What is use of config.put("StrictHostKeyChecking", "no") in JSch

java ssh sftp jsch public-key
king Ramesh picture king Ramesh · Jul 21, 2014 · Viewed 23.2k times · Source 
java.util.Properties config = new java.util.Properties();            
config.put("StrictHostKeyChecking", "no");
session.setConfig(config);

In above code why we need to set StrictHostKeyChecking value as no while connection to SFTP through JSch API?

Answer

Martin Prikryl picture Martin Prikryl · Jul 21, 2014

You should NOT set it actually. You lose much of the SSH/SFTP security by doing to.

The option tells the JSch SSH/SFTP library not to verify public key of the SSH/SFTP server. You are vulnerable to man-in-the-middle attacks, if you do not verify the public key. Of course, unless you are connecting within a private trusted network (so you do not care for security/encryption).

Read about SSH/SFTP host keys:
https://winscp.net/eng/docs/ssh_verifying_the_host_key

Related questions

How to resolve Java UnknownHostKey, while using JSch SFTP library?

I'm running a java program where I transfer a file from one folder to another, using Java SFTP. The problem I'm having is that I'm getting the following error in my Java SFTP (using JSch) : C:\Oracle\Middleware\Oracle_Home\…

Read More
SFTP file transfer using Java JSch

Here is my code, which retrieves content of the file, on the remote server and display as output. package sshexample; import com.jcraft.jsch.*; import java.io.*; public class SSHexample { public static void main(String[] args) { String user = "user"; String …

Read More
JSchException: Algorithm negotiation fail

I am trying to connect to remote sftp server over ssh with JSch (0.1.44-1) but during "session.connect();" I am getting this exception: com.jcraft.jsch.JSchException: Algorithm negotiation fail at com.jcraft.jsch.Session.receive_kexinit(Session.java:529) at …

Read More