Hi Dave,

for passwords resp. keyphrases you need to provide a callback called
UserInfo. I paste an implementation which should get you going.

------------------- cut here ----------------------------------------
// Usage:
Jsch jsch = new Jsch();
SshUserInfo userInfo =
               new SshUserInfo("/path/to/id_file", "passphrase");
try {
     jsch.addIdentity(userInfo.getKeyFile());
} catch (JSchException e) {
     if (e.getMessage().startsWith("java.io.FileNotFoundException:")) {
         final File tried = new File(userInfo.getKeyFile());
             throw new MySpecialException("Key file '"
                         + tried.getAbsolutePath() + "' not found.");
      } else {
          throw e;
      }
}
Session sshSession = jsch.getSession(username, host, port);
sshSession.setUserInfo(userInfo);
sshSession.connect(timeOut); // tries pubKey with provided key and asks
------------------- cut here ----------------------------------------

warning!  The source of class SshUserInfo below is copyrighted so you'd
better change it a bit to conceal that it had been your template :) -
I don't care if anyone uses a spin off;
it is basically an extended UserInfo.java as supplied with
the jsch examples.

It is insecure in that it keeps the password/keyphrase cleartext in
memory and does not care, if the host is known or not; so do not use
this for production!

Hope this helps,

Heiner

P.S.: The user info:
------------------- cut here ----------------------------------------

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.jcraft.jsch.UserInfo;

/**
  * User info for silent operation.
  * That is no password/passphrase prompt possible.
  *
  */
public final class SshUserInfo implements UserInfo {

     /** Our log. */
     private static final Logger LOG = 
LoggerFactory.getLogger(SshUserInfo.class
             .getName());

     /** The password. */
     private final String password;
     /** True, if the password or passphrase has been retrieved at least 
once. */
     private boolean secretDelivered = false;
     /** The keyFile. */
     private final String keyFile;
     /** The passphrase needed to unlock the keyFile. */
     private final String passphrase;

     /**
      * Create UserInfo for password authentication.
      *
      * @param password Password of the remote user.
      */
     public SSHUserInfo(final String password) {

         super();
         LOG.debug("SSHUserInfo(********)");
         this.password = password;
         this.keyFile = null;
         this.passphrase = null;
     }

     /**
      * Create UserInfo for public key/passphrase authentication.
      *
      * @param keyFileName File containing the users's private key.
      * @param passphrase Passphrase securing the keyfile.
      */
     public SSHUserInfo(final String keyFileName, final String passphrase) {

         super();
         LOG.debug("SSHUserInfo(" + keyFileName + ", ********)");
         this.password = null;
         this.keyFile = keyFileName;
         this.passphrase = passphrase;
     }

     /** {...@inheritdoc} */
     public String getPassphrase() {

         LOG.debug("getPassphrase()=********");
         secretDelivered = true;
         return passphrase;
     }

     /** {...@inheritdoc} */
     public String getPassword() {

         LOG.debug("getPassword()=********");
         secretDelivered = true;
         return password;
     }

     /** {...@inheritdoc} */
     public boolean promptPassword(final String message) {

         // Tell Jsch prompting for PW was successful the first time, but
         // failed if asked more than once (the first pw did not work, we
         // got only one.
         LOG.debug("promptPassword(" + message + ")=" + !secretDelivered);
         return !secretDelivered;
     }

     /** {...@inheritdoc} */
     public boolean promptPassphrase(final String message) {

         // Tell JSCH prompting for pass phrase was successful the first 
time, but
         // failed if asked more than once (the first pass phrase did 
not work, we
         // got only one).
         LOG.debug("promptPassphrase(" + message + ")=" + !secretDelivered);
         return !secretDelivered;
     }

     /** {...@inheritdoc} */
     public boolean promptYesNo(final String message) {

         LOG.debug("promptYesNo(" + message + ")=true");
         // Used, if known hosts check failed (i.e. host key not known).
         // Answer means: continue anyways
         return true;
     }

