Sachith Withana | 2 Apr 17:29 2014
Picon

Allowing multiple users to use Kerberos

Hi all,

I need to configure my Kerberos application to be used by multiple users ( it's hosted). 
So I have to provide the ticket location for each user when a new session is created for that user.

I'm using the login.conf to provide the user ticket location,  it's not a good solution to be used with multiple users since I'd have to generate login.conf files on the fly.

is there a good way of providing the user ticket cache without providing it through a static conf file to JSCH?

problem scenario:
login to a site using certain credentials, the the ticket will be generated for you to be used with the java application. it's all automated. 

--
Thanks,
Sachith Withana

------------------------------------------------------------------------------
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
Atsuhiko Yamanaka | 18 Mar 15:23 2014

ANNOUNCE: JSch 0.1.51

Hi there,

JSch 0.1.51 has been released.
It is available at
  http://sourceforge.net/projects/jsch/files/jsch/0.1.51/jsch-0.1.51.zip/download
and its md5sum is 89d0ff6d36040622da0a482e51d87725
And you can get its byte code in jar file format at
  http://sourceforge.net/projects/jsch/files/jsch.jar/0.1.51/jsch-0.1.51.jar/download
and its md5sum is de3a2b0d03295f167fea1904939443cf

Changes since version 0.1.50:
- bugfix: reproducibility of "verify: false".   FIXED.
          The hundreds of thousands connections had caused that exception.
- bugfix: resource leaks at the failure of making local port forwarding. FIXED.
- bugfix: NPE in connecting to the non-standard TCP port.  FIXED.
          This problem had appeared if a host-key does not exist in
          "known_host" file.
- bugfix: TCP connection may not be dropped if error messages from
          the remote are too long.                          FIXED.
- bugfix: SftpATTRS#getAtimeString() returns the wrong string. FIXED.
- bugfix: bytes to be added by SSH_MSG_CHANNEL_WINDOW_ADJUST must be in
          unsigned integer. FIXED.
- bugfix: Util#checkTilde() should not convert a tilde in
          "C:\PROGRA~1\". FIXED.
- bugfix: A long long command for ChannelExec will cause
          an ArrayIndexOutOfBoundsException. FIXED.
- bugfix: ChannelSftp should not send bulk request greedily even if the remote
          window has the enough space.  FIXED.
- bugfix: Util.createSocket() should throw an exception with 'cause'. FIXED.
- bugfix: failed to parse .ssh/config in the EBCDIC environment. FIXED.
- bugfix: com.jcraft.jsch.jcraft.HMACSHA1(used only for MacOSX) is not
          reusable.  FIXED.
- bugfix: NPE caused by the delayed response for channel opening
          requests. FIXED.
- bugfix: hung-up in uploading huge data to ProFTPd without the config
          'SFTPClientMatch "JSCH.*" channelWindowSize 1GB'  FIXED.
- bugfix: Cipher#init() may cause an infinite loop with 100% cpu use due to
          https://bugs.openjdk.java.net/browse/JDK-8028627  FIXED.
- bugfix: in some case, JSche#setKnowHosts(InputStream stream) may fail
          to close the given stream.  FIXED
- change: com.jcraft.jsch.jcraft.HMAC* will not be used.
          It seems Java6 on Mac OS X has fixed some memory leak bug in JCE,
          so there is no reason to use c.j.j.j.HMAC* introduced at 0.1.30.
- change: updating copyright messages; 2013 -> 2014
- change: allowed to create the symbolic/hard link to the relative path by
          ChannelSftp#symlink(String oldpath, String newpath)
          ChannelSftp#hardlink(String oldpath, String newpath)
- change: the availability of ciphers listed in "CheckCiphers" config will
          not be checked if they are not used.
- change: Util#fromBase64() will throw JSchException in stead of
          RuntimeException, if the given string is not in base64 format.
- feature: added the support for private keys in PKCS#8 format.
- feature: introduced the interface com.jcraft.jsch.PBKDF to abstract
           the implementation of Password-Based Key Derivation Function,
           and added its implementation com.jcraft.jsch.jce.PBKDF by using JCE.

