Com.jcraft.jsch.JSchException: UnknownHostKey

1.1K Asked by AadityaSrivastva in Python , Asked on May 1, 2021

I'm trying to use Jsch to establish an SSH connection in Java. My code produces the following exception:

com.jcraft.jsch.JSchException: UnknownHostKey: mywebsite.com. 
RSA key fingerprint is 22:fb:ee:fe:18:cd:aa:9a:9c:78:89:9f:b4:78:75:b4

I cannot find how to verify the host key in the Jsch documentation. I have included my code below.

import com.jcraft.jsch.JSch;
import com.jcraft.jsch.Session;
public class ssh {
    public static void main(String[] arg) {
        try {
            JSch jsch = new JSch();
            //create SSH connection
            String host = "mywebsite.com";
            String user = "username";
            String password = "123456";
            Session session = jsch.getSession(user, host, 22);
            session.setPassword(password);
            session.connect();
        } catch(Exception e) {
            System.out.println(e);
        } 
    }
}

Answered by Aaditya Srivastva

Getting jcraft.jsch.JSchException: UnknownHostKey” exception.Depending on what program you use for ssh, the way to get the proper key could vary. Putty (popular with Windows) uses their own format for ssh keys. With most variants of Linux and BSD that I've seen, you just have to look in ~/.ssh/known_hosts. I usually ssh from a Linux machine and then copy this file to a Windows machine. Then I use something similar to

jsch.setKnownHosts("C:\Users\cabbott\known_hosts");

Assuming I have placed the file in C:Userscabbott on my Windows machine. If you don't have access to a Linux machine, try http://www.cygwin.com/

Maybe someone else can suggest another Windows alternative. I find putty's way of handling SSH keys by storing them in the registry in a non-standard format bothersome to extract.

Your Answer

Answer (1)

Ranjana

The com.jcraft.jsch.JSchException: UnknownHostKey error typically occurs when using JSch, a Java implementation of SSH2, and the SSH server's host key is not recognized or has changed since the last time it was seen.

When JSch connects to an SSH server for the first time, it checks the server's host key against a list of known host keys stored in its known_hosts file. If the server's host key is not found or does not match any of the known host keys, JSch raises an UnknownHostKey exception.

To resolve this issue, you have a few options:

Adding the Host Key Manually: If you trust the SSH server and know that its host key has changed legitimately (e.g., the server has been reinstalled or updated), you can manually add the new host key to the known_hosts file. The known_hosts file is typically located in the .ssh directory in the user's home directory.

Disabling Host Key Verification (Not Recommended for Production): You can disable host key verification in JSch by setting the StrictHostKeyChecking property to no. However, this approach is not recommended for production environments as it opens the possibility of man-in-the-middle attacks.

Implementing Host Key Verification Callback: JSch allows you to implement a HostKeyVerifier interface to provide custom host key verification logic. You can use this interface to verify the server's host key programmatically and decide whether to accept or reject it based on your application's requirements.

Here's a basic example of how to implement a HostKeyVerifier:

  import com.jcraft.jsch.HostKey;import com.jcraft.jsch.JSch;import com.jcraft.jsch.JSchException;import com.jcraft.jsch.Session;import com.jcraft.jsch.UserInfo;

  public class SSHExample {    public static void main(String[] args) {        try {            JSch jsch = new JSch();            Session session = jsch.getSession("username", "hostname", 22);            // Set UserInfo (optional)            UserInfo ui = new MyUserInfo();            session.setUserInfo(ui);            // Set HostKeyVerifier            session.setHostKeyVerifier(new MyHostKeyVerifier());            session.connect();            // Perform operations with the session            session.disconnect();        } catch (JSchException e) {            e.printStackTrace();        }    }}class MyUserInfo implements UserInfo {    // Implement UserInfo methods (if needed)}class MyHostKeyVerifier implements com.jcraft.jsch.HostKeyVerifier {    @Override    public boolean verify(String s, int i, byte[] bytes1, byte[] bytes2) {        // Implement host key verification logic here        return true; // Return true to accept the host key    }}

Replace "username", "hostname", and 22 with your SSH username, hostname, and port respectively. Implement the verify method in MyHostKeyVerifier to verify the host key based on your requirements.

By using one of these methods, you should be able to resolve the UnknownHostKey issue in JSch.

3 Months