sshj - SSHv2 library for Java
Getting SSHJ
To get SSHJ, you have two options:
-
Add a dependency to SSHJ to your project.
-
Build SSHJ yourself.
And, if you want, you can also run the SSHJ examples.
Binary releases of SSHJ are not provided here, but you can download it straight from the Maven Central repository if you want to.
Depending on SSHJ
If you’re building your project using Maven, you can add the following dependency to the pom.xml
:
<dependency>
<groupId>com.hierynomus</groupId>
<artifactId>sshj</artifactId>
<version>0.30.0</version>
</dependency>
If your project is built using another build tool that uses the Maven Central repository, translate this dependency into the format used by your build tool.
Building SSHJ
-
Clone the SSHJ repository.
-
Ensure you have Java6 installed with the Unlimited strength Java Cryptography Extensions (JCE).
-
Run the command
./gradlew clean build
.
Running the examples
In the examples
directory, there is a separate Maven project that shows how the library can be used in some sample cases. If you want to run them, follow these guidelines:
-
Install Maven 2.2.1 or up.
-
Clone the Overthere repository.
-
Go into the
examples
directory and run the commandmvn eclipse:eclipse
. -
Import the
examples
project into Eclipse. -
Change the login details in the example classes (address, username and password) and run them!
Features of the library include:
-
reading known_hosts files for host key verification
-
publickey, password and keyboard-interactive authentication
-
command, subsystem and shell channels
-
local and remote port forwarding
-
scp + complete sftp version 0-3 implementation
Supported algorithms
Implementations / adapters for the following algorithms are included:
- ciphers
-
aes{128,192,256}-{cbc,ctr}
,aes{128,256}-[email protected]
,blowfish-{cbc,ctr}
,3des-{cbc,ctr}
,twofish{128,192,256}-{cbc,ctr}
,twofish-cbc
,serpent{128,192,256}-{cbc,ctr}
,idea-{cbc,ctr}
,cast128-{cbc,ctr}
,arcfour
,arcfour{128,256}
SSHJ also supports the following extended (non official) ciphers:camellia{128,192,256}-{cbc,ctr}
,camellia{128,192,256}-{cbc,ctr}@openssh.org
- key exchange
-
diffie-hellman-group1-sha1
,diffie-hellman-group14-sha1
,diffie-hellman-group14-sha256
,diffie-hellman-group15-sha512
,diffie-hellman-group16-sha512
,diffie-hellman-group17-sha512
,diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
,diffie-hellman-group-exchange-sha256
,ecdh-sha2-nistp256
,ecdh-sha2-nistp384
,ecdh-sha2-nistp521
,[email protected]
SSHJ also supports the following extended (non official) key exchange algorithms: `[email protected]`, `diffie-hellman-group15-sha256`, `[email protected]`, `[email protected]`, `diffie-hellman-group16-sha256`, `[email protected]`, `[email protected]`, `[email protected]`
- signatures
-
ssh-rsa
,ssh-dss
,ecdsa-sha2-nistp256
,ecdsa-sha2-nistp384
,ecdsa-sha2-nistp521
,ssh-ed25519
,ssh-rsa2-256
,ssh-rsa2-512
- mac
-
hmac-md5
,hmac-md5-96
,hmac-sha1
,hmac-sha1-96
,hmac-sha2-256
,hmac-sha2-512
,hmac-ripemd160
,[email protected]
[email protected]
,[email protected]
,[email protected]
,[email protected]
,[email protected]
,[email protected]
,[email protected]
- compression
-
zlib
and[email protected]
(delayed zlib) - private key files
-
pkcs5
,pkcs8
,openssh-key-v1
,[email protected]
,[email protected]
If you need something that is not included, it shouldn’t be too hard to add (do contribute it!)
Comparing to other implementations
Dependencies
Java 6+. slf4j is required. bouncycastle is highly recommended and required for using some of the crypto algorithms. jzlib is required for using zlib compression.
Reporting bugs
Issue tracker: https://github.com/hierynomus/sshj/issues
Contributing
Fork away!