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
Usha Ladkani | 12 Mar 13:26 2014
Picon

ERROR : com.jcraft.jsch.JSchException: Session.connect: java.io.IOException: End of IO Stream Read

Hi,

I am connecting to SFTP server using jsch-0.1.49 client.
Using algorithm hmac-sha2-256 , But it is failing with below error.
Could you please suggest why its happening.



INFO: Connecting to 9.126.142.193 port 2222
INFO: Connection established
INFO: Remote version string: SSH-2.0-${POM.ARTIFACTID}-${POM.VERSION}
INFO: Local version string: SSH-2.0-JSCH-0.1.49
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: aes256-ctr is not available.
INFO: aes192-ctr is not available.
INFO: aes256-cbc is not available.
INFO: aes192-cbc is not available.
INFO: arcfour256 is not available.
INFO: CheckKexes: diffie-hellman-group14-sha1
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
INFO: kex: server: ssh-rsa
INFO: kex: server: aes128-cbc,3des-cbc
INFO: kex: server: aes128-cbc,3des-cbc
INFO: kex: server: hmac-md5,hmac-sha1,hmac-md5-96,hmac-sha1-96,hmac-sha2-256,hmac-sha2-512
INFO: kex: server: hmac-md5,hmac-sha1,hmac-md5-96,hmac-sha1-96,hmac-sha2-256,hmac-sha2-512
INFO: kex: server: none
INFO: kex: server: none
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
INFO: kex: client: ssh-rsa,ssh-dss
INFO: kex: client: 3des-cbc,aes128-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO: kex: client: hmac-sha2-256
INFO: kex: client: hmac-sha2-256
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: kex: server->client aes128-cbc hmac-sha2-256 none
INFO: kex: client->server 3des-cbc hmac-sha2-256 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: ssh_rsa_verify: signature true
WARN: Permanently added '9.126.142.193' (RSA) to the list of known hosts.
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: Disconnecting from 9.126.142.193 port 2222
com.jcraft.jsch.JSchException: Session.connect: java.io.IOException: End of IO Stream Read
        at com.jcraft.jsch.Session.connect(Session.java:534)
        at com.jcraft.jsch.Session.connect(Session.java:162)
        at com.ibm.bcg.sftpclient.impl.JSCHMain.main(JSCHMain.java:44)
com.jcraft.jsch.JSchException: Session.connect: java.io.IOException: End of IO Stream Read

Thanks and Regards,
Usha
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
Sachith Withana | 10 Mar 15:53 2014
Picon

SSH key forwading

Hi all,

Does JSCH support SSH key forwarding capability?

Problem would be to copy a file from one server to another using my public key. 

I did it using the terminal. I'm wondering how to implement that through jCraft.

Any help is appreciated!


--
Thanks,
Sachith Withana

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
Mark.Glass | 24 Feb 21:56 2014

Dropped Connections using JSCH

We are using JSCH in an application compiled with Oracle JDK 1.6

We obtain, occasionally, a connection refused exception.

Are there any known issues with JSCH regarding dropped connections?

If so, is there a best-practice for the tool that will avoid this problem?

Thank you.
_________________________________________________________________
This communication (including any attachments) contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please do not distribute, copy or use this communication or the information. Instead, if you have received this communication in error, please notify the sender immediately and then destroy any copies of it.
Due to the nature of the Internet, the sender is unable to ensure the
integrity of this message and does not accept any liability or responsibility for any errors or omissions (whether as the result of this message having been intercepted or otherwise) in the contents of this message. Any views expressed in this communication are those of the individual sender, except where the sender specifically states them to be the views of the company.
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
Sachith Withana | 20 Feb 17:43 2014
Picon

Kerberos Jsch Help

Hi all,

I need to get kerberos working through Java. ( SSH using the kerberos ticket)
Currently it works with the terminal ( ssh host command) using the gssapi-with-mic

But I'm having trouble getting it working with the JSCH library in Java.
Here's the code snippet I tried. ( pastebin:  http://pastebin.com/sX8pUQSq)

Any suggestion is highly appreciated ..!!