     /** {...@inheritdoc} */
     public void showMessage(final String message) {

         LOG.debug("showMessage(" + message + ")");
     }

     /**
      * @return the key file.
      */
     public String getKeyFile() {

         LOG.debug("getKeyFile()=" + keyFile);
         return keyFile;
     }

}
------------------- cut here ----------------------------------------


dave.alvar...@remanresource.com wrote:
> Thanks Don.  I'm using a Mac OS 10.5.6.  As I am fairly new to security, how 
> do I check the security provider that my system is using and that my Java 
> console app is using?
> 
> One other thing to note is that my private key requires a password, and I not 
> prompted for one when I run my Java console app using JSch.  Nor do I see 
> anywhere that I can set such a password.
> 
> Grateful for all the answers, - Dave
> 
> 
>>  -------Original Message-------
>>  From: Don Hillsberry <don_hillsbe...@hotmail.com>
>>  Subject: RE: [JSch-users]   Getting "Auth fail" when trying to SFTP to 
>> localhost
>>  Sent: Oct 20 '09 10:52
>>  
>>  I experienced a problem similar to this.  The symptoms I saw were
>>  where the process worked fine from my local windows development machine but
>>  failed due to an unexplained "auth fail" when I moved it to a unix server.
>>  Password and public key authentication worked fine from windows, also the
>>  Password based authentication worked from the server, but public key
>>  authentication failed no matter what I tried.  After a fair amount of
>>  deugging, I finally tracked the problem down to the security provider
>>  configuration being used on a particular host.  So far the default security
>>  provider configuration has worked for Windows and HP/UX, but I have
>>  experienced problems with a couple of different Sun machines.
>>  
>>  On Sun in particular, there is a security provider (SunPKCS11-Solaris)
>>  which provides the hash calculations needed by jsch, but it was apparently
>>  incompatible with the SSH protocol.  I was able to prove it by simulating
>>  the hash calculations being performed by the public key authentication
>>  process.  I didn't have enough time to research the exact cause, but I
>>  think it had something to do with the padding being used for the hash
>>  algorithm.
>>  
>>  In my particular situation I was unable to modify the default security
>>  provider configuration so I resorted to a hack which resolved the problem
>>  for me.
>>  I simply added a line of code which removed the provider if it was
>>  present.
>>  
>>  java.security.Security._removeProvider_("SunPKCS11-Solaris");
>>  
>>  So if all else fails, take the time to confirm which security provider
>>  is being used by your jsch process.  It could be the cause of an otherwise
>>  unexplained public key "auth fail" error.
>>  
>>  -
>>  Don
>>  
>>  
>>  > From: dave.alvar...@remanresource.com
>>  > To: jsch-users@lists.sourceforge.net
>>  > Date: Tue, 20 Oct 2009 10:13:58 -0600
>>  > Subject: Re: [JSch-users] Getting "Auth fail" when trying to SFTP to
>>  localhost
>>  >
>>  > Thanks for that.  That was definitely a problem.  I have put in the
>>  private key you suggested but I'm still getting authentication failure,
>>  although the log is a little different.  It is below.  Do you have other
>>  suggestions?  I have verified that the private key is good as I'm able to
>>  do this ...
>>  >
>>  > slogin -i /opt/keys/id_rsa test-u...@localhost
>>  >
>>  > from a terminal without being asked for a password.
>>  >
>>  > Thanks, - Dave
>>  >
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,072]: Connecting to
>>  127.0.0.1 port 22
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,073]: Connection
>>  established
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,087]: Remote version
>>  string: SSH-2.0-OpenSSH_5.1
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,087]: Local version
>>  string: SSH-2.0-JSCH-0.1.42
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,087]: CheckCiphers:
>>  
>> aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,093]: SSH_MSG_KEXINIT
>>  sent
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,093]: SSH_MSG_KEXINIT
>>  received
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,094]: kex:
>>  server->client aes128-ctr hmac-md5 none
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,094]: kex:
>>  client->server aes128-ctr hmac-md5 none
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,134]:
>>  SSH_MSG_KEXDH_INIT sent
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,134]: expecting
>>  SSH_MSG_KEXDH_REPLY
