My system’s OS is Ubuntu 18. I am trying to connect SFTP through Java jcraft JSch but facing this exception:
com.jcraft.jsch.JSchException: Auth fail
Below are working:
- From terminal using
sftp
works fine with username and password, no issues. - From FileZilla also it is working fine.
Maven Dependency:
<dependency> <groupId>com.jcraft</groupId> <artifactId>jsch</artifactId> <version>0.1.54</version> </dependency>
String username = "xx_xxxxx"; String password = "xxxxxxx"; String host = "xxxxx-xx.xxxx.org"; JSch jsch = new JSch(); Session jschSession = jsch.getSession(username, host, 22); java.util.Properties config = new java.util.Properties(); config.put("StrictHostKeyChecking", "no"); config.put("PreferredAuthentications", "password"); System.out.println(jschSession.getHost()); jschSession.setConfig(config); jschSession.setPassword(password); jschSession.connect(10000); return (ChannelSftp) jschSession.openChannel("sftp");
Output:
com.jcraft.jsch.JSchException: Auth fail at com.jcraft.jsch.Session.connect(Session.java:473) at in.serosoft.academia.server.common.FTPDemo.setupJsch(FTPDemo.java:118) at in.serosoft.academia.server.common.FTPDemo.uploadSftpFromPath(FTPDemo.java:125) at in.serosoft.academia.server.common.FTPDemo.main(FTPDemo.java:187) java.lang.NullPointerException at in.serosoft.academia.server.common.FTPDemo.uploadSftpFromPath(FTPDemo.java:131) at in.serosoft.academia.server.common.FTPDemo.main(FTPDemo.java:187)
Terminal command sftp -vvv
output:
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: resolving "xxxxx-xx.xxxx.xxx" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to xxxxx-xx.xxxx.xxx [xxx.xx.xx.xxx] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/xxxx-xxxxx/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xxxx-xxxxx/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xxxx-xxxxx/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xxxx-xxxxx/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xxxx-xxxxx/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xxxx-xxxxx/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xxxx-xxxxx/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/xxxx-xxxxx/.ssh/id_ed25519-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to xxxxx-xx.xxxx.xxx:22 as 'yy_yyyyy' debug3: hostkeys_foreach: reading file "/home/xxxx-xxxxx/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/xxxx-xxxxx/.ssh/known_hosts:3 debug3: load_hostkeys: loaded 1 keys from xxxxx-xx.xxxx.xxx debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-512 debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ssh-rsa SHA256:62WxJjKHYP7fMeSKiEUFjEjKbYU6XWTLBJ1NJiAp0T4 debug3: hostkeys_foreach: reading file "/home/xxxx-xxxxx/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/xxxx-xxxxx/.ssh/known_hosts:3 debug3: load_hostkeys: loaded 1 keys from xxxxx-xx.xxxx.xxx debug3: hostkeys_foreach: reading file "/home/xxxx-xxxxx/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/xxxx-xxxxx/.ssh/known_hosts:4 debug3: load_hostkeys: loaded 1 keys from xxx.xx.xx.xxx debug1: Host 'xxxxx-xx.xxxx.xxx' is known and matches the RSA host key. debug1: Found key in /home/xxxx-xxxxx/.ssh/known_hosts:3 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 4294967296 blocks debug2: key: /home/xxxx-xxxxx/.ssh/id_rsa ((nil)) debug2: key: /home/xxxx-xxxxx/.ssh/id_dsa ((nil)) debug2: key: /home/xxxx-xxxxx/.ssh/id_ecdsa ((nil)) debug2: key: /home/xxxx-xxxxx/.ssh/id_ed25519 ((nil)) debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 53 debug3: input_userauth_banner Use of this computer system is restricted to OCLC authorized users, who must comply with the Acceptable Use Policy. Use and activity may be monitored or recorded and may be subject to auditing. Unauthorized access is strictly prohibited. debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,keyboard-interactive debug3: start over, passed a different list publickey,keyboard-interactive debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/xxxx-xxxxx/.ssh/id_rsa debug3: no such identity: /home/xxxx-xxxxx/.ssh/id_rsa: No such file or directory debug1: Trying private key: /home/xxxx-xxxxx/.ssh/id_dsa debug3: no such identity: /home/xxxx-xxxxx/.ssh/id_dsa: No such file or directory debug1: Trying private key: /home/xxxx-xxxxx/.ssh/id_ecdsa debug3: no such identity: /home/xxxx-xxxxx/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /home/xxxx-xxxxx/.ssh/id_ed25519 debug3: no such identity: /home/xxxx-xxxxx/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug3: send packet: type 50 debug2: we sent a keyboard-interactive packet, wait for reply debug3: receive packet: type 60 debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password: debug3: send packet: type 61 Connection closed by xxx.xx.xx.xxx port 22 Connection closed