JSch jsch = new JSch();
        jsch.setLogger(new MyLogger());

        System.setProperty("java.security.krb5.conf", "/Users/swithana/git/KerberosConnector/src/main/resources/krb5.conf");
        System.setProperty("java.security.auth.login.config", "/Users/swithana/git/KerberosConnector/src/main/resources/mylogin.conf");
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "true");


        try {
            jsch.addIdentity(privateKey,paraphrase);
            jsch.setKnownHosts("/Users/swithana/.ssh/known_hosts");

            Session session = jsch.getSession(user, host, 22);
            Properties config = new java.util.Properties();
            config.put("StrictHostKeyChecking", "no");
            config.put("PreferredAuthentications",
                    "gssapi-with-mic,publickey,password,keyboard-interactive");

            session.setConfig(config);
            session.connect(20000);

            Channel channel = session.openChannel("exec");
            ((ChannelExec) channel).setCommand( command);
            channel.setInputStream(null);
            ((ChannelExec) channel).setErrStream(System.err);

--
Thanks,
Sachith Withana

------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
Nicolas Kukolja | 19 Feb 13:07 2014
Picon

Problem transferring files larger than 4GB via SFTP

Hi,
 
I am implementing a java application that transfers (large) files to an ftp-server, using sftp (JSch).
 
Everything works fine so far with small files. But if a file is larger, the transfer hangs always at about 4GB - 4,1GB and doesn't move on.
After 10 minutes, I get an "java.io.IOException: Pipe closed". The "rekey"-Param (http://www.proftpd.org/docs/contrib/mod_sftp.html#SFTPRekey) of the server is configured to 500MB, and the key exchange seems to work fine, as the server log tells me.
 
Does anyone have a suggestion, what I am doing wrong?
If you need any more information, please give me a hint...
 
Kind regards,
Nicolas
 
 
 
Environment:
Client:
- Windows 2008 Server
- Java 1.6.0_45 x64
- Java application using JSch 0.1.50.jar
 
Server:
- Solaris 10
- FTP-Server: http://www.proftpd.org
 
 
 
My connect-method:
   public boolean connect( Long orderId )
   {
      try
      {
         this.jSch = new JSch();
         logger.info( "[Order:" + orderId + "] Connecting to SFTP-Server: " + this.username + ":" + this.password + " <at> " + this.host + ":" + this.port );
         // create session
         this.sftpSession = this.jSch.getSession( this.username, this.host, this.port );
         // build config
         Hashtable<String,String> config = new Hashtable<String,String>();
         config.put( "StrictHostKeyChecking", "no" );
         this.sftpSession.setConfig( config );
         this.sftpSession.setPassword( this.password );
         // establish connection
         this.sftpSession.connect();
         this.sftpChannel = ( ChannelSftp ) this.sftpSession.openChannel( "sftp" );
         this.sftpChannel.connect();
         logger.info( "[Order:" + orderId + "] Current directory on SFTP-Server (pwd): " + this.sftpChannel.pwd() );
         if( this.ftpSubdir != null && this.ftpSubdir.length() > 0 )
         {
            logger.info( "[Order:" + orderId + "] Changing to subdirectory on SFTP-Server (cd): " + this.ftpSubdir );
            this.sftpChannel.cd( this.ftpSubdir );
            logger.info( "[Order:" + orderId + "] Current directory on SFTP-Server (pwd): " + this.sftpChannel.pwd() );
         }
      }
      catch( JSchException e )
      {
         logger.error( "[Order:" + orderId + "] Error connecting to SFTP-Server... (uri: '" + this.sftpUri + "')", e );
         return false;
      }
      catch( SftpException e )
      {
         logger.error( "[Order:" + orderId + "] Error connecting to SFTP-Server... (uri: '" + this.sftpUri + "')", e );
         return false;
      }
      return this.sftpChannel.isConnected();
   }
 
