Menu
I want to be able to remove the remote server key from known_hosts and add it again. The remote server gets updated often so I want to automatically remove the remote host key and add its new key to known_hosts. I can remove the key from known_hosts though it is clunky and uses a Process instead of going through JSCH. This works but I encounter this message whenever I try to access the server:
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
RSA key fingerprint is 10:10:30:00:e7:0c:d3:18:cf:ac:42:e2:f3:51:25:bg.
Are you sure you want to continue connecting (yes/no)?
I know it is possible to get around this message using a UserInfo but I use other ways of connecting to the remote server, such as a Process and the message would appear when I run those commands.
Is it possible to use JSCH to remove and add a host id from known_hosts?
Possibly related though it does not use jsch:
How can I write a program (script) to remove obsolete host keys from ~/.ssh/known_hosts?
812
JSch is the Java implementation of SSH2 that allows us to connect to an SSH server and use port forwarding, X11 forwarding, and file transfer. Also, it is licensed under the BSD style license and provides us with an easy way to establish an SSH connection with Java.
The known_hosts file lets the client authenticate the server, to check that it isn't connecting to an impersonator. The authorized_keys file lets the server authenticate the user.
The known_hosts File is a client file containing all remotely connected known hosts, and the ssh client uses this file. This file authenticates for the client to the server they are connecting to. The known_hosts file contains the host public key for all known hosts.
Yes you can add a remote host entry into your known_hosts file using JSch. As Jim Garrison answered, there are other ways around the issue, but here is how to do it in your code:
First, understand that as a default, if you do not specify a known_hosts file, JSch can still work, it will just create a run-time known_host file in memory, and add entrys automatically so long as Strict Host Key Checking is set to 'no'.
If you DO specify Known Hosts file, then JSch will add new entries to that file when Strict Host Key Check is set to 'no'
JSch jsch = new JSch();
jsch.setKnownHosts(knownHostsFile);
logger.info("known hosts file set: " + knownHostsFile);
jsch.addIdentity(privateKey);
logger.info("rsa private key loaded: " + privateKey);
Session session = jsch.getSession(user, host, port);
java.util.Properties config = new java.util.Properties();
// this setting will cause JSCH to automatically add all target servers' entry to the known_hosts file
config.put("StrictHostKeyChecking", "no");
session.setConfig(config);
session.connect();
This is not very secure behavior, but is a handy way to get JSCh to setup a new server entry for you. After your known hosts file is setup, I recommend turning your StrictHostKeyChecking back to yes.
68
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
