6

Need to SSH to destination host through jumphost. Had tried the same mentioned in JSch JumpHosts example.

Session[] sessions = new Session[2];
Session session = null;

sessions[0] = session = jsch.getSession(getUserName(), "jumphost1.com", 22);
session.setPassword(getHostPassword());
UserInfo userInfo = new UserInfo();
userInfo.setPassword(getHostPassword());
session.setUserInfo(userInfo);
Properties prop = new Properties();
prop.put("StrictHostKeyChecking", "no");
prop.put("PreferredAuthentications", "publickey,keyboard-interactive,password");
session.setConfig(prop);
session.connect();

String host = "host1.com";
int assignedPort = session.setPortForwardingL(0, host, 22);
LOGGER.info("Jump host the {} of agent {} and port forwarding {}", i, host, assignedPort);

sessions[i] = session = jsch.getSession(getUserName(), "127.0.0.1", assignedPort);
session.setPassword(getHostPassword());
userInfo = new UserInfo();
userInfo.setPassword(getHostPassword());
session.setUserInfo(userInfo);
session.setHostKeyAlias(host);
session.connect();

Getting below exception when connection to destination host:

Caused by: com.jcraft.jsch.JSchException: reject HostKey: 127.0.0.1
    at com.jcraft.jsch.Session.checkHost(Session.java:799)
    at com.jcraft.jsch.Session.connect(Session.java:345)
    at com.jcraft.jsch.Session.connect(Session.java:183)

I am trying to login to host host1.com through jumphost1.com

  • login to jumphost1.com
  • then ssh host1.com
  • execute the commands in the host1
Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
Rajar R
  • 127
  • 1
  • 1
  • 10
  • I don't know jsch, but from what you're saying `127.0.0.1` in your `jsch.getSession(...)` has nothing to do here and should probably be `jumphost1.com` or maybe `host1.com` – Aaron Jan 23 '18 at 13:39
  • JSCH is java library , Have refered the below example http://www.jcraft.com/jsch/examples/JumpHosts.java.html – Rajar R Jan 23 '18 at 13:42
  • Alright nevermind, your code seems consistent with the example (connect to a first server, then get a session on `127.0.0.1` from this one). I'll have to let someone familiar with the tool answer, good luck ! – Aaron Jan 23 '18 at 13:52

1 Answers1

5

Your code for connecting through jumphost is correct.

The only problem is that your local host key repository contains a different host key for the second host, than what you receive from the real (second) host.

You actually do not seem to care about security, as you set StrictHostKeyChecking=no for the jumphost session (what the official example rightly does not do!). But you do not do the same for the second session, hence the error.

See also How to resolve Java UnknownHostKey, while using JSch SFTP library?

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
  • this localhost mean jumphost1.com,so which will have already knowhost added. please correct me if i wrong. Also i should be able to use ChannelExec in destination host? – Rajar R Jan 23 '18 at 14:19
  • Also trying to understand first step where generating knownhost, I have to run the ssh-keyscan command in all the host and have in the file? bcoz i have few server which uses different jumphost , so i have generate and map the same in file and upload? – Rajar R Jan 23 '18 at 14:29
  • I tried setting StrictHostKeyChecking=no for second session , but if gives me Auth Cancel error Caused by: com.jcraft.jsch.JSchException: Auth cancel – Rajar R Jan 23 '18 at 14:42
  • 1
    OK, so the problem is solved, as you got past a host key verification! Though have to repeat that by setting `StrictHostKeyChecking=no` **you give up on security**! - Anyway, you have another problem now - authentication. One obvious problem is, that you use password instead of username: `jsch.getSession(getHostPassword(), ...)` – Martin Prikryl Jan 23 '18 at 14:55