My upload-method:
   public void uploadSynchronized( String source, String target, Long filesize, Long orderId )
   {
      long overallFilesize = filesize == null ? 0 : filesize;
      long overallUploadedBytes = 0;
      long uploadedBytes = 0;
      try
      {
         if( !checkIfFileExists( source ) )
         {
            OutputStream tOut = this.sftpChannel.put( target );
            FileInputStream in = new FileInputStream( source );
            byte[] bytes = new byte[ this.chunkSize ];
            int count = in.read( bytes );
            try
            {
               while( count != -1 && count <= this.chunkSize && !this.abort )
               {
                  tOut.write( bytes, 0, count );
                  uploadedBytes = uploadedBytes + this.chunkSize;
                  if( uploadedBytes >= BYTES_TO_LOG )
                  {
                     overallUploadedBytes = overallUploadedBytes + uploadedBytes;
                     uploadedBytes = 0;
                     logger.info( "[Order:" + orderId + "] " + overallUploadedBytes / MEGA_BYTE + "MB of " + overallFilesize / MEGA_BYTE
                           + "MB uploaded (source: '" + source + "', target: '" + target + "')" );
                  }
                  count = in.read( bytes );
               }
            }
            finally
            {
               in.close();
               tOut.close();
            }
         }
         else
         {
            this.success = false;
            logger.error( "[Order:" + orderId + "] Error uploading file... (source: '" + source + "', target: '" + target
                  + "'): File already exists on SFTP-Server" );
         }
      }
      catch( IOException e )
      {
         this.success = false;
         logger.error( "[Order:" + orderId + "] Error uploading file... (source: '" + source + "', target: '" + target + "')", e );
      }
      catch( SftpException e )
      {
         this.success = false;
         logger.error( "[Order:" + orderId + "] Error uploading file... (source: '" + source + "', target: '" + target + "')", e );
      }
      catch( Exception e )
      {
         this.success = false;
         logger.error( "[Order:" + orderId + "] Error uploading file... (source: '" + source + "', target: '" + target + "')", e );
      }
   }
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
Prakash Babu | 10 Feb 07:24 2014
Picon

jsch session connect waits indefinitely

Hi,


I am using JSCH 0.1.44 and trying to execute a remote command on a Solaris Host and the
session.connect() waits indefinitely.

JSch jsch = new JSch();
Session session = jsch.getSession(m_user, m_host, m_port);
session.connect(60000)


Jstack thread dump shows the following stack trace

java.lang.Thread.State: RUNNABLE
 at java.util.WeakHashMap.get(WeakHashMap.java:355)
 at javax.crypto.SunJCE_b.a(DashoA13*..)
 at javax.crypto.SunJCE_h.a(DashoA13*..)
 at javax.crypto.Cipher.c(DashoA13*..)
 at javax.crypto.Cipher.b(DashoA13*..)
 at javax.crypto.Cipher.a(DashoA13*..)
 - locked <0x0000000788198fd8> (a java.lang.Object)
 at javax.crypto.Cipher.init(DashoA13*..)
 at javax.crypto.Cipher.init(DashoA13*..)
 at com.jcraft.jsch.jce.ARCFOUR.init(ARCFOUR.java:54)
 at com.jcraft.jsch.Session.checkCipher(Session.java:1947)
 at com.jcraft.jsch.Session.checkCiphers(Session.java:1924)
 at com.jcraft.jsch.Session.send_kexinit(Session.java:562)
 at com.jcraft.jsch.Session.connect(Session.java:278)               
 
What could be the possible causes for this connect issue.
Any debug statements I can add to triage this issue ?
 
thanks,
Prakash
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
Andy Yang | 28 Jan 17:01 2014
Picon

Lifecycle of Sessions and SftpChannels

Hi,

A general question that isn't obvious to me from scanning the available sample code:

What is the convention for connecting/disconnecting Channels and Sessions? I got the impression that sessions and channels could be long-lived, but testing my code is suggesting that this might be a mistake.

As a simple example, if I want to download a list of files, should it be (in sort-of-pseudo-code):

        session = jsch.getSession(userId, server, 22);
        session.connect();
        ChannelSftp channel = (ChannelSftp) session.openChannel("sftp");
        channel.connect();

        for (String fname : fileList) {
            channel.get(fname, destPath);
        }

        channel.disconnect();
        session.disconnect();

Or should it be:

        session = jsch.getSession(userId, server, 22);
        session.connect();

        for (String fname : fileList) {
            ChannelSftp channel = (ChannelSftp) session.openChannel("sftp");
            channel.connect();
            channel.get(fname, destPath);
            channel.disconnect();
        }
        session.disconnect();

And should I be using setServerAliveInterval() and setDaemonThread() on the session?

I'm finding that my initial approach of keeping a single session and a single sftp channel over multiple operations results in intermittent 'inputstream closed' and 'pipe closed' errors.

