JSch - Java Secure Channel

JSch is a pure Java implementation of SSH2.
JSch allows you to connect to an sshd server and use port forwarding, X11 forwarding, file transfer, etc., and you can integrate its functionality into your own Java programs. JSch is licensed under BSD style license.

Why JSch?

Originally, our motivation to develop this stuff is to allow users of our pure java X servers, WiredX, to enjoy secure X sessions. So, our efforts had mostly targeted to implement the SSH2 protocol for X11 forwarding. Of course, however, we are now also interested in adding other functionality like port forward, file transfer, terminal emulation, etc.


Needless to say, SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt, authenticate, and compress transmitted data. The SSH protocol is available in two incompatible varieties: SSH1 and SSH2. SSH2 was invented to avoid the patent issues regarding RSA (RSA patent has expired), and to fix some data integrity problem that SSH1 has, and for a number of other technical reasons. SSH2 protocol has been standardized on IETF Secure Shell working group and drafts related to SSH2 protocol are available on the web. In developing JSch, we are now referring to following documents:


The current JSch has the following features.

  • JSch is in pure Java, but it depends on JavaTM Cryptography Extension (JCE). JSch has been known to work with:
  • SSH2 protocol support.
  • Key exchange: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
  • Cipher: blowfish-cbc,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-ctr,arcfour,arcfour128,arcfour256
  • MAC: hmac-md5, hmac-sha1, hmac-md5-96, hmac-sha1-96
  • Host key type: ssh-dss,ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
  • Userauth: password
  • Userauth: publickey(DSA,RSA,ECDSA)
  • Userauth: keyboard-interactive
  • Userauth: gssapi-with-mic
  • X11 forwarding
  • xauth spoofing
  • connection through HTTP proxy.
  • connection through SOCKS5 proxy.
  • port forwarding.
  • stream forwarding.
  • signal sending. The unofficial patch for sshd of openssh will be found in this thread.
  • envrironment variable passing.
  • remote exec.
  • generating DSA and RSA key pairs.
  • supporting private keys in OpenSSL(traditional SSLeay) and PKCS#8 format.
  • changing the passphrase for a private key.
  • partial authentication
  • SSH File Transfer Protocol(version 0, 1, 2, 3)
  • packet compression: zlib, zlib@openssh.com JZlib has been used.
  • hashed known_hosts file.
  • NONE Cipher switching. High Performace Enabled SSH/SCP supports NONE Cipher switching. Refer to ScpToNoneCipher.java.
  • JSch is licensed under BSD style license.

How To Try

The downloadable archive includes the source code of JSch and some examples. For example, current archive includes a simple Java program, which demonstrates X11 forwarding. Please refer to '/examples/README' file. Here are examples included in the current archive.

Applications using JSch

We have recognized that the following applications have used JSch.


  • jsch-0.1.53.zip(365,003 bytes)
    md5sum:    5c37c1fe15ee6690fcc18b305f2d2659   jsch-0.1.53.zip
  • jsch-0.1.53.jar(278,297 bytes)
    md5sum:    14565d82bc94c312dce42a71c3d79034   jsch-0.1.53.jar

Maven Repository

  • JSch has been available at the cenral maven repository.
  • Jar files have been signed our PGP key, and our public key has been located on hkp://pgp.mit.edu. You will be get it with
    $ gpg --keyserver hkp://pgp.mit.edu --recv-keys CA7FA1F0

Related Programs

Mailing List


Credits and Acknowledgements

JSch has been developed by ymnk and it can not be hacked without several help.

  • First of all, we want to thank JCE team at Sun Microsystems.
    For long time, we had planed to implement SSH2 in pure Java, but we had hesitated to do because tons of work must be done for implementing ciphers, hashes, etc., from the scratch. Thanks to newly added functionalities to J2SE 1.4.0, we could start this project.
  • We appreciate the OpenSSH project.
    The options '-ddd' of sshd, '-vvv' of ssh and the compile options '-DPACKET_DEBUG', '-DDEBUG_KEXDH' and '-DDEBUG_KEX' were very useful in debugging JSch.
  • We appreciate IETF sesch working group and SSH Communications Security Corp.
    Without the standardization of the protocol, we could not get the chance to implement JSch.
  • We appreciate Seigo Haruyama, who are interpreting drafts of SSH2 protocol in Japanese.
    His works were very useful for us to understand the technical terms in our native language.
  • We also appreciate SourceForge's awesome service to the Open Source Community.

Comments/suggestions are accepted at jsch@jcraft.com.

``SSH is a registered trademark and Secure Shell is a trademark of SSH Communications Security Corp (www.ssh.com)''.