How do I configure key-based authentication with a passphrase using JSch?

By Wayan in JSch 0 Comment

When using JSch (Java Secure Channel) for SSH key-based authentication with a passphrase, you need to set your private key file (which is protected by the passphrase) and optionally the passphrase itself. Below is an example demonstrating how to configure key-based authentication using JSch:

Code Example

package org.kodejava.jsch;

import com.jcraft.jsch.*;

public class JSchKeyBasedAuthentication {
    public static void main(String[] args) {
        String host = "example.com";         // Remote server hostname/IP
        String user = "username";            // SSH username
        String privateKey = "/path/to/private/key"; // Path to your private key
        String passphrase = "passphrase";    // Passphrase for the private key

        JSch jsch = new JSch();

        try {
            // Add the private key (with passphrase)
            jsch.addIdentity(privateKey, passphrase);

            // Create an SSH session
            Session session = jsch.getSession(user, host, 22);

            // Disable host key checking for simplicity (not recommended for production)
            session.setConfig("StrictHostKeyChecking", "no");

            // Connect to the server
            session.connect();

            System.out.println("Connected to the server!");

            // Once connected, you can execute commands, transfer files, etc.

            // Disconnect after use
            session.disconnect();
            System.out.println("Disconnected from the server.");
        } catch (JSchException e) {
            e.printStackTrace();
        }
    }
}

Explanation of the Code:

  1. jsch.addIdentity(privateKey, passphrase): This specifies the private key file and its passphrase for authentication. If the private key doesn’t have a passphrase, omit the passphrase parameter or pass null.
  2. session.setConfig("StrictHostKeyChecking", "no"): This disables host key checking. In a production environment, ensure you verify the server’s host key to prevent man-in-the-middle attacks.
  3. session.connect(): Establishes the SSH connection with the server using the provided private key.

Key Points:

  • Private Key Path: Ensure the private key file path is correct and accessible. It must be readable by the application.
  • Passphrase: If your private key is secured with a passphrase, you must provide it. If the private key is not secured with a passphrase, pass null instead.
  • Permissions: Ensure appropriate permissions on the private key file (e.g., chmod 600 on Unix-based systems).

Optional (To Load Known Hosts Manually):

To add known hosts verification:

jsch.setKnownHosts("/path/to/known_hosts");

This ensures the remote server’s key matches the key in the known_hosts file.

This configuration lets your Java application authenticate securely to an SSH server using a private key with a passphrase.

Maven Dependencies

<dependency>
    <groupId>com.jcraft</groupId>
    <artifactId>jsch</artifactId>
    <version>0.1.55</version>
</dependency>

Maven Central

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.