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,228]: ssh_rsa_verify:
>>  signature true
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,229]: Host '127.0.0.1'
>>  is known and mathces the RSA host key
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,229]: SSH_MSG_NEWKEYS
>>  sent
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,229]: SSH_MSG_NEWKEYS
>>  received
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,231]:
>>  SSH_MSG_SERVICE_REQUEST sent
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,231]:
>>  SSH_MSG_SERVICE_ACCEPT received
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,243]: Authentications
>>  that can continue: publickey,keyboard-interactive,password
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,243]: Next
>>  authentication method: publickey
>>  > INFO [com.jcraft.jsch.Logger, 2009-10-20 10:04:35,244]: Disconnecting
>>  from 127.0.0.1 port 22
>>  > ERROR [colorado.dor.dmv.driver.youthful.AddressFileProcessor, 2009-10-20
>>  10:04:35,244]: Error syncing files from remote to local.
>>  > com.jcraft.jsch.JSchException: Auth fail
>>  >         at com.jcraft.jsch.Session.connect(Session.java:452)
>>  >         at com.jcraft.jsch.Session.connect(Session.java:150)
>>  >         at
>>  
>> colorado.dor.dmv.driver.youthful.SftpUtility.syncLocalDirectory(SftpUtility.java:82)
>>  >         at
>>  
>> colorado.dor.dmv.driver.youthful.SftpUtility.syncLocalDirectory(SftpUtility.java:73)
>>  >         at
>>  
>> colorado.dor.dmv.driver.youthful.AddressFileProcessor.execute(AddressFileProcessor.java:106)
>>  >         at
>>  
>> colorado.dor.dmv.driver.youthful.AddressFileProcessor.main(AddressFileProcessor.java:85)
>>  >
>>  >
>>  >
>>  >
>>  >
>>  >
>>  > >  -------Original Message-------
>>  > >  From: Keith Alan Richardson <keith.a...@gmail.com>
>>  > >  Subject: Re: [JSch-users] Getting "Auth fail" when trying to SFTP to
>>  localhost
>>  > >  Sent: Oct 20 '09 09:30
>>  > >
>>  > >  Hi ,
>>  > >  �
>>  > >  Looking at the JSch log, it is trying publickey authentication.�
>>  Most
>>  > >  likely, problem is with your external setup
>>  > >  �
>>  > >  sftpIdPath should be referring to a private key file in OpenSSH
>>  format
>>  > >  whose corresponding public key is listed in
>>  > >  ~test-user/.ssh/authorized_keys.�  If you are not familiar with
>>  this, look
>>  > >  at the second option described in [LINK:
>>  > >
>>  http://rcsg-gsir.imsb-dsgi.nrc-cnrc.gc.ca/documents/internet/node31.html]
>>  > >
>>  http://rcsg-gsir.imsb-dsgi.nrc-cnrc.gc.ca/documents/internet/node31.html
>>  > >  �
>>  > >  If this still doesn't work, take a look at the logs from� sshd
>>  > >  (SSH� daemon process you are connecting to)� .
>>  > >  �
>>  > >  -Keith Alan Richardson
>>  > >  �
>>  > >  On Tue, Oct 20, 2009 at 4:46 PM, <[LINK:
>>  > >  mailto:dave.alvar...@remanresource.com]
>>  dave.alvar...@remanresource.com>
>>  > >  wrote:
>>  > >  Hi,
>>  > >
>>  > >  I am inexperienced in the field of security and encryption, but I
>>  have a
>>  > >  Java console app and I want to SFTP to my localhost as the user
>>  > >  "test-user". � I am running the app as user "dalvarado". � Here
>>  is my code
>>  > >  ...
>>  > >
>>  > >  �  � JSch jsch = new JSch();
>>  > >  �  � jsch.setLogger(new SftpUtilityLogger());
>>  > >  �  � jsch.addIdentity(sftpIdPath);
>>  > >  �
>>  > >  �
>>  jsch.setKnownHosts(ClassLoader.getSystemResourceAsStream(KNOWN_HOSTS_FILE));
>>  > >  �  � return jsch.getSession(sftpUserName, sftpHost, 22); �  �
>>  �  //
>>  > >  sftpUsername is set to "test-user" and host is "127.0.0.1"
>>  > >
>>  > >  and here's the error and jsch log. � What do I need to do to make
>>  this
>>  > >  work so that I don't have to enter a password? � - Dave
>>  > >
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,044]: Connecting to
>>  > >  127.0.0.1 port 22
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,044]: Connection
>>  > >  established
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,058]: Remote
>>  version
>>  > >  string: SSH-2.0-OpenSSH_5.1
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,058]: Local version
>>  > >  string: SSH-2.0-JSCH-0.1.42
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,058]: CheckCiphers:
>>  > >
>>  
>> aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,065]:
>>  SSH_MSG_KEXINIT
>>  > >  sent
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,065]:
>>  SSH_MSG_KEXINIT
>>  > >  received
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,068]: kex:
>>  > >  server->client aes128-ctr hmac-md5 none
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,068]: kex:
