Thanks Don. I'm using a Mac OS 10.5.6. As I am fairly new to security, how do I check the security provider that my system is using and that my Java console app is using?
One other thing to note is that my private key requires a password, and I not prompted for one when I run my Java console app using JSch. Nor do I see anywhere that I can set such a password. Grateful for all the answers, - Dave > -------Original Message------- > From: Don Hillsberry <don_hillsbe...@hotmail.com> > Subject: RE: [JSch-users] Getting "Auth fail" when trying to SFTP to > localhost > Sent: Oct 20 '09 10:52 > > I experienced a problem similar to this. The symptoms I saw were > where the process worked fine from my local windows development machine but > failed due to an unexplained "auth fail" when I moved it to a unix server. > Password and public key authentication worked fine from windows, also the > Password based authentication worked from the server, but public key > authentication failed no matter what I tried. After a fair amount of > deugging, I finally tracked the problem down to the security provider > configuration being used on a particular host. So far the default security > provider configuration has worked for Windows and HP/UX, but I have > experienced problems with a couple of different Sun machines. > > On Sun in particular, there is a security provider (SunPKCS11-Solaris) > which provides the hash calculations needed by jsch, but it was apparently > incompatible with the SSH protocol. I was able to prove it by simulating > the hash calculations being performed by the public key authentication > process. I didn't have enough time to research the exact cause, but I > think it had something to do with the padding being used for the hash > algorithm. > > In my particular situation I was unable to modify the default security > provider configuration so I resorted to a hack which resolved the problem > for me. > I simply added a line of code which removed the provider if it was > present. > > java.security.Security._removeProvider_("SunPKCS11-Solaris"); > > So if all else fails, take the time to confirm which security provider > is being used by your jsch process. It could be the cause of an otherwise > unexplained public key "auth fail" error. > > - > Don > > > > From: dave.alvar...@remanresource.com > > To: jsch-users@lists.sourceforge.net > > Date: Tue, 20 Oct 2009 10:13:58 -0600 > > Subject: Re: [JSch-users] Getting "Auth fail" when trying to SFTP to > localhost > > > > Thanks for that. That was definitely a problem. I have put in the > private key you suggested but I'm still getting authentication failure, > although the log is a little different. It is below. Do you have other > suggestions? I have verified that the private key is good as I'm able to > do this ... > > > > slogin -i /opt/keys/id_rsa test-u...@localhost > > > > from a terminal without being asked for a password. > > > > Thanks, - Dave > > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,072]: Connecting to > 127.0.0.1 port 22 > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,073]: Connection > established > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,087]: Remote version > string: SSH-2.0-OpenSSH_5.1 > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,087]: Local version > string: SSH-2.0-JSCH-0.1.42 > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,087]: CheckCiphers: > > aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,093]: SSH_MSG_KEXINIT > sent > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,093]: SSH_MSG_KEXINIT > received > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,094]: kex: > server->client aes128-ctr hmac-md5 none > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,094]: kex: > client->server aes128-ctr hmac-md5 none > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,134]: > SSH_MSG_KEXDH_INIT sent > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,134]: expecting > SSH_MSG_KEXDH_REPLY > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,228]: ssh_rsa_verify: > signature true > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,229]: Host '127.0.0.1' > is known and mathces the RSA host key > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,229]: SSH_MSG_NEWKEYS > sent > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,229]: SSH_MSG_NEWKEYS > received > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,231]: > SSH_MSG_SERVICE_REQUEST sent > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,231]: > SSH_MSG_SERVICE_ACCEPT received > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,243]: Authentications > that can continue: publickey,keyboard-interactive,password > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,243]: Next > authentication method: publickey > > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,244]: Disconnecting > from 127.0.0.1 port 22 > > ERROR [colorado.dor.dmv.driver.youthful.AddressFileProcessor, 2009-10-20 > 10:04:35,244]: Error syncing files from remote to local. > > com.jcraft.jsch.JSchException: Auth fail > > at com.jcraft.jsch.Session.connect(Session.java:452) > > at com.jcraft.jsch.Session.connect(Session.java:150) > > at > > colorado.dor.dmv.driver.youthful.SftpUtility.syncLocalDirectory(SftpUtility.java:82) > > at > > colorado.dor.dmv.driver.youthful.SftpUtility.syncLocalDirectory(SftpUtility.java:73) > > at > > colorado.dor.dmv.driver.youthful.AddressFileProcessor.execute(AddressFileProcessor.java:106) > > at > > colorado.dor.dmv.driver.youthful.AddressFileProcessor.main(AddressFileProcessor.java:85) > > > > > > > > > > > > > > > -------Original Message------- > > > From: Keith Alan Richardson <keith.a...@gmail.com> > > > Subject: Re: [JSch-users] Getting "Auth fail" when trying to SFTP to > localhost > > > Sent: Oct 20 '09 09:30 > > > > > > Hi , > > > � > > > Looking at the JSch log, it is trying publickey authentication.� > Most > > > likely, problem is with your external setup > > > � > > > sftpIdPath should be referring to a private key file in OpenSSH > format > > > whose corresponding public key is listed in > > > ~test-user/.ssh/authorized_keys.