jsch icon indicating copy to clipboard operation
jsch copied to clipboard
verified publisher icon mwiede

"JSchException: key type ssh-rp is not supported" Error on adding identity

Open roeblelias opened this issue 1 year ago • 3 comments

We are trying to connect to a AWS EC2 instance from our AKS On startup we are setting up the session like this

    @Bean
    @Throws(Exception::class)
    fun sshTunnel(): Session {
        try {
            val jsch = JSch().apply { addIdentity(rsaFilePath) }
            val sshSession = jsch.getSession(username, host, port).apply {
                setConfig("StrictHostKeyChecking", "no")
                connect(CONNECTION_TIMEOUT)
            }
            check(sshSession.isConnected) { "SSH session is not connected. Cannot execute command." }

            logger.info("SSH Tunnel established successfully")
            return sshSession
        } catch (e: JSchException) {
            throw IllegalStateException("Failed to establish SSH connection: ${e.message}", e)
        }
    }

This works on every other environemt, but on our prod we get the following error:

Caused by: com.jcraft.jsch.JSchException: key type ssh-rp
 is not supported
	at com.jcraft.jsch.KeyPair.parsePubkeyBlob(KeyPair.java:1437) ~[jsch-0.2.16.jar:0.2.16]
	at com.jcraft.jsch.KeyPair.loadOpenSSHKeyv1(KeyPair.java:1165) ~[jsch-0.2.16.jar:0.2.16]
	at com.jcraft.jsch.KeyPair.load(KeyPair.java:921) ~[jsch-0.2.16.jar:0.2.16]
	at com.jcraft.jsch.KeyPair.load(KeyPair.java:673) ~[jsch-0.2.16.jar:0.2.16]
	at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:37) ~[jsch-0.2.16.jar:0.2.16]
	at com.jcraft.jsch.JSch.addIdentity(JSch.java:493) ~[jsch-0.2.16.jar:0.2.16]
	at com.jcraft.jsch.JSch.addIdentity(JSch.java:457) ~[jsch-0.2.16.jar:0.2.16]
	at at.*****.someService.configurations.SshTunnelConfiguration.sshTunnel(SshTunnelConfiguration.kt:32) ~[classes/:na]
	... 51 common frames omitted

We are using a rsa-ssh key. Our key starts with: -----BEGIN OPENSSH PRIVATE KEY-----

We are in a Kotlin Spring Boot project, using Java 17 (if that is even helpful information 😅)

roeblelias avatar Feb 22 '24 13:02 roeblelias

never heard of ssh-rp Key type. Maybe a typo in your or the servers ssh config?

mwiede avatar Feb 22 '24 15:02 mwiede

Hey, thanks for the quick reply

I search through our whole deployment and the service There is not one ssh-rp

It reaches our rsa key and validates it (we checked that by providing an invalid private key => invalidprivatekey error) But then it fails, when checking the type

we regenerate our key and it is for sure a valid rsa-ssh

I am a little clueless We trying right now to reproduce the error locally and we also trying to achieve the behaviour we need with a different lib

Any other ideas?

roeblelias avatar Feb 22 '24 15:02 roeblelias

We have that Unit-Test in https://github.com/mwiede/jsch/blob/966e7fd55e443939b80134f17cb117b3ca642561/src/test/java/com/jcraft/jsch/KeyPairTest.java#L125-L139

Maybe you take that code and try to load your keys to find the issue

mwiede avatar Feb 27 '24 08:02 mwiede

closing because of inactivity

mwiede avatar Jul 15 '24 11:07 mwiede