sftp -o "PreferredAuthentications password" -vvv username@host
Output:
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: resolving "xxxx-xx.xxxx.xxx" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to xxxx-xx.xxxx.xxx [113.29.23.198] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/zzzzz-zzzzzz/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/zzzzz-zzzzzz/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/zzzzz-zzzzzz/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/zzzzz-zzzzzz/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/zzzzz-zzzzzz/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/zzzzz-zzzzzz/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/zzzzz-zzzzzz/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/zzzzz-zzzzzz/.ssh/id_ed25519-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to xxxx-xx.xxxx.xxx:22 as 'yy_yyyyy' debug3: hostkeys_foreach: reading file "/home/zzzzz-zzzzzz/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/zzzzz-zzzzzz/.ssh/known_hosts:3 debug3: load_hostkeys: loaded 1 keys from xxxx-xx.xxxx.xxx debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-512 debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ssh-rsa SHA256:62WxJjKHYP7fMeSKiEUFjEjKbYU6XWTLBJ1NJiAp0T4 debug3: hostkeys_foreach: reading file "/home/zzzzz-zzzzzz/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/zzzzz-zzzzzz/.ssh/known_hosts:3 debug3: load_hostkeys: loaded 1 keys from xxxx-xx.xxxx.xxx debug3: hostkeys_foreach: reading file "/home/zzzzz-zzzzzz/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/zzzzz-zzzzzz/.ssh/known_hosts:4 debug3: load_hostkeys: loaded 1 keys from 113.29.23.198 debug1: Host 'xxxx-xx.xxxx.xxx' is known and matches the RSA host key. debug1: Found key in /home/zzzzz-zzzzzz/.ssh/known_hosts:3 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 4294967296 blocks debug2: key: /home/zzzzz-zzzzzz/.ssh/id_rsa ((nil)) debug2: key: /home/zzzzz-zzzzzz/.ssh/id_dsa ((nil)) debug2: key: /home/zzzzz-zzzzzz/.ssh/id_ecdsa ((nil)) debug2: key: /home/zzzzz-zzzzzz/.ssh/id_ed25519 ((nil)) debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 53 debug3: input_userauth_banner Use of this computer system is restricted to OCLC authorized users, who must comply with the Acceptable Use Policy. Use and activity may be monitored or recorded and may be subject to auditing. Unauthorized access is strictly prohibited. debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,keyboard-interactive debug3: start over, passed a different list publickey,keyboard-interactive debug3: preferred password debug1: No more authentication methods to try. xx_xxxxx@xxxxx-xx.xxxx.org: Permission denied (publickey,keyboard-interactive). Connection closed
Advertisement
Answer
Your ssh
uses keyboard interactive authentication. The password authentication does not seem to work on your server. So you need to do the same with JSch.
See the official UserAuthKI
example.
Basically you need to implement the UIKeyboardInteractive
interface (together with the UserInfo
interface) and associate the implementation with the session using the Session.setUserInfo
.
If the authentication is prompting for a single “password” only, implement the UIKeyboardInteractive.promptKeyboardInteractive
method to return a single element array with the password.
Obligatory warning: Do not use StrictHostKeyChecking=no
to blindly accept all host keys. That is a security flaw. You lose a protection against MITM attacks. For the correct (and secure) approach, see: How to resolve Java UnknownHostKey, while using JSch SFTP library?