� If you are not familiar with > this, look > > > at the second option described in [LINK: > > > > http://rcsg-gsir.imsb-dsgi.nrc-cnrc.gc.ca/documents/internet/node31.html] > > > > http://rcsg-gsir.imsb-dsgi.nrc-cnrc.gc.ca/documents/internet/node31.html > > > � > > > If this still doesn't work, take a look at the logs from� sshd > > > (SSH� daemon process you are connecting to)� . > > > � > > > -Keith Alan Richardson > > > � > > > On Tue, Oct 20, 2009 at 4:46 PM, <[LINK: > > > mailto:dave.alvar...@remanresource.com] > dave.alvar...@remanresource.com> > > > wrote: > > > Hi, > > > > > > I am inexperienced in the field of security and encryption, but I > have a > > > Java console app and I want to SFTP to my localhost as the user > > > "test-user". � I am running the app as user "dalvarado". � Here > is my code > > > ... > > > > > > � � JSch jsch = new JSch(); > > > � � jsch.setLogger(new SftpUtilityLogger()); > > > � � jsch.addIdentity(sftpIdPath); > > > � > > > � > jsch.setKnownHosts(ClassLoader.getSystemResourceAsStream(KNOWN_HOSTS_FILE)); > > > � � return jsch.getSession(sftpUserName, sftpHost, 22); � � > � // > > > sftpUsername is set to "test-user" and host is "127.0.0.1" > > > > > > and here's the error and jsch log. � What do I need to do to make > this > > > work so that I don't have to enter a password? � - Dave > > > > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,044]: Connecting to > > > 127.0.0.1 port 22 > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,044]: Connection > > > established > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,058]: Remote > version > > > string: SSH-2.0-OpenSSH_5.1 > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,058]: Local version > > > string: SSH-2.0-JSCH-0.1.42 > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,058]: CheckCiphers: > > > > > aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,065]: > SSH_MSG_KEXINIT > > > sent > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,065]: > SSH_MSG_KEXINIT > > > received > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,068]: kex: > > > server->client aes128-ctr hmac-md5 none > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,068]: kex: > > > client->server aes128-ctr hmac-md5 none > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,109]: > > > SSH_MSG_KEXDH_INIT sent > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,109]: expecting > > > SSH_MSG_KEXDH_REPLY > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,203]: > ssh_rsa_verify: > > > signature true > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,203]: Host > > > '127.0.0.1' is known and mathces the RSA host key > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,203]: > SSH_MSG_NEWKEYS > > > sent > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,203]: > SSH_MSG_NEWKEYS > > > received > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,205]: > > > SSH_MSG_SERVICE_REQUEST sent > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,205]: > > > SSH_MSG_SERVICE_ACCEPT received > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,214]: > Authentications > > > that can continue: publickey,keyboard-interactive,password > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,214]: Next > > > authentication method: publickey > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,518]: > Authentications > > > that can continue: keyboard-interactive,password > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,518]: Next > > > authentication method: keyboard-interactive > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,536]: > Authentications > > > that can continue: password > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,536]: Next > > > authentication method: password > > > INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,538]: Disconnecting > > > from 127.0.0.1 port 22 > > > ERROR [colorado.dor.dmv.driver.youthful.AddressFileProcessor, > 2009-10-20 > > > 08:31:25,538]: Error syncing files from remote to local. > > > com.jcraft.jsch.JSchException: Auth fail > > > � � � � at > com.jcraft.jsch.Session.connect(Session.java:452) > > > � � � � at > com.jcraft.jsch.Session.connect(Session.java:150) > > > � � � � at > > > > > colorado.dor.dmv.driver.youthful.SftpUtility.syncLocalDirectory(SftpUtility.java:81) > > > � � � � at > > > > > colorado.dor.dmv.driver.youthful.SftpUtility.syncLocalDirectory(SftpUtility.java:72) > > > � � � � at > > > > > colorado.dor.dmv.driver.youthful.AddressFileProcessor.execute(AddressFileProcessor.java:106) > > > � � � � at > > > > > colorado.dor.dmv.driver.youthful.AddressFileProcessor.main(AddressFileProcessor.java:85) > > > > > > > > > > > ------------------------------------------------------------------------------ > > > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > > > is the only developer event you need to attend this year. Jumpstart > your > > > developing skills, take BlackBerry mobile applications to market and > stay > > > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > > > [LINK: http://p.sf.net/sfu/devconference] > > > http://p.sf.net/sfu/devconference > > > _______________________________________________ > > > JSch-users mailing list > > > [LINK: mailto:jsch-us...@lists.sourceforge.net] > > > JSch-users@lists.sourceforge.net > > > [LINK: https://lists.sourceforge.net/lists/listinfo/jsch-users] > > > https://lists.sourceforge.net/lists/listinfo/jsch-users > > > > > > ------------------------------------------------------------------------------ > > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > > is the only developer event you need to attend this year. Jumpstart your > > developing skills, take BlackBerry mobile applications to market and > stay > > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > > http://p.sf.net/sfu/devconference > > _______________________________________________ > > JSch-users mailing list > > JSch-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/jsch-users > > > -------------------- > Hotmail: Trusted email with Microsoft’s powerful SPAM protection. [LINK: > http://clk.atdmt.com/GBL/go/177141664/direct/01/] Sign up now. ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ JSch-users mailing list JSch-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jsch-users