"reject HostKey" when connecting to remote host through jumphost with JSch

java unix ssh jsch portforwarding
Rajar R picture Rajar R · Jan 23, 2018 · Viewed 10.2k times · Source

Need to SSH to destination host through jumphost. Had tried the same mentioned in JSch JumpHosts example.

Session[] sessions = new Session[2];
Session session = null;

sessions[0] = session = jsch.getSession(getUserName(), "jumphost1.com", 22);
session.setPassword(getHostPassword());
UserInfo userInfo = new UserInfo();
userInfo.setPassword(getHostPassword());
session.setUserInfo(userInfo);
Properties prop = new Properties();
prop.put("StrictHostKeyChecking", "no");
prop.put("PreferredAuthentications", "publickey,keyboard-interactive,password");
session.setConfig(prop);
session.connect();

String host = "host1.com";
int assignedPort = session.setPortForwardingL(0, host, 22);
LOGGER.info("Jump host the {} of agent {} and port forwarding {}", i, host, assignedPort);

sessions[i] = session = jsch.getSession(getUserName(), "127.0.0.1", assignedPort);
session.setPassword(getHostPassword());
userInfo = new UserInfo();
userInfo.setPassword(getHostPassword());
session.setUserInfo(userInfo);
session.setHostKeyAlias(host);
session.connect();

Getting below exception when connection to destination host:

Caused by: com.jcraft.jsch.JSchException: reject HostKey: 127.0.0.1
    at com.jcraft.jsch.Session.checkHost(Session.java:799)
    at com.jcraft.jsch.Session.connect(Session.java:345)
    at com.jcraft.jsch.Session.connect(Session.java:183)

I am trying to login to host host1.com through jumphost1.com

  • login to jumphost1.com
  • then ssh host1.com
  • execute the commands in the host1

Answer

Martin Prikryl picture Martin Prikryl · Jan 23, 2018

Your code for connecting through jumphost is correct.

The only problem is that your local host key repository contains a different host key for the second host, than what you receive from the real (second) host.

You actually do not seem to care about security, as you set StrictHostKeyChecking=no for the jumphost session (what the official example rightly does not do!). But you do not do the same for the second session, hence the error.

See also How to resolve Java UnknownHostKey, while using JSch SFTP library?

Related questions

Multiple commands using JSch

My requirement is as follow: I have to login to Unix box using my credentials and once login, I have to do sudo to different user. Once sudo is successful, I have to invoke shell in nohup. On completion of …

Read More
Running UNIX commands as different user, from Java

Trying to write a Java program capable of running a UNIX command as a different UNIX user. I have the user's password, and I know the command I want to run, but the command has to be run as that …

Read More
How to run Unix shell script from Java code?

It is quite simple to run a Unix command from Java. Runtime.getRuntime().exec(myCommand); But is it possible to run a Unix shell script from Java code? If yes, would it be a good practice to run a shell …

Read More