Thanks,
Andy

   
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable 
security intelligence. It gives you real-time visual feedback on key
security issues and trends.  Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
Ravi Joshi | 12 Jan 18:16 2014
Picon

What are the ways to speed up JSch

Hi,

I am using JSch v0.1.50 for following three functions-
(1) Copy file from local to remote machine
(2) Copy file from remote to local machine
(3) Execute command on remote machine

I am following ScpTo.java (http://www.jcraft.com/jsch/examples/ScpTo.java.html), ScpFrom.java (http://www.jcraft.com/jsch/examples/ScpFrom.java.html) and Exec.java (http://www.jcraft.com/jsch/examples/Exec.java.html) respectively for above functionalities.

In my implementation, I have com.jcraft.jsch.Session object as a class variable which is being reused every time. I have following two questions-

(1) Why Exec.java has an an implicit sleep (line no. 84)? Can I remove/reduce this sleep?
(2) What are the ways to speed up JSch in these scenarios?


-
Thanks
Ravi

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users
salman khattak | 8 Jan 15:22 2014
Picon

"WARNING: Your password has expired" keeps coming back

We are experiencing a weird situation.
Here is the relevant log when we SSH using JSch 1.5 to SCO OpenServer(TM) Release 6.0.0

==================
SessionFactory.makeObject()
Connecting to xxxxxx.xxxxxxxx.xxx port 22
Connection established
Remote version string: SSH-2.0-OpenSSH_4.6
Local version string: SSH-2.0-JSCH-0.1.50
CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
aes256-ctr is not available.
aes192-ctr is not available.
aes256-cbc is not available.
aes192-cbc is not available.
arcfour256 is not available.
CheckKexes: diffie-hellman-group14-sha1
diffie-hellman-group14-sha1 is not available.
SSH_MSG_KEXINIT sent
SSH_MSG_KEXINIT received
kex: server: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
kex: server: ssh-rsa,ssh-dss
kex: server: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc-SamgB31n2u5IcsJQ0EH25Q@public.gmane.org,aes128-ctr,aes192-ctr,aes256-ctr
kex: server: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc-SamgB31n2u5IcsJQ0EH25Q@public.gmane.org,aes128-ctr,aes192-ctr,aes256-ctr
kex: server: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160-ZT/51Pfwho1BDgjK7y7TUQ@public.gmane.org,hmac-sha1-96,hmac-md5-96
kex: server: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160-ZT/51Pfwho1BDgjK7y7TUQ@public.gmane.org,hmac-sha1-96,hmac-md5-96
kex: server: none,zlib-ZT/51Pfwho1BDgjK7y7TUQ@public.gmane.org,zlib
kex: server: none,zlib <at> openssh.com,zlib
kex: server:
kex: server:
kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
kex: client: ssh-rsa,ssh-dss
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
kex: client: none
kex: client: none
kex: client:
kex: client:
kex: server->client aes128-ctr hmac-md5 none
kex: client->server aes128-ctr hmac-md5 none
SSH_MSG_KEXDH_INIT sent
expecting SSH_MSG_KEXDH_REPLY
ssh_rsa_verify: signature true
Permanently added 'xxxxx.xxxxxx.xxx' (RSA) to the list of known hosts.
SSH_MSG_NEWKEYS sent
SSH_MSG_NEWKEYS received
SSH_MSG_SERVICE_REQUEST sent
SSH_MSG_SERVICE_ACCEPT received
Authentications that can continue: publickey,keyboard-interactive,password
Next authentication method: publickey
Authentications that can continue: password
Next authentication method: password
Authentication succeeded (password).
SessionFactory.makeObject() exit
WARNING: Your password has expired.
Password change required but no TTY available.
alResponse[null]
=========================================================================================

Notice the second to last line. "Password change required but no TTY available."

We reset the password. Try again. It works the first time but the warning reappears immediately afterwords.
We noticed that the shadow password file gets deleted on the server after first login resulting in the warning on subsequent attempts.
We are using Jakarta Commons Pooling to create a pool of JSch sessions. Logs for SessionFactory.makeObject() refers to the pool access.

Ideas anyone? We are also in the process of contacting SCO Unix support in the meanwhile.
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
JSch-users mailing list
JSch-users@...
https://lists.sourceforge.net/lists/listinfo/jsch-users

Gmane