Trying to use public key auth with a password protected RSA (2048) keypair created w/OpenSSH (OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011) using 'ssh-keygen -t rsa' on Mac OS X w/SSHJ 0.15.0 and Oracle JDK 1.8.0_77. Verified keypair and password works using ssh directly. When trying to use SSHJ I get the following exception:
net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication methods
net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication methods
at net.schmizz.sshj.SSHClient.auth(SSHClient.java:232)
at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:331)
at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:350)
at com.foo.bar.baz.Client2.main(Client2.java:53)
Caused by: net.schmizz.sshj.userauth.UserAuthException: Problem getting private key from PKCS8KeyFile{resource=[PrivateKeyFileResource] /Users/foo/.ssh/bar_id_rsa}
at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putSig(KeyedAuthMethod.java:61)
at net.schmizz.sshj.userauth.method.AuthPublickey.sendSignedReq(AuthPublickey.java:74)
at net.schmizz.sshj.userauth.method.AuthPublickey.handle(AuthPublickey.java:45)
at net.schmizz.sshj.userauth.UserAuthImpl.handle(UserAuthImpl.java:136)
at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:490)
at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:107)
at net.schmizz.sshj.transport.Decoder.received(Decoder.java:175)
at net.schmizz.sshj.transport.Reader.run(Reader.java:60)
Caused by: org.bouncycastle.openssl.EncryptionException: exception using cipher - please check password and data.
at org.bouncycastle.openssl.jcajce.PEMUtilities.crypt(Unknown Source)
at org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder$1$1.decrypt(Unknown Source)
at org.bouncycastle.openssl.PEMEncryptedKeyPair.decryptKeyPair(Unknown Source)
at net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile.readKeyPair(PKCS8KeyFile.java:143)
at net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile.getPrivate(PKCS8KeyFile.java:72)
at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putSig(KeyedAuthMethod.java:59)
... 7 more
Caused by: javax.crypto.BadPaddingException: pad block corrupted
at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$BufferedGenericBlockCipher.doFinal(Unknown Source)
at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(Cipher.java:2165)
... 13 more
Code looks like this:
String user = "f...@bar.com";
String host = "target.bar.com";
String privateKey = "/Users/foo/.ssh/bar_id_rsa";
String passPhrase = "supersecret#>12424)sauce";
String knownHosts = "/Users/foo/.ssh/known_hosts";
int port = 12345;
SSHClient sshClient = new SSHClient();
sshClient.loadKnownHosts(new File(knownHosts));
sshClient.connect(host, port);
try{
OpenSSHKeyFile keyProvider = new OpenSSHKeyFile();
keyProvider.init(new File(privateKey), new StaticPasswordFinder(passPhrase));
sshClient.authPublickey(user, keyProvider);
static class StaticPasswordFinder implements PasswordFinder {
private char[] password;
public StaticPasswordFinder( String password ) {
this.password = password.toCharArray();
}
public char[] reqPassword(net.schmizz.sshj.userauth.password.Resource<?> resource) {
return password;
}
public boolean shouldRetry(net.schmizz.sshj.userauth.password.Resource<?> resource) {
return false;
}
}