50

So I'm writing a little program that needs to connect to a remote server through SFTP, pull down a file, and then processes the file. I came across JSch through some answers here and it looked perfect for the task. So far, easy to use and I've got it working, with one minor thing I'd like to fix. I'm using the following code to connect and pull the file down:

    JSch jsch = new JSch();
    Session session = null;
    try {
        session = jsch.getSession("username", "127.0.0.1", 22);
        session.setConfig("StrictHostKeyChecking", "no");
        session.setPassword("password");
        session.connect();

        Channel channel = session.openChannel("sftp");
        channel.connect();
        ChannelSftp sftpChannel = (ChannelSftp) channel;
        sftpChannel.cd(REMOTE_FTP_DIR);
        sftpChannel.lcd(INCOMING_DIR);
        sftpChannel.get(TMP_FILE, TMP_FILE);
        sftpChannel.exit();
        session.disconnect();
    } catch (JSchException e) {
        e.printStackTrace();
    } catch (SftpException e) {
        e.printStackTrace();
    }

So this works and I get the file. I'm running this code on a linux server and when I run the code JSch asks me for my Kerberos username and password. It looks like:

Kerberos username [george]:

Kerberos password for george:

I just hit enter for both questions and then the program seems to continue on with no problems. However I need this code to be automated through a cron task and so I'd rather not having it pausing the program to ask me these two questions. Is there something I'm not supplying it so that it won't ask this? Something I need to do to stop it asking? Hopefully someone has some ideas. Thanks.

cardician
  • 2,451
  • 3
  • 26
  • 36
  • For posterity, thuis may be related to: https://issues.apache.org/bugzilla/show_bug.cgi?id=53437 – Aaron Apr 25 '13 at 16:37

4 Answers4

88

Thought I'd post an answer here since in case anyone else ends up running into a similar issue. Turns out I am missing a piece of code that makes all the difference. I just needed to add

session.setConfig("PreferredAuthentications", 
                  "publickey,keyboard-interactive,password");

before

session.connect();

and everything works perfectly now.

cardician
  • 2,451
  • 3
  • 26
  • 36
  • weird that yesterday my code was working fine without this, and now it'll only work with this. Thanks for this! – adbar Jul 19 '16 at 04:34
  • Also if for some reason you can't get to these configuration settings you can just do System.setIn(null) – visch Jul 28 '17 at 19:19
13

While the solution in the self-accepted answer is correct, it lacks any explanation.

The problem is that the OP have a Kerberos/GSSAPI authentication set as the preferred (the JSch default). Yet OP does not seem to actually use/want it, as OP claims not to specify any username or password for the Kerberos prompts.

This problem can appear spontaneously, when either Kerberos gets installed on the the client PC or the server starts to support Kerberos.

The solution is to remove the Kerberos/GSSAPI (gssapi-with-mic) from the list of preferred authentication methods in JSch:

session.setConfig(
    "PreferredAuthentications", "publickey,keyboard-interactive,password");
Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
1

I came across the same issue. But i realised that the application is not blocked if i run the jar file command with nohup. It simply ignores the prompt.

vaibhavp
  • 43
  • 5
0

All answers are correct, I'll just add here the way it can be done for Spring Integration when trying to integrate with an SFTP server.

So, if you are using SFTP Spring Integration and the weird user and password for Kerberos is prompting in the same way the OP is asking.

Then modify your Spring configuration (I'm using Java Spring Integration config, if you are using XML config you can try to translate it yourself - I really don't like XML config :P ):

So in the bean you are using as SessionFactory you need to add this change in config:

@Bean
public SessionFactory<LsEntry> sftpSessionFactory() {
    DefaultSftpSessionFactory factory = new DefaultSftpSessionFactory(true);
    factory.setHost("hostname");
    factory.setPort(22);
    factory.setUser("username");
    factory.setPassword("superstrongpassword");
    factory.setAllowUnknownKeys(true);
    factory.setSessionConfig(buildSessionProperties());
    return new CachingSessionFactory<>(factory);
}

/**
 * Build JSch property PreferredAuthentications without "gssapi-with-mic"
 * This way it won't prompt for Kerberos authentication every time it tries to connect
 * to the SFTP.
 */
private Properties buildSessionProperties() {
    Properties sessionProperties = new Properties();
    sessionProperties.setProperty("PreferredAuthentications", "publickey,keyboard-interactive,password");
    return sessionProperties;
}
hmojica
  • 603
  • 8
  • 11