5

I am using Jsch(Jcraft) library to establish a SSH connection with a SSH server as shown below :

        JSch jsch = new JSch();
        String user = "****";
        String host = "****";
        int port = 22;
        String privateKey = "***.ppk";//Path to private key(The file is in .ppk format)
        try 
        {
            jsch.addIdentity(privateKey);
            Session session = jsch.getSession(user, host, port);
            java.util.Properties config = new java.util.Properties(); 
            config.put("StrictHostKeyChecking", "no");
            session.setConfig(config);
            session.connect();
            ChannelSftp sftpChannel = (ChannelSftp) session.openChannel("sftp");
            sftpChannel.connect();
            /*file transfer code*/
            sftpChannel.disconnect();
            session.disconnect();
        }
        catch (Exception e) 
        {
            e.printStackTrace();
        }

The SSH connection is successfully established as "StrictHostKeyChecking" is disabled. If its enabled I get the following error :

com.jcraft.jsch.JSchException: UnknownHostKey: ******. RSA key f
 is *************
        at com.jcraft.jsch.Session.checkHost(Session.java:805)
        at com.jcraft.jsch.Session.connect(Session.java:345)
        at com.jcraft.jsch.Session.connect(Session.java:183)

I understand we need to set know host file in the code as shown below :

jsch.setKnownHosts(knownHostsFileName);

I am unable to generate known_hosts file via the command below :

ssh-keyscan <HOST> > known_hosts

It is throwing the following error :

'ssh-keyscan' is not recognized as an internal or external command,
operable program or batch file.

I have only public and private keys in .ppk format. I dont have the known_host file.
How do we create known_host file?
Why is ssh-keyscan command throwing error - not recognized as internal/external command?

Karthik
  • 1,302
  • 5
  • 25
  • 56
  • Do you mean creating it programmatically, or interactively? This file is supposed to be created based on the human user's trust of the SSH host, in most cases. – Cong Ma Mar 13 '18 at 11:32
  • Not programmatically. How to create it interactively? And When does this get created? – Karthik Mar 13 '18 at 11:34
  • *"is not working"* is not working as a problem description. – Martin Prikryl Mar 13 '18 at 11:55
  • My Apologies.I just to want to convey that when I run ssh-keyscan command in windows command line, I get error 'ssh-keyscan' is not recognized as an internal or external command, operable program or batch file. – Karthik Mar 13 '18 at 12:00
  • My answer to the duplicate question shows how to get `ssh-keyscan` for Windows. Read the answer carefully, before asking new questions. – Martin Prikryl Mar 13 '18 at 12:00
  • Why you keep editing your question, if you already have the answer? – Martin Prikryl Mar 13 '18 at 12:16
  • I unable to generate known_host file via ssh-keyscan command that's why edited the question. – Karthik Mar 13 '18 at 12:50
  • All you have told us so far, is that you get *"'ssh-keyscan' is not recognized as an internal or external command..."* - What is expected as you are on Windows, where `ssh-keyscan` is not present by default. You have to install it. And how to install is it is show in [my answer to the duplicate question](https://stackoverflow.com/q/32852906/850848#32858953), as I have commented above already! What do you need to know more? – Martin Prikryl Mar 13 '18 at 13:13
  • Understood. I need to install OpenSSH server on windows to run ssh-keyscan. – Karthik Mar 14 '18 at 06:38

2 Answers2

4

ssh-keyscan is a command from Linux/Unix. In order to execute it on Windows, you need a version that has been modified to run on Windows. Easiest is to install (download) and open Git Bash. Inside this console you can use the ssh-keyscan command.

DdW
  • 890
  • 1
  • 18
  • 30
1

This file is typically created either by ssh-keyscan, or by the user's connection to the SSH host.

You can simply create it by the command 

ssh-keyscan [host]

and save the output. The -H option enables hashed output but I don't know if the library in question can use it.

Notice that the known_hosts file by itself is not very useful without having verified the host fingerprints first. The following caution is straight from the ssh-keyscan man page:

SECURITY
     If an ssh_known_hosts file is constructed using ssh-keyscan without veri-
     fying the keys, users will be vulnerable to man in the middle attacks.
     On the other hand, if the security model allows such a risk, ssh-keyscan
     can help in the detection of tampered keyfiles or man in the middle
     attacks which have begun after the ssh_known_hosts file was created
Cong Ma
  • 10,692
  • 3
  • 31
  • 47
  • Does this command work in Windows OS? I am getting error 'ssh-keyscan' is not recognized as an internal or external command, operable program or batch file. – Karthik Mar 13 '18 at 11:40
  • If you're using OpenSSH or a variant, yes. Check "PATH" environment variable? – Cong Ma Mar 13 '18 at 11:44
  • ssh-keyscan from windows command prompt is not working. It is throwing error 'ssh-keyscan' is not recognized as a command. What do I need to check in Path environment variable? – Karthik Mar 13 '18 at 11:45
  • `ssh-keyscan` ignores `%USERPROFILE%/.ssh/config`, and some hosts I'm trying to connect to are behind a proxy. – LogicDaemon Nov 28 '22 at 11:22
  • In Windows 10, you can add Open SSH Client from Settings -> Apps -> Optional features. This gets you both `ssh-keygen` and `ssh-keyscan`. After running keygen & uploading the public key file to the host I want to connect to as per their instructions, in a cmd prompt in my .ssh directory, I ran `ssh-keyscan [host] > known_hosts`. I could then connect automagically from a simple python script using `pysftp`. – RolfBly Apr 17 '23 at 14:49