JSch Log [level 1]: Connecting to 10.***.150 port 22
JSch Log [level 1]: Connection established
JSch Log [level 1]: Remote version string: SSH-2.0-OpenSSH_8.7
JSch Log [level 1]: Local version string: SSH-2.0-JSCH-0.1.54
JSch Log [level 1]: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
JSch Log [level 1]: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
JSch Log [level 1]: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
JSch Log [level 1]: SSH_MSG_KEXINIT sent
JSch Log [level 1]: SSH_MSG_KEXINIT received
JSch Log [level 1]: kex: server: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
JSch Log [level 1]: kex: server: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
JSch Log [level 1]: kex: server: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
JSch Log [level 1]: kex: server: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
JSch Log [level 1]: kex: server: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
JSch Log [level 1]: kex: server: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
JSch Log [level 1]: kex: server: none,zlib@openssh.com
JSch Log [level 1]: kex: server: none,zlib@openssh.com
JSch Log [level 1]: kex: server:
JSch Log [level 1]: kex: server:
JSch Log [level 1]: kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
JSch Log [level 1]: kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
JSch Log [level 1]: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
JSch Log [level 1]: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
JSch Log [level 1]: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
JSch Log [level 1]: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
JSch Log [level 1]: kex: client: none
JSch Log [level 1]: kex: client: none
JSch Log [level 1]: kex: server->client aes128-ctr hmac-sha1 none
JSch Log [level 1]: kex: client->server aes128-ctr hmac-sha1 none
JSch Log [level 1]: SSH_MSG_KEX_ECDH_INIT sent
JSch Log [level 1]: expecting SSH_MSG_KEX_ECDH_REPLY
JSch Log [level 2]: Permanently added '10.***.150' (ECDSA) to the list of known hosts.
JSch Log [level 1]: SSH_MSG_NEWKEYS sent
JSch Log [level 1]: SSH_MSG_NEWKEYS received
JSch Log [level 1]: SSH_MSG_SERVICE_REQUEST sent
JSch Log [level 1]: SSH_MSG_SERVICE_ACCEPT received
JSch Log [level 1]: Authentications that can continue: gssapi-with-mic,publickey,keyboard-interactive,password
JSch Log [level 1]: Next authentication method: gssapi-with-mic
JSch Log [level 1]: Authentications that can continue: publickey,keyboard-interactive,password
JSch Log [level 1]: Next authentication method: publickey
JSch Log [level 1]: Authentications that can continue: password
JSch Log [level 1]: Next authentication method: password
JSch Log [level 1]: Disconnecting from 10.***.150 port 22
com.jcraft.jsch.JSchException: Auth fail
String privateKey = "-----BEGIN RSA PRIVATE KEY----- .......-----END RSA PRIVATE KEY-----";
byte[] privateKeyBytes = privateKey.getBytes(StandardCharsets.UTF_8);
jsch.addIdentity("id_rsa", privateKeyBytes, null, null); // no passphrase
JSch.setLogger(new Logger() {
public boolean isEnabled(int level) {
return level <= 3; // 3 is the highest verbosity
}
public void log(int level, String message) {
System.out.println("JSch Log [level " + level + "]: " + message);
}
});
session = jsch.getSession(user, host, 22);
session.setConfig("StrictHostKeyChecking", "no");
session.setConfig("LogLevel", "DEBUG");
session.connect();
System.out.println("Connected to the server!");
ChannelSftp sftp = (ChannelSftp) session.openChannel("sftp");
sftp.connect();
sftp.disconnect();
What I’ve Done
Converted .ppk to OpenSSH format using PuTTYgen.
Copied the public key to the server’s ~/.ssh/authorized_keys.
Set correct permissions on ~/.ssh and authorized_keys.
Embedded the private key as a string in Java and loaded it using jsch.addIdentity(...).
Verified there’s no passphrase.
Enabled detailed logging in JSch
Why is JSch failing public key authentication even though the key format and authorized_keys setup seem correct? What else should I check or correct?
Solution for SSH Authentication Failure Using JSch and Alternative with Apache Mina SSHD
Refer Link - https://www.javacodegeeks.com/show-every-file-on-a-remote-server-in-java.html
After trying different solutions and approaches, I shifted to using Apache Mina SSHD as an alternative to JSch. The Mina SSHD library provided a more reliable way to handle private key-based authentication and SFTP operations.
URL url = AccessUtil.class.getResource("/templates/Key/id_rsa");
if (url == null) {
throw new IllegalArgumentException("Private key file not found in resources.");
}
Path privateKeyPath = null;
try {
privateKeyPath = Paths.get(url.toURI());
} catch (URISyntaxException e1) {
e1.printStackTrace();
}
try (SshClient client = SshClient.setUpDefaultClient()) {
client.setServerKeyVerifier(AcceptAllServerKeyVerifier.INSTANCE);
client.start();
try (ClientSession session = client.connect("username", "hostname", 22).verify().getSession()) {
FileKeyPairProvider fileKeyPairProvider = new FileKeyPairProvider(Collections.singletonList(privateKeyPath));
Iterable<KeyPair> keyPairs = fileKeyPairProvider.loadKeys(null);
for (KeyPair keyPair : keyPairs) {
session.addPublicKeyIdentity(keyPair);
}
session.auth().verify();
// SFTP Client
SftpClientFactory factory = SftpClientFactory.instance();
SftpClient sftpClient = factory.createSftpClient(session);
listFiles(sftpClient, "/path/to/directory");
}
client.stop();
} catch (IOException e) {
e.printStackTrace();
}