Gangmax Blog

Fix clj-ssh 'UnknownHostKey' issue

clj-ssh“ is a Clojure ssh library using jsch.

I got the following problem when using it:

1
2
3
4
user=> (use 'clj-ssh.cli)
nil
user=> (ssh "10.247.98.74" "ls -la" :username "root" :password "ChangeMe1!")
JSchException UnknownHostKey com.jcraft.jsch.Session.checkHost

The reason of this issue is explained here: The system already adds ECDSA host key into the “~/.ssh/known_hosts” file, however JSch prefers RSA host key which cannot be found in the “known_hosts”. The fix is to install JCE to enable ECDSA in JSch. The steps comes from here:

  1. Download “Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8“ for JDK 1.8.

  2. Unzip the downloaded “jce_policy-8.zip” file and put the jar files(“local_policy.jar” and “US_export_policy.jar”) into your local JRE security library directory, such as “/usr/lib/jvm/java-8-oracle/jre/lib/security/“.

Now you can try the same code and it should OK now:

1
2
3
4
user=> (use 'clj-ssh.cli)
nil
user=> (ssh "10.247.98.74" "ls -la" :username "root" :password "ChangeMe1!")
{:exit 0, :out "total 108\ndrwx------ 11 root root 4096 Jul 27 10:06 .\ndrwxrwxrwt 29 root root 4096 Jul 27 06:40 ..\n-rw------- 1 root root 33495 Jul 28 03:26 .bash_history\n-rw-r--r-- 1 root root 10 Jun 22 18:26 .bashrc\ndrwxr-xr-x 2 root root 4096 Jul 18 03:24 .cassandra\n-rw-r--r-- 1 root root 26 Jun 22 18:26 .gitconfig\ndrwx------ 2 root root 4096 Jun 22 18:13 .gnupg\ndrwxr-xr-x 5 root root 4096 Jul 18 03:38 .gradle\ndrwx------ 3 root root 4096 Jul 18 03:18 .local\ndrwxr-xr-x 2 root root 4096 Jun 22 18:24 .oracle_jre_usage\n-rw------- 1 root root 1024 Jul 18 03:18 .rnd\ndrwx------ 2 root root 4096 Jul 18 03:13 .ssh\ndrwxr-xr-x 3 root root 4096 Jun 22 18:21 .subversion\n-rw------- 1 root root 8289 Jul 27 10:06 .viminfo\n-rw-r--r-- 1 root root 539 Jul 28 03:14 1.txt\ndrwxr-xr-x 2 root root 4096 Sep 21 2014 bin\ndrwxr-xr-x 3 root root 4096 Jul 18 03:34 code\n", :err ""}

Comments