UnknownHostKey (but from command line, ssh works)

[sarnobat]

I've been searching via Google for a solution to this basic issue but I don't know what I'm doing wrong. When I do ssh from the command line to my server, it doesn't warn about any host key mismatch. But when I do it with Jsch it doesn't work. Do you know what I'm doing wrong? (I'm running the quick and dirty code on the home page).

Exception in thread "main" java.io.IOException: com.jcraft.jsch.JSchException: UnknownHostKey: 192.168.1.2. RSA key fingerprint is bf:1a:3e:2d:17:9f:28:20:f4:07:4d:18:4a:ab:91:9e at com.pastdev.jsch.nio.file.UnixSshFileSystemProvider.newInputStream(UnixSshFileSystemProvider.java:385) at Test.main(Test.java:34) Caused by: com.jcraft.jsch.JSchException: UnknownHostKey: 192.168.1.2. RSA key fingerprint is bf:1a:3e:2d:17:9f:28:20:f4:07:4d:18:4a:ab:91:9e at com.jcraft.jsch.Session.checkHost(Session.java:797) at com.jcraft.jsch.Session.connect(Session.java:342) at com.jcraft.jsch.Session.connect(Session.java:183) at com.pastdev.jsch.command.CommandRunner.getSession(CommandRunner.java:67) at com.pastdev.jsch.command.CommandRunner.open(CommandRunner.java:78) at com.pastdev.jsch.nio.file.UnixSshFileSystemProvider.newInputStream(UnixSshFileSystemProvider.java:365) ... 1 more

[lucastheisen]

My best guess from what you posted here is that the known_hosts that your command line client is using is not the same one you configured the DefaultSessionFactory to use. Can you verify that the ssh client (command line) is using the same file?

[sarnobat]

Thanks for the reply. I doubt there are other files it's consulting, but I'll see if I can confirm this through debugging the command line client. If I don't get back to you soon then feel free to close this ticket, since this is almost certainly not a bug but a support issue.

BTW - is it possible to provide a toggle for StrictHostKeyChecking to users? I saw somewhere that this was being hardcoded to yes but I'm not sure whether it was in your library or not.

[lucastheisen]

let me see about enabling that option... gotta try to figure out where it is set, prolly the config, in which case its already available.

[lucastheisen]

Yup, config option. You could try:

DefaultSessionFactory defaultSessionFactory = new DefaultSessionFactory( "joe", "remotehost", 22 );
try {
    defaultSessionFactory.setKnownHosts( "/home/joe/.ssh/known_hosts" );
    defaultSessionFactory.setIdentityFromPrivateKey( "/home/joe/.ssh/id_dsa" );
    defaultSessionFactory.setConfig( "StrictHostKeyChecking", "no" );
}
catch ( JSchException e ) {
    Assume.assumeNoException( e );
}

As is stated in this link, its not recommended for security reasons, but it should disable the check.

[sarnobat]

Perfect! That works. Thanks for the lighting quick response.

As for debugging my command line client, it seems it using both the same known hosts file and private key.

debug1: Found key in /Users/sarnobat/.ssh/known_hosts:20
debug1: ssh_ecdsa_verify: signature correct
debug2: key: /Users/sarnobat/.ssh/id_rsa (0x10601f750)

But but but, now after commenting out the workaround from the java snippet, the login also works. I clearly don't know enough about SSH, but I now have enough to do what I want to (some low-risk personal app, so security is low priority).