1

Referring to asked question: Keypair login to EC2 instance with JSch

I'm trying to connect with JCraft JSch to two different EC2 machines:

1st EC2 machine without ENCRYPTION on .pem file and it works perfect!

$ cat ~/Documents/CA01.pem                                                                                       
-----BEGIN RSA PRIVATE KEY-----
…….

However on the 2nd machine the .pem is encrypted and I have a password:

$ cat ~/Documents/OPEN_VPN.pem                        
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info:……........

So the code looks like:

JSch jsch = new JSch();
Properties config = new Properties();
config.put("StrictHostKeyChecking", "no");
config.put("PreferredAuthentications", "publickey,keyboard-interactive,password");
jsch.addIdentity("/path/to/pem/OPEN_VPN.pem");

session = jsch.getSession("root", getHost(), 22)
session.setConfig(config);
session.setPassword(getPsw());
session.connect(); // here I got Exception....

Channel channel = session.openChannel("sftp");
channel.connect();

I got :

Exception in thread "main" com.jcraft.jsch.JSchException: USERAUTH fail
    at com.jcraft.jsch.UserAuthPublicKey.start(UserAuthPublicKey.java:119)
    at com.jcraft.jsch.Session.connect(Session.java:470) ....

Please any help. Maybe other useful libraries?

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
VitalyT
  • 1,671
  • 3
  • 21
  • 49

1 Answers1

2

A private key passphrase is not a session password. So you cannot pass it to Session.setPassword().

Use an overload of JSch.addIdentity() that takes a passphrase:

jsch.addIdentity("/path/to/pem/OPEN_VPN.pem", getPsw());

Also note that whether the private key is encrypted or not, has nothing to do with a server. A server does not care. So if you are happy with your private key being unencrypted for the first server, there's no reason why your private key for the second server should be encrypted either. Just remove the encryption.

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992