"com.jcraft.jsch.JSchException: Auth fail" with working passwords

Question

While trying to upload the file to our server, i am getting the following exception

    com.jcraft.jsch.JSchException: Auth fail
        at com.jcraft.jsch.Session.connect(Session.java:464)
        at com.jcraft.jsch.Session.connect(Session.java:158)
        at FtpService.transferFileToReciever(FtpService.java:80)
        at FtpService.transferFileToReciever(FtpService.java:54)
        at FtpService.transferFileToRecievers(FtpService.java:44)
        at FtpService.transferSingeFile(FtpService.java:241)
        at FtpService.main(FtpService.java:26)
    Auth fail
    
    

The part of function transferFileToReciever from source file is

        JSch jsch = new JSch();
        jsch.addIdentity("/root/.ssh/id_dsa");
        Session session = jsch.getSession(username, host, 22);

        session.setUserInfo(serverinfo);
        session.connect(); //geting exception here

        boolean ptimestamp = true;

    

The passwords are working, since i can do login using ssh, but using JSCh it doesnt work even provided with key, username and password. Using id_dsa key with java version "1.6.0_25". What could be the error?

Found other similar question, but not the answer.

Answer 1

For Me, I was on Linux Debian 10

I had to change the Sshd config files to allow/enable Ssh keys with RSA algorithm to be trusted.

1. sudo nano /etc/ssh/sshd_config

// Add or update the PubkeyAcceptedAlgorithms and HostKeyAlgorithms to allow ssh-rsa:

2. PubkeyAcceptedAlgorithms +ssh-rsa

3. HostKeyAlgorithms +ssh-rsa

4. sudo systemctl restart sshd

Answer 2

Recently, a new variant of the problem has surfaced. By default, some linux boxes (e.g., Amazon Linux 2023) doesn’t support the legacy ssh-rsa. The SSH client has to support rsa-sha2-256 or rsa-sha2-512 - which may not be possible in the case of jsch.

In such case, ssh-rsa support has to be re-enabled in the linux server. In AL2023 this can be done by activating the LEGACY system crypto policy - as shown below

sudo dnf install crypto-policies-scripts
sudo update-crypto-policies --set LEGACY
# Then reboot the server

Answer 3

We were using both password + public key and getting this error. Our issue was that our public key uses OpenSSH, which Jsch does not support, thus had to use the forked and improved version of Jsch: https://github.com/mwiede/jsch.

Answer 4

I had this problem while using the maven plugin git-commit-id-plugin. I was able to push to the remote of my local git project, but the plugin was giving this error when running mvn compile. It seems the plugin needs the remote of the current git project specified with the https protocol. Instead, what I had was:

$ git remote -v
origin  git@github.com:johnbet/myprojectname.git (fetch)
origin  git@github.com:johnbet/myprojectname.git (push)

I solved the issue setting the remote url with

$ git remote set-url origin https://github.com/johnbet/myprojectname.git

such that the previous command returns:

$ git remote -v
origin  https://github.com/johnbet/myprojectname.git (fetch)
origin  https://github.com/johnbet/myprojectname.git (push)

I discovered this by noticing that the remote my project had originally (I cloned it from another GitHub repo) was using the https protocol, while the one I set after was not.

See the official documentation about changing a remote repository's url here.

Answer 5

in my case I was using below dependency

<dependency>
    <groupId>com.jcraft</groupId>
    <artifactId>jsch</artifactId>
    <version>0.1.42</version>
</dependency> 

and getting the same exception of Auth fail, but updated dependency to below version and problem get resolved.

<dependency>
    <groupId>com.jcraft</groupId>
    <artifactId>jsch</artifactId>
    <version>0.1.54</version>
</dependency>

Answer 6

Try to add auth method explicitly as below, because sometimes it is required:

session.setConfig("PreferredAuthentications", "password");

Answer 7

If username/password contains any special characters then inside the camel configuration use RAW for Configuring the values like

• RAW(se+re?t&23) where se+re?t&23 is actual password

• RAW({abc.ftp.password}) where {abc.ftp.password} values comes from a spring property file.

By using RAW, solved my issue.

http://camel.apache.org/how-do-i-configure-endpoints.html

Answer 8

Tracing the root cause, i finally found that the public key of type dsa is not added to the authorized keys on remote server. Appending the same worked for me.

The ssh was working with rsa key, causing me to look back in my code.

thanks everyone.

Answer 9

I have also face the Auth Fail issue, the problem with my code is that I have

channelSftp.cd("");

It changed it to

channelSftp.cd(".");

Then it works.

Answer 10

Example case, when I get file from remote server and save it in local machine
package connector;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;

import com.jcraft.jsch.ChannelSftp;
import com.jcraft.jsch.JSch;
import com.jcraft.jsch.JSchException;
import com.jcraft.jsch.Session;
import com.jcraft.jsch.SftpException;

public class Main {

    public static void main(String[] args) throws JSchException, SftpException, IOException {
        // TODO Auto-generated method stub
        String username = "XXXXXX";
        String host = "XXXXXX";
        String passwd = "XXXXXX";
        JSch conn = new JSch();
        Session session = null;
        session = conn.getSession(username, host, 22);
        session.setPassword(passwd);
        session.setConfig("StrictHostKeyChecking", "no");
        session.connect();

        ChannelSftp channel = null;
        channel = (ChannelSftp)session.openChannel("sftp");
        channel.connect();

        channel.cd("/tmp/qtmp");

        InputStream in = channel.get("testScp");
        String lf = "OBJECT_FILE";
        FileOutputStream tergetFile = new FileOutputStream(lf);

        int c;
        while ( (c= in.read()) != -1 ) {
            tergetFile.write(c);
        } 

        in.close();
        tergetFile.close();

        channel.disconnect();
        session.disconnect();   

    }

}

Answer 11

Found other similar question, but not the answer.

It would have been interesting to know, where you have found this question.

As far as I can remember and according com.jcraft.jsch.JSchException: Auth cancel try to add to method .addIdentity() a passphrase. You can use "" in case you generated a keyfile without one. Another source of error is the fingerprint string. If it doesn't match you will get an authentication failure either (depends from on the target server).

And at last here my working source code - after I could solve the ugly administration tasks:

public void connect(String host, int port, 
                    String user, String pwd,
                    String privateKey, String fingerPrint,
                    String passPhrase
                  ) throws JSchException{
    JSch jsch = new JSch();

    String absoluteFilePathPrivatekey = "./";
    File tmpFileObject = new File(privateKey);
    if (tmpFileObject.exists() && tmpFileObject.isFile())
    {
      absoluteFilePathPrivatekey = tmpFileObject.getAbsolutePath();
    }

    jsch.addIdentity(absoluteFilePathPrivatekey, passPhrase);
    session = jsch.getSession(user, host, port);

    //Password and fingerprint will be given via UserInfo interface.
    UserInfo ui = new UserInfoImpl(pwd, fingerPrint);
    session.setUserInfo(ui);

    session.connect();

    Channel channel = session.openChannel("sftp");
    channel.connect();
    c = (ChannelSftp) channel;
}