
while (stdout.available() > 0) {
int i = stdout.read(tmp, 0, 1024);
if (i < 0)
break;
result.append(new String(tmp, 0, i, Charset.defaultCharset()));
}
if (openChannel.isClosed()) {
if (stdout.available() > 0)
continue;
break;
}
// 超时
if (System.currentTimeMillis() - startTime > timeout) {
throw new TimeOutException("sh命令执行超时:" + command);
}
}

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

My jgit checkout started to fail after moving it to ECDSA 256 key. The SSH connection was successful but checkout fails randomly.
JGIT Version - org.eclipse.jgit-5.0.1.201806211838

Hello：

Can I add a timeout when executing the exce command?
Otherwise, there will be long links waiting for script execution

Thank you。

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. Will Jsch consider supporting other key exchange algorithms, such as curve25519?

Hi Team,

We are getting com.jcraft.jsch.JSchException: verify: false exception Intermittently with latest version JSCH. Where it is claimed to fixed in 0.1.50.

com.jcraft.jsch.JSchException: verify: false
at com.jcraft.jsch.Session.connect(Session.java:307)
at com.jcraft.jsch.Session.connect(Session.java:160)

Please have a look.

Hey Guys,
I am making a ssh connection to a linux host where I try to run a script as a background process by using nohup and &, but the moment my connection closed the remote shell script also terminates.

Not sure why the nohup option is not working . Any idea?

Best Regards
Robin