sshj icon indicating copy to clipboard operation
sshj copied to clipboard

Published 20 hours ago verified publisher icon hierynomus

net.schmizz.sshj.transport.TransportException: Could not verify `ssh-ed25519` host key with fingerprint

Open gdufeZLYL opened this issue 4 years ago • 4 comments

net.schmizz.sshj.transport.TransportException: Could not verify ssh-ed25519 host key with fingerprint at net.schmizz.sshj.transport.KeyExchanger.verifyHost(KeyExchanger.java:210) at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:368) at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:517) at net.schmizz.sshj.transport.Decoder.decodeMte(Decoder.java:159) at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:79) at net.schmizz.sshj.transport.Decoder.received(Decoder.java:231) at net.schmizz.sshj.transport.Reader.run(Reader.java:60) ===2020-09-24 20:36:22.566 [reader] INFO net.schmizz.sshj.transport.TransportImpl Line:205 - Disconnected - HOST_KEY_NOT_VERIFIABLE

it's wrong, how to solve, help me, thanks

gdufeZLYL avatar Sep 24 '20 13:09 gdufeZLYL

I've got this problem, too

stjava avatar Apr 13 '21 10:04 stjava

Me to using [sshj-0.31.0.jar:0.31.0], but in cmd I could connect with ssh and known_hosts to remote server

sysmat avatar Apr 20 '21 05:04 sysmat

Without more information like logs or code for a minimal example, it's very hard to give precise help. But I'll try. :smile:

If host verification fails but you don't actually care about host verification, then you can turn it off by adding sshClient.addHostKeyVerifier(new PromiscuousVerifier()) before calling SSHClient::connect.

If you care about host verification and want to use your known_hosts, make sure to call SSHClient::loadKnownHosts before connecting.

If you can connect with ssh but get the given exception with sshj, the problem is most likely that ssh and sshj negotiate different key algorithms with the remote server. Try connecting with ssh -o HostKeyAlgorithms=ssh-ed25519 user@host. If ssh warns you about conflicting host keys, remove the referenced line from known_hosts and try again. If ssh warns you that the authenticity of the remote host can't be established, proceed anyways and ssh will add the ssh-ed25519 key to your known_hosts. Afterwards, you should be able to connect with sshj without disabling host verification.

You can influence the key algorithm that sshj negotiates with the remote server with Config::setKeyAlgorithms before passing the config to the constructor of SSHClient. If you pass only the algorithm that matches the remote server's entry in known_hosts, it should work fine.

hpoettker avatar Apr 20 '21 21:04 hpoettker

The same error here with me, but as @hpoettker said before, just add this before connecting:

ssh.addHostKeyVerifier(new PromiscuousVerifier());

It was enough to solve!

eduveks avatar Dec 05 '23 18:12 eduveks