JSch: UnknownHostKey exception when Host Key is in known_hosts AND after adding JCE

Question

I\'ve been working with JSch for a project, connecting to a Unix server. Having some trouble connecting to a server using ecdsa-sha2-nistp256 for the key exchange.

T

Answer 1

As the Q you linked says and your log shows, ecdsa-sha2-nistp256 is supported but ssh-rsa is preferred, and since the server you are connecting to obviously supports RSA, that is used. And you apparently do not have the RSA key in your known_hosts.

In addition to the easy option of getting the RSA key with ssh as in the linked Q or perhaps more easily with ssh-keyscan, a quick look at the source suggests if you do

Session.setConfig("server_host_key","ecdsa-sha2-nistp256")

before connecting it should permit only that hostkey, and assuming that's the key you have for that server in known_hosts it should work, but I haven't tested.

Aside: by "enable JCE" I assume you mean installing the JCE Unlimited Strength Jurisdiction Policy Files as described in the answer to JSch Algorithm negotiation fail . JCE itself has been included in every JRE since about 2005. Unlimited policy only helps if you need a symmetric cipher over 128 bits, as in that Q, whereas your log shows that your server agrees to AES-128.