"reject HostKey" when connecting to remote host through jumphost with JSch
10,930
Your code for connecting through jumphost is correct.
The only problem is that your local host key repository contains a different host key for the second host, than what you receive from the real (second) host.
You actually do not seem to care about security, as you set StrictHostKeyChecking=no
for the jumphost session (what the official example rightly does not do!). But you do not do the same for the second session, hence the error.
See also How to resolve Java UnknownHostKey, while using JSch SFTP library?
Author by
Rajar R
Updated on June 25, 2022Comments
-
Rajar R almost 2 years
Need to SSH to destination host through jumphost. Had tried the same mentioned in JSch JumpHosts example.
Session[] sessions = new Session[2]; Session session = null; sessions[0] = session = jsch.getSession(getUserName(), "jumphost1.com", 22); session.setPassword(getHostPassword()); UserInfo userInfo = new UserInfo(); userInfo.setPassword(getHostPassword()); session.setUserInfo(userInfo); Properties prop = new Properties(); prop.put("StrictHostKeyChecking", "no"); prop.put("PreferredAuthentications", "publickey,keyboard-interactive,password"); session.setConfig(prop); session.connect(); String host = "host1.com"; int assignedPort = session.setPortForwardingL(0, host, 22); LOGGER.info("Jump host the {} of agent {} and port forwarding {}", i, host, assignedPort); sessions[i] = session = jsch.getSession(getUserName(), "127.0.0.1", assignedPort); session.setPassword(getHostPassword()); userInfo = new UserInfo(); userInfo.setPassword(getHostPassword()); session.setUserInfo(userInfo); session.setHostKeyAlias(host); session.connect();
Getting below exception when connection to destination host:
Caused by: com.jcraft.jsch.JSchException: reject HostKey: 127.0.0.1 at com.jcraft.jsch.Session.checkHost(Session.java:799) at com.jcraft.jsch.Session.connect(Session.java:345) at com.jcraft.jsch.Session.connect(Session.java:183)
I am trying to login to host
host1.com
throughjumphost1.com
- login to
jumphost1.com
- then ssh
host1.com
- execute the commands in the
host1
- login to
-
Rajar R about 6 yearsthis localhost mean jumphost1.com,so which will have already knowhost added. please correct me if i wrong. Also i should be able to use ChannelExec in destination host?
-
Rajar R about 6 yearsAlso trying to understand first step where generating knownhost, I have to run the ssh-keyscan command in all the host and have in the file? bcoz i have few server which uses different jumphost , so i have generate and map the same in file and upload?
-
Rajar R about 6 yearsI tried setting StrictHostKeyChecking=no for second session , but if gives me Auth Cancel error Caused by: com.jcraft.jsch.JSchException: Auth cancel
-
Martin Prikryl about 6 yearsOK, so the problem is solved, as you got past a host key verification! Though have to repeat that by setting
StrictHostKeyChecking=no
you give up on security! - Anyway, you have another problem now - authentication. One obvious problem is, that you use password instead of username:jsch.getSession(getHostPassword(), ...)