java.util.Properties config = new java.util.Properties();
config.put("StrictHostKeyChecking", "no");
session.setConfig(config);
In above code why we need to set StrictHostKeyChecking
value as no
while connection to SFTP through JSch API?
Description The JSch StrictHostKeyChecking configuration is set to no, this indicates that connections may be made to unknown servers or servers that have changed their keys, generating new ones and adding them by default to the known server files.
The strict-host-key-checking command specifies how host keys are checked during the connection and authentication phase. By default, strict host key checking is disabled. When disabled the SSH client verifies the incoming host key against the keys in the known hosts list.
Using Config File You need to create a ~/. ssh/config file and disable strict host key checking by adding the content. This will disable host checking for all hosts you connect to. Rather than disabling host check for all Host “*”, it would be safer to specify a particular host.
public class JSch extends Object. This class serves as a central configuration point, and as a factory for Session objects configured with these settings. Use getSession to start a new Session. Use one of the addIdentity methods for public-key authentication. Use setKnownHosts to enable checking of host keys.
You should NOT set it actually. You lose much of the SSH/SFTP security by doing to.
The option tells the JSch SSH/SFTP library not to verify public key of the SSH/SFTP server. You are vulnerable to man-in-the-middle attacks, if you do not verify the public key. Of course, unless you are connecting within a private trusted network (so you do not care for security/encryption).
Read about SSH/SFTP host keys:
https://winscp.net/eng/docs/ssh_verifying_the_host_key
StrictHostKeyChecking values: ask | yes | no
default: ask
If this property is set to yes, JSch will never automatically add host keys to the $HOME/.ssh/known_hosts
file, and refuses to connect to hosts whose host key has changed. This property forces the user to manually add all new hosts.
If this property is set to no, JSch will automatically add new host keys to the user known hosts files.
If this property is set to ask, new host keys will be added to the user known host files only after the user has confirmed that is what they really want to do, and JSch will refuse to connect to hosts whose host key has changed.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With