JSch - Java Secure Channel
JSch is a pure Java implementation of
JSch allows you to connect to an sshd server and use port forwarding, X11 forwarding, file transfer, etc., and you can integrate its functionality into your own Java programs. JSch is licensed under BSD style license.
Originally, our motivation to develop this stuff is to allow users of our pure java X servers, WiredX, to enjoy secure X sessions. So, our efforts had mostly targeted to implement the SSH2 protocol for X11 forwarding. Of course, however, we are now also interested in adding other functionality like port forward, file transfer, terminal emulation, etc.
Needless to say, SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt, authenticate, and compress transmitted data. The SSH protocol is available in two incompatible varieties: SSH1 and SSH2. SSH2 was invented to avoid the patent issues regarding RSA (RSA patent has expired), and to fix some data integrity problem that SSH1 has, and for a number of other technical reasons. SSH2 protocol has been standardized on IETF Secure Shell working group and drafts related to SSH2 protocol are available on the web. In developing JSch, we are now referring to following documents:
- SSH Protocol Architecture
- SSH Transport Layer Protocol
- Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol
- SSH Connection Protocol
- SSH Authentication Protocol
The current JSch has the following features.
- JSch is in pure Java, but it depends on JavaTM Cryptography Extension (JCE). JSch has been known to work with:
- SSH2 protocol support.
- Key exchange: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
- Cipher: blowfish-cbc,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-ctr,arcfour,arcfour128,arcfour256
- MAC: hmac-md5, hmac-sha1, hmac-md5-96, hmac-sha1-96
- Host key type: ssh-dss,ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
- Userauth: password
- Userauth: publickey(DSA,RSA,ECDSA)
- Userauth: keyboard-interactive
- Userauth: gssapi-with-mic
- X11 forwarding
- xauth spoofing
- connection through HTTP proxy.
- connection through SOCKS5 proxy.
- port forwarding.
- stream forwarding.
- signal sending. The unofficial patch for sshd of openssh will be found in this thread.
- envrironment variable passing.
- remote exec.
- generating DSA and RSA key pairs.
- supporting private keys in OpenSSL(traditional SSLeay) and PKCS#8 format.
- changing the passphrase for a private key.
- partial authentication
- SSH File Transfer Protocol(version 0, 1, 2, 3)
- packet compression: zlib, firstname.lastname@example.org JZlib has been used.
- hashed known_hosts file.
- NONE Cipher switching. High Performace Enabled SSH/SCP supports NONE Cipher switching. Refer to ScpToNoneCipher.java.
- JSch is licensed under BSD style license.
How To Try
The downloadable archive includes the source code of JSch and some examples. For example, current archive includes a simple Java program, which demonstrates X11 forwarding. Please refer to '/examples/README' file. Here are examples included in the current archive.
Applications using JSch
We have recognized that the following applications have used JSch.
- Ant(1.6 or later).
JSch has been used for Ant's sshexec and scp tasks.
Our Eclipse-CVSSSH2 plug-in has been included in Eclipse SDK 3.0. This plug-in will allow you to get ssh2 accesses to remote CVS repository by JSch.
- NetBeans 5.0(and later)
- Jakarta Commons VFS
- Maven Wagon
- Rational Application Devloper for WebSphere Software
- HP Storage Essentials
- Trac WikiOutputStreamPlugin
md5sum: 5c37c1fe15ee6690fcc18b305f2d2659 jsch-0.1.53.zip
- jsch-0.1.53.jar(278,297 bytes)
md5sum: 14565d82bc94c312dce42a71c3d79034 jsch-0.1.53.jar
- JSch has been available at the cenral maven repository.
- Jar files have been signed our PGP key, and our public key has been
located on hkp://pgp.mit.edu. You will be get it with
$ gpg --keyserver hkp://pgp.mit.edu --recv-keys CA7FA1F0
- JSch for J2ME
- JCTerm is a pure java terminal emulator.
- jsch-agent-proxy is a proxy to ssh-agent and Pageant in Java.
- CVS-SSH2 Plug-in for Eclipse.
This list deals with everything related to JSch; support, suggestions, announcments, etc.
Go to Subscribe/Unsubscribe/Preferences, Archives.
- Implementing SSH in Java(in Japanese) presented at 1000speakers@sendai
- Man-in-the-Middle Attack for SSH with Scala and JSch(in Japanese) presented at Tohoku IT Security Study Session#1
Credits and Acknowledgements
JSch has been developed by ymnk and it can not be hacked without several help.
- First of all, we want to thank JCE team at Sun Microsystems.
For long time, we had planed to implement SSH2 in pure Java, but we had hesitated to do because tons of work must be done for implementing ciphers, hashes, etc., from the scratch. Thanks to newly added functionalities to J2SE 1.4.0, we could start this project.
- We appreciate the OpenSSH project.
The options '-ddd' of sshd, '-vvv' of ssh and the compile options '-DPACKET_DEBUG', '-DDEBUG_KEXDH' and '-DDEBUG_KEX' were very useful in debugging JSch.
- We appreciate IETF sesch working group and SSH Communications Security Corp.
Without the standardization of the protocol, we could not get the chance to implement JSch.
- We appreciate Seigo Haruyama, who are interpreting drafts of SSH2 protocol in Japanese.
His works were very useful for us to understand the technical terms in our native language.
- We also appreciate SourceForge's awesome service to the Open Source Community.
Comments/suggestions are accepted at
``SSH is a registered trademark and Secure Shell is a trademark of SSH Communications Security Corp (www.ssh.com)''.