JCraft

JSch - Java Secure Channel

JSch is a pure Java implementation of SSH2.
JSch allows you to connect to an sshd server and use port forwarding, X11 forwarding, file transfer, etc., and you can integrate its functionality into your own Java programs. JSch is licensed under BSD style license.

Why JSch?

Originally, our motivation to develop this stuff is to allow users of our pure java X servers, WiredX,which boards Boeing 787 Dreamliner)-->, to enjoy secure X sessions. So, our efforts had mostly targeted to implement the SSH2 protocol for X11 forwarding. Of course, however, we are now also interested in adding other functionality like port forward, file transfer, terminal emulation, etc.

SSH2

Needless to say, SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt, authenticate, and compress transmitted data. The SSH protocol is available in two incompatible varieties: SSH1 and SSH2. SSH2 was invented to avoid the patent issues regarding RSA (RSA patent has expired), and to fix some data integrity problem that SSH1 has, and for a number of other technical reasons. SSH2 protocol has been standardized on IETF Secure Shell working group and drafts related to SSH2 protocol are available on the web. In developing JSch, we are now referring to following documents:

• SSH Protocol Architecture
• SSH Transport Layer Protocol
• Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol
• SSH Connection Protocol
• SSH Authentication Protocol

Features

The current JSch has the following features.

• JSch is in pure Java, but it depends on JavaTM Cryptography Extension (JCE). JSch is know to work with:
  • J2SE 1.4.0 or later (no additional libraries required).
  • J2SE 1.3 and Sun's JCE reference implementation that can be obtained at java.sun.com/products/jce/.
  • J2SE 1.2.2 and later and Bouncycastle's JCE implementation that can be obtained at www.bouncycastle.org/.
• SSH2 protocol support.
• Key exchange: diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1
• Cipher: blowfish-cbc,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-ctr,arcfour,arcfour128,arcfour256
• MAC: hmac-md5, hmac-sha1, hmac-md5-96, hmac-sha1-96
• Host key type: ssh-dss,ssh-rsa
• Userauth: password
• Userauth: publickey(DSA,RSA)
• Userauth: keyboard-interactive
• Userauth: gss-api-with-mic
• X11 forwarding
• xauth spoofing
• connection through HTTP proxy.
• connection through SOCKS5 proxy.
• port forwarding.
• stream forwarding.
• signal sending. The unofficial patch for sshd of openssh will be found in this thread.
• envrironment variable passing.
• remote exec.
• generating DSA and RSA key pairs.
• changing the passphrase for a private key.
• partial authentication
• SSH File Transfer Protocol(version 0, 1, 2, 3)
• packet compression: zlib, zlib@openssh.com JZlib has been used.
• hashed known_hosts file.
• NONE Cipher switching. High Performace Enabled SSH/SCP supports NONE Cipher switching. Refer to ScpToNoneCipher.java.
• JSch is licensed under BSD style license.

How To Try

The downloadable archive includes the source code of JSch and some examples. For example, current archive includes a simple Java program, which demonstrates X11 forwarding. Please refer to '/examples/README' file. Here are examples included in the current archive.

Applications using JSch

We have recognized that the following applications have used JSch.

• Ant(1.6 or later).
  JSch has been used for Ant's sshexec and scp tasks.
• Eclipse(3.0).
  Our Eclipse-CVSSSH2 plug-in has been included in Eclipse SDK 3.0. This plug-in will allow you to get ssh2 accesses to remote CVS repository by JSch.
• NetBeans 5.0(and later)
• Jakarta Commons VFS
• Maven Wagon
• Rational Application Devloper for WebSphere Software
• HP Storage Essentials
• JIRA
• Trac WikiOutputStreamPlugin

Download

• jsch-0.1.44.zip(283,903 bytes)--> jsch-0.1.49.zip(312,322 bytes)
  md5sum:    e9ebc9c72d968ff3821b6ea2b4959a5f   jsch-0.1.49.zip
• jsch-0.1.49.jar(227,436 bytes)
  md5sum:    efaa9c50b37df2274a4bb74f91ca0ff8   jsch-0.1.49.jar

Maven Repository

• JSch has been available at the cenral maven repository.
• Jar files have been signed our PGP key, and our public key has been located on hkp://pgp.mit.edu. You will be get it with
  $ gpg --keyserver hkp://pgp.mit.edu --recv-keys CA7FA1F0

Related Programs

• JSch for J2ME
• JCTerm is a pure java terminal emulator.
• jsch-agent-proxy is a proxy to ssh-agent and Pageant in Java.
• CVS-SSH2 Plug-in for Eclipse.

Mailing List

• JSch-users
  This list deals with everything related to JSch; support, suggestions, announcments, etc.
  Go to Subscribe/Unsubscribe/Preferences,  Archives.

Presentations

• Implementing SSH in Java(in Japanese) presented at 1000speakers@sendai
• Man-in-the-Middle Attack for SSH with Scala and JSch(in Japanese) presented at Tohoku IT Security Study Session#1

Credits and Acknowledgements

JSch has been developed by ymnk and it can not be hacked without several help.

• First of all, we want to thank JCE team at Sun Microsystems.
  For long time, we had planed to implement SSH2 in pure Java, but we had hesitated to do because tons of work must be done for implementing ciphers, hashes, etc., from the scratch. Thanks to newly added functionalities to J2SE 1.4.0, we could start this project.
• We appreciate the OpenSSH project.
  The options '-ddd' of sshd, '-vvv' of ssh and the compile options '-DPACKET_DEBUG', '-DDEBUG_KEXDH' and '-DDEBUG_KEX' were very useful in debugging JSch.
• We appreciate IETF sesch working group and SSH Communications Security Corp.
  Without the standardization of the protocol, we could not get the chance to implement JSch.
• We appreciate Seigo Haruyama, who are interpreting drafts of SSH2 protocol in Japanese.
  His works were very useful for us to understand the technical terms in our native language.
• We also appreciate SourceForge's awesome service to the Open Source Community.

Comments/suggestions are accepted at jsch@jcraft.com.