Release history
- SSHJ 0.31.0 (????-??-??)
-
-
Merged #630: Add support for
[email protected]
and[email protected]
ciphers -
Merged #636: Improved Android compatibility
-
- SSHJ 0.30.0 (2020-08-17)
-
-
BREAKING CHANGE: Removed
setSignatureFactories
andgetSignatureFactories
from the Config and switched them forgetKeyAlgorithms
andsetKeyAlgorithms
-
Fixed #588: Add support for
ssh-rsa2-256
andssh-rsa2-512
signatures -
Merged #579: Fix NPE in OpenSSHKnownHosts
-
Merged #587: Add passwordfinder retry for OpenSSHKeyV1KeyFile
-
Merged #586: Make KeyType compatible with Android Store
-
Merged #593: Change
UserAuth.getAllowedMethods()
to Collection return type -
Merged #595: Allow reading arbitrary length keys
-
Merged #591: Allow to query SFTP extensions
-
Merged #603: Add method to create Stateful SFTP client
-
Merged #605: Use Daemon threads to avoid blocking JVM shutdown
-
Merged #606: Always use the JCERandom RNG by default
-
Merged #609: Clear passphrase after use to prevent security issues
-
Merged #618: Fix localport of DirectConnection for use with OpenSSH > 8.0
-
Merged #619: Upgraded BouncyCastle to 1.66
-
Merged #622: Send 'ext-info-c' with KEX algorithms
-
Merged #623: Fix transport encoding of
nistp521
signatures -
Merged #607: Fix mathing pubkeys to key algorithms
-
Merged #602: Fix RSA certificate key determination
-
- SSHJ 0.27.0 (2019-01-24)
-
-
Fixed #415: Fixed wrongly prefixed '/' to path in SFTPClient.mkdirs
-
Added support for ETM (Encrypt-then-Mac) MAC algorithms.
-
Fixed #454: Added missing capacity check for Buffer.putUint64
-
Fixed #466: Added lock timeout for remote action to prevent hanging
-
Fixed #470: Made EdDSA the default (first) signature factory
-
Fixed #467: Added AES256-CBC as cipher mode in openssh-key-v1 support
-
Fixed #464: Enabled [email protected] in DefaultConfig
-
Fixed #472: Handle server initiated global requests
-
Fixed #485: Added support for all keytypes to openssh-key-v1 keyfiles.
-
- SSHJ 0.26.0 (2018-07-24)
-
-
Fixed #413: Use UTF-8 for PrivateKeyFileResource
-
Fixed #427: Support encrypted ed25519 openssh-key-v1 files
-
Upgraded BouncyCastle to 1.60
-
Added support for [email protected] MAC
-
- SSHJ 0.24.0 (2018-04-04)
- SSHJ 0.23.0 (2017-10-13)
- SSHJ 0.22.0 (2017-08-24)
- SSHJ 0.21.1 (2017-04-25)
-
-
Merged #322: Fix regression from 40f956b (invalid length parameter on outputstream)
-
- SSHJ 0.21.0 (2017-04-14)
-
-
Merged #319: Added support for
[email protected]
and[email protected]
certificate key files -
Upgraded Gradle to 3.4.1
-
Merged #305: Added support for custom string encoding
-
Fixed #312: Upgraded BouncyCastle to 1.56
-
- SSHJ 0.20.0 (2017-02-09)
- SSHJ 0.19.1 (2016-12-30)
-
-
Enabled PKCS5 Key files in DefaultConfig
-
Merged #291: Fixed sshj.properties loading and chained exception messages
-
Merged #284: Correctly catch interrupt in keepalive thread
-
Fixed #292: Pass the configured RandomFactory to Diffie Hellman KEX
-
Fixed #256: SSHJ now builds if no git repository present
-
LocalPortForwarder now correctly interrupts its own thread on close()
-
- SSHJ 0.19.0 (2016-11-25)
- SSHJ 0.18.0 (2016-09-30)
-
-
Fixed Android compatibility
-
Upgrade to Gradle 3.0
-
Merged #271: Load known_hosts without requiring BouncyCastle
-
Merged #269: Brought back Java6 support by popular demand
-
Merged #267: Added support for per connection logging (Fixes #264)
-
Fixed toString of sftp FileAttributes (Fixes #258)
-
Fixed #255: No longer depending on 'privately marked' classes in
net.i2p.crypto.eddsa.math
package, fixes OSGI dependencies
-
- SSHJ 0.17.2 (2016-07-07)
-
-
Treating SSH Server identification line ending in '\n' instead of '\r\n' leniently.