>>  > >  client->server aes128-ctr hmac-md5 none
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,109]:
>>  > >  SSH_MSG_KEXDH_INIT sent
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,109]: expecting
>>  > >  SSH_MSG_KEXDH_REPLY
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,203]:
>>  ssh_rsa_verify:
>>  > >  signature true
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,203]: Host
>>  > >  '127.0.0.1' is known and mathces the RSA host key
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,203]:
>>  SSH_MSG_NEWKEYS
>>  > >  sent
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,203]:
>>  SSH_MSG_NEWKEYS
>>  > >  received
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,205]:
>>  > >  SSH_MSG_SERVICE_REQUEST sent
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,205]:
>>  > >  SSH_MSG_SERVICE_ACCEPT received
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,214]:
>>  Authentications
>>  > >  that can continue: publickey,keyboard-interactive,password
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,214]: Next
>>  > >  authentication method: publickey
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,518]:
>>  Authentications
>>  > >  that can continue: keyboard-interactive,password
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,518]: Next
>>  > >  authentication method: keyboard-interactive
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,536]:
>>  Authentications
>>  > >  that can continue: password
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,536]: Next
>>  > >  authentication method: password
>>  > >  INFO [com.jcraft.jsch.Logger, 2009-10-20 08:31:25,538]: Disconnecting
>>  > >  from 127.0.0.1 port 22
>>  > >  ERROR [colorado.dor.dmv.driver.youthful.AddressFileProcessor,
>>  2009-10-20
>>  > >  08:31:25,538]: Error syncing files from remote to local.
>>  > >  com.jcraft.jsch.JSchException: Auth fail
>>  > >  �  �  �  � at
>>  com.jcraft.jsch.Session.connect(Session.java:452)
>>  > >  �  �  �  � at
>>  com.jcraft.jsch.Session.connect(Session.java:150)
>>  > >  �  �  �  � at
>>  > >
>>  
>> colorado.dor.dmv.driver.youthful.SftpUtility.syncLocalDirectory(SftpUtility.java:81)
>>  > >  �  �  �  � at
>>  > >
>>  
>> colorado.dor.dmv.driver.youthful.SftpUtility.syncLocalDirectory(SftpUtility.java:72)
>>  > >  �  �  �  � at
>>  > >
>>  
>> colorado.dor.dmv.driver.youthful.AddressFileProcessor.execute(AddressFileProcessor.java:106)
>>  > >  �  �  �  � at
>>  > >
>>  
>> colorado.dor.dmv.driver.youthful.AddressFileProcessor.main(AddressFileProcessor.java:85)
>>  > >
>>  > >
>>  > >
>>  
>> ------------------------------------------------------------------------------
>>  > >  Come build with us! The BlackBerry(R) Developer Conference in SF, CA
>>  > >  is the only developer event you need to attend this year. Jumpstart
>>  your
>>  > >  developing skills, take BlackBerry mobile applications to market and
>>  stay
>>  > >  ahead of the curve. Join us from November 9 - 12, 2009. Register now!
>>  > >  [LINK: http://p.sf.net/sfu/devconference]
>>  > >  http://p.sf.net/sfu/devconference
>>  > >  _______________________________________________
>>  > >  JSch-users mailing list
>>  > >  [LINK: mailto:jsch-us...@lists.sourceforge.net]
>>  > >  JSch-users@lists.sourceforge.net
>>  > >  [LINK: https://lists.sourceforge.net/lists/listinfo/jsch-users]
>>  > >  https://lists.sourceforge.net/lists/listinfo/jsch-users
>>  >
>>  >
>>  
>> ------------------------------------------------------------------------------
>>  > Come build with us! The BlackBerry(R) Developer Conference in SF, CA
>>  > is the only developer event you need to attend this year. Jumpstart your
>>  > developing skills, take BlackBerry mobile applications to market and
>>  stay
>>  > ahead of the curve. Join us from November 9 - 12, 2009. Register now!
>>  > http://p.sf.net/sfu/devconference
>>  > _______________________________________________
>>  > JSch-users mailing list
>>  > JSch-users@lists.sourceforge.net
>>  > https://lists.sourceforge.net/lists/listinfo/jsch-users
>>  
>>  
>>  --------------------
>>  Hotmail: Trusted email with Microsoft’s powerful SPAM protection. [LINK:
>>  http://clk.atdmt.com/GBL/go/177141664/direct/01/] Sign up now.
> 
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay 
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> _______________________________________________
> JSch-users mailing list
> JSch-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/jsch-users


------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users

Reply via email to