5

I try to establish a connection with MySQL base in PythonAnywhere using SSH in my Java program according to instruction:
https://help.pythonanywhere.com/pages/AccessingMySQLFromOutsidePythonAnywhere

Unfortunately, I get this error every time and I am running out of ideas:

com.jcraft.jsch.JSchException: reject HostKey: ssh.pythonanywhere.com

public static void main(String[] args) {
    Tunnel tunnel = new Tunnel();
    try {
        tunnel.go();
    } catch (Exception e) {
        e.printStackTrace();
    }
}

public void go() throws Exception {
    String host = "ssh.pythonanywhere.com";
    String user = "username";
    String password = "password";
    int port = 22;

    int tunnelLocalPort = 9080;
    String tunnelRemoteHost = "username.mysql.pythonanywhere-services.com";
    int tunnelRemotePort = 3306;

    JSch jsch= new JSch();
    Session session = jsch.getSession(user,host,port);
    localUserInfo lui = new localUserInfo();
    session.setPassword(password);
    session.setUserInfo(lui);
    session.connect();
    session.setPortForwardingL(tunnelLocalPort,tunnelRemoteHost,tunnelRemotePort);
    System.out.println("Connecting");
}

class localUserInfo implements UserInfo {
    String passwd;

    @Override
    public String getPassphrase() {return null; }

    @Override
    public String getPassword() { return null; }

    @Override
    public boolean promptPassword(String s) { return false; }

    @Override
    public boolean promptPassphrase(String s) { return false; }

    @Override
    public boolean promptYesNo(String s) { return false; }

    @Override
    public void showMessage(String s) {}
}

I successfully connected using PuTTY but cannot get my program working.

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
Szejder
  • 69
  • 1
  • 1
  • 4

4 Answers4

6

JSch fails to verify SSH server host key.

  • Either your host key repository contains a different host key.

  • Or JSch tries to prompt user to verify the host key manually by calling UserInfo.promptYesNo. And as your implementation returns false, the host key is rejected.

For a correct way to verify the host key, see:
How to resolve Java UnknownHostKey, while using JSch SFTP library?

Note that even in PuTTY you must have verified the host key on the first connection.

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
1

Ok,

It seems that adding:

java.util.Properties config = new java.util.Properties(); config.put("StrictHostKeyChecking", "no");
session.setConfig(config);

helped to solve the Exception.

Szejder
  • 69
  • 1
  • 1
  • 4
  • That's not the correct way. You are losing protection against [MITM attacks](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) by setting `StrictHostKeyChecking=no` – Martin Prikryl Jan 05 '20 at 21:08
1

FWIW, in my case, using jsch to programatically ssh in to another machine, even though I was using username/password credentials, I had to have both the key added by a manual ssh username/pw login (type ecdsa-sha2-nistp256), and the one added when using an rsa key-based login (type ssh-rsa).

linus
  • 138
  • 9
-1

Start you application once with

sftp.strictHostKeyChecking=no

this will add the key in known_hosts, after that you can switch it back to yes

wutzebaer
  • 14,365
  • 19
  • 99
  • 170