-
- SSHJ 0.17.1 (2016-07-06)
-
-
Improved parsing of the SSH Server identification. Too long header lines now no longer break the protocol.
-
- SSHJ 0.17.0 (2016-07-05)
-
-
Introduced breaking change in SFTP copy behaviour: Previously an SFTP copy operation would behave differently if both source and target were folders with different names. In this case instead of copying the contents of the source into the target directory, the directory itself was copied as a sub directory of the target directory. This behaviour has been removed in favour of the default behaviour which is to copy the contents of the source into the target. Bringing the behaviour in line with how SCP works.
-
Fixed #252 (via: #253): Same name subdirs are no longer merged by accident
-
- SSHJ 0.16.0 (2016-04-11)
-
-
Fixed #239: Remote port forwards did not work if you used the empty string as address, or a catch-all address.
-
Fixed #242: Added OSGI headers to sources jar manifest
-
Fixed #236: Remote Port forwarding with dynamic port allocation fails with BufferUnderflowException
-
Upgraded gradle distribution to 2.12
-
Closed #234: Dropped Java6 support (0.15.0 was already Java6 incompatible due to Java7 dependency)
-
Fixed #118: Added configuration switch for waiting on a server ident before sending the client ident.
-
Fixed #114: Added javadoc that you always need to call close() on a Command before inspecting the exit codes.
-
Fixed #237: Fixed race condition if a
[email protected]
global request is received directly after a successful auth.
-
- SSHJ 0.15.0 (2015-11-20)
- SSHJ 0.14.0 (2015-11-04)
-
-
Fixed #171: Added support for
[email protected]
key exchange algorithm -
Added support for
ecdh-sha2-nistp256
,ecdh-sha2-nistp384
andecdh-sha2-nistp521
key exchange algorithms -
Fixed #167: Added support for
diffie-hellman-group-exchange-sha1
anddiffie-hellman-group-exchange-sha256
key exchange methods -
Fixed #212: Configure path escaping to enable shell expansion to work correctly
-
Merged #210: RemoteFileInputStream.skip returns wrong value (Fixes #209)
-
Merged #208: Added SCP bandwidth limitation support
-
Merged #211: Made keyfile format detection more robust
-
- SSHJ 0.13.0 (2015-08-18)
- SSHJ 0.12.0 (2015-04-14)
-
-
Added support for HTTP proxies when running JDK6 or JDK7, fixes: #170
-
Merged #186: Fix for detecting end-of-stream
-
Correctly close socket and channel when LocalPortForwarder fails to open and start the channel (Fixes #175 and #176)
-
Merged #181: Invalid write packet length when reading with offset (Fixes #180)
-
- SSHJ 0.11.0 (2015-01-23)
-
-
New maven coordinates
com.hierynomus:sshj:0.11.0
as @hierynomus took over as maintainer of SSHJ -
Migrated build system to Gradle 2.2.1
-
Merged #150: Fix for incorrect file handle on some SSH servers, fixes: #54, #119, #168, #169
-
Made
jzlib
optional in OSGi bundling, fixes: #162 -
Improved some log levels, fixes: #161
-
Merged #156, #164, #165: Fixed block sizes for
hmac-sha2-256
andhmac-sha2-512
-
Merged #141: Add proxy support
-
Upgraded BouncyCastle to 1.51, fixes: #142
-
Implemented keep-alive with connection drop detection, fixes #166
-