3

With JSch I'm calling addIdentity() to add a private key and getSession() to open an SSH tunnel.

When running this code locally on my Windows machine the opening of the tunnel is working.

However when running that same code with the same private key on our CI the following error occurs:

2016-12-07 01:01:32 ERROR SSHConnector:25 - invalid privatekey: [B@4bb4de6a
com.jcraft.jsch.JSchException: invalid privatekey: [B@4bb4de6a
    at com.jcraft.jsch.KeyPair.load(KeyPair.java:747)
    at com.jcraft.jsch.KeyPair.load(KeyPair.java:561)
    at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:40)
    at com.jcraft.jsch.JSch.addIdentity(JSch.java:408)
    at com.jcraft.jsch.JSch.addIdentity(JSch.java:389)

The private key looks something like this:

PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: imported-openssh-key
Public-Lines: 6
XXXXXXXXXXXXXXXXXXX
Private-Lines: 14
XXXXXXXXXXXXXXXXXX
Private-MAC: XXXXXXXXXXXXXXXX

What could be the error here?

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
Harold L. Brown
  • 8,423
  • 11
  • 57
  • 109
  • It's been two years. Q: could you please "accept" one of the responses? Feel free to edit a response, or add your own response. – paulsm4 Sep 26 '18 at 17:46
  • @paulsm4 Honestly I can't remember what the correct answer was -- if there ever was one. – Harold L. Brown Oct 11 '18 at 13:52
  • It is caused by the key file format. See this answer: https://stackoverflow.com/questions/53134212/invalid-privatekey-when-using-jsch – Dimitar II May 04 '22 at 11:14

2 Answers2

3

My problem was solved by using pem file instead of ppk.

pem file is in OpenSSH format that com.jcraft.jsch.JSch jar requires

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
Rishab
  • 61
  • 4
2

My educated guess is that jSCh does not support PuTTY key format, but rather standard PEM or OpenSSH format. You can convert the PPK to PEM in the PuTTYgen and it should solve your problems.

Jakuje
  • 24,773
  • 12
  • 69
  • 75
  • 3
    At least in 0.1.53 (and I doubt this would be removed) it does read PPK (in addition to OpenSSL PEMs = non-newfmt OpenSSH and several others) but **only with Windows-type EOL** (CR LF). Harold: did you copy your PPK to the affected system by a method that can change EOLs such as pasting to an editor or FTP TYPE A? – dave_thompson_085 Dec 07 '16 at 23:44
  • 2
    jsch does indeed support PPK files, but as @dave_thompson_085 pointed out they have to have the line endings marked with CRLF. Dave, please convert your comment to an answer so I can tick it as the right one. – Harold L. Brown Dec 09 '16 at 09:18