JSch is a pure Java implementation of
SSH2.
JSch allows you to connect to an sshd server and use port
forwarding, X11 forwarding, file transfer, etc., and
you can integrate its functionality into your own Java programs.
JSch is licensed under BSD style license.
Why JSch?
Our intension in developing this stuff is to
enable users of our pure java X servers,
WiredX and WeirdX,
to enjoy secure X sessions. Our efforts have
mostly targeted the SSH2 protocol in relation to X window system and X11 forwarding.
Of course, we are also interested in adding other functionality -
port forward, file transfer, terminal emulation, etc.
SSH2
Needless to say, SSH provides support for secure remote login,
secure file transfer, and secure TCP/IP and X11 forwarding.
It can automatically encrypt, authenticate, and compress
transmitted data. The SSH protocol is available in two
incompatible varieties: SSH1 and SSH2. SSH2 was invented to
avoid the patent issues regarding RSA (RSA patent has expired),
and to fix some data integrity problem that SSH1 has,
and for a number of other
technical reasons. SSH2 protocol has been standardized on
IETF Secure Shell working group and drafts related to SSH2 protocol are available on the web. In developing JSch, we are now referring to following documents:
Features
The current JSch has the following features.
- JSch is in pure Java, but it depends on JavaTM Cryptography Extension (JCE). JSch is know to work with:
- SSH2 protocol support.
- Key exchange: diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1
- Cipher: blowfish-cbc, 3des-cbc, aes128-cbc,aes192-cbc,aes256-cbc
- MAC: hmac-md5, hmac-sha1, hmac-md5-96, hmac-sha1-96
- Host key type: ssh-dss,ssh-rsa
- Userauth: password
- Userauth: publickey(DSA,RSA)
- Userauth: keyboard-interactive
- Userauth: gss-api-with-mic
- X11 forwarding
- xauth spoofing
- connection through HTTP proxy.
- connection through SOCKS5 proxy.
- port forwarding.
- stream forwarding.
- signal sending.
The unofficial patch for sshd of openssh will be found in this thread.
- envrironment variable passing.
- remote exec.
- generating DSA and RSA key pairs.
- changing the passphrase for a private key.
- partial authentication
- SSH File Transfer Protocol(version 0, 1, 2, 3)
- packet compression: zlib, zlib@openssh.com
JZlib has been used.
- hashed known_hosts file.
- NONE Cipher switching.
High Performace Enabled SSH/SCP supports NONE Cipher switching. Refer to ScpToNoneCipher.java.
- JSch is licensed under BSD style license.
How To Try
The downloadable archive includes the source code of JSch and
some examples. For example, current archive includes a simple Java
program, which demonstrates X11 forwarding.
Please refer to '/examples/README' file. Here are examples included in the current archive.
AES cipher
Since version 0.1.21, jsch can support aes128-cbc,aes192-cbc,aes256-cbc,
but you require AES support in your J2SE to choose some of them.
If you are using Sun's J2SE, J2SE 1.4.2 or later is required.
And then, J2SE 1.4.2(or later) does not support aes256 by the default,
because of 'import control restrictions of some countries'.
We have confirmed that by applying
Java Cryptography Extension (JCE)
Unlimited Strength Jurisdiction Policy Files 1.4.2
on
http://java.sun.com/j2se/1.4.2/download.html#docs, we can enjoy 'aes256-cbc'.
Please refer to AES.java how to choose those ciphers.
Applications using JSch
We have recognized that the following applications have used JSch.
- Ant(1.6 or later).
JSch has been used for Ant's sshexec and scp tasks.
- Eclipse(3.0).
Our Eclipse-CVSSSH2 plug-in has been
included in Eclipse SDK 3.0. This plug-in will allow you to get ssh2
accesses to remote CVS repository by JSch.
JSch for J2ME
At JSch for J2ME project,
we are porting JSch to J2ME platform; J2ME/CDC/FP and J2ME/CLDC/MIDP2.0, and
now JSch is really running on those platforms!
On that web page, source code will be provided under revised BSD
license. Through this porting process, we have succeeded to run JSch
on J2SE 1.3 or the previous, so it must be worth checking out even if you
are not interested in J2ME platform.
Download
-
jsch-0.1.40.zip(270,403 bytes)
md5sum: b59cec19a487e95aed68378976b4b566 jsch-0.1.40.zip
- jsch-0.1.40.jar(178,129 bytes)
md5sum: 76ac57ec8fcf613f7e028d1f34c7a48d jsch-0.1.40.jar
Related Programs
TODO
- re-implementation with java.nio.
- replacing cipher, hash by JCE with pure Java code.
- SSH File Transfer Protocol version 4.
- documents.
- error handling.
Mailing List
Credits and Acknowledgements
JSch has been developed by ymnk and
it can not be hacked without several help.
- First of all, we want to thank JCE team at Sun Microsystems.
For long time, we had planed to implement SSH2 in pure Java,
but we had hesitated to do because tons of work must be done for
implementing ciphers, hashes, etc., from the scratch.
Thanks to newly added functionalities to J2SE 1.4.0,
we could start this project.
- We appreciate the OpenSSH project.
The options '-ddd' of sshd, '-vvv' of ssh and
the compile options '-DPACKET_DEBUG', '-DDEBUG_KEXDH'
and '-DDEBUG_KEX' were very useful in debugging JSch.
- We appreciate IETF sesch working group and SSH Communications Security Corp.
Without the standardization of the protocol,
we could not get the chance to implement JSch.
- We appreciate Seigo Haruyama, who are interpreting drafts of SSH2 protocol in Japanese.
His works were very useful for us to understand the technical terms
in our native language.
- We also appreciate SourceForge's awesome service to the Open Source Community.
Comments/suggestions are accepted at
jsch@jcraft.com.
``SSH is a registered trademark and Secure
Shell is a trademark of SSH Communications Security Corp
(www.ssh.com)''.
|
