Can not open ssh session using JSch with JDK 8

Question

I have the following sample code which attempts to open an ssh connection

package jsch;

import com.jcraft.jsch.JSch;
import com.jcraft.jsch.JSchException;
import com.jcraft.jsch.Session;

public class Main {

  public static void main(String... args) {
    JSch jsch=new JSch();
    try {
      Session session=jsch.getSession("some_user", "some_host", 22);
      session.setPassword("some_password");
      session.setConfig("StrictHostKeyChecking", "no");
      session.connect();
      Thread.sleep(1000);
      session.disconnect();
    } catch (JSchException e) {
      e.printStackTrace();
    } catch (InterruptedException e) {
      e.printStackTrace();
    }
  }
}

If I use JDK 7 everything is ok, but if I use JDK 8 I'm getting this stack trace:

Exception in thread "main" java.lang.IllegalArgumentException: Empty nameStrings not allowed
    at sun.security.krb5.PrincipalName.validateNameStrings(PrincipalName.java:167)
    at sun.security.krb5.PrincipalName.<init>(PrincipalName.java:277)
    at sun.security.krb5.PrincipalName.parse(PrincipalName.java:315)
    at sun.security.krb5.internal.KRBError.init(KRBError.java:355)
    at sun.security.krb5.internal.KRBError.<init>(KRBError.java:186)
    at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:58)
    at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:259)
    at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:270)
    at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:302)
    at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:120)
    at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458)
    at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693)
    at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
    at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
    at com.jcraft.jsch.jgss.GSSContextKrb5.init(GSSContextKrb5.java:129)
    at com.jcraft.jsch.UserAuthGSSAPIWithMIC.start(UserAuthGSSAPIWithMIC.java:135)
    at com.jcraft.jsch.Session.connect(Session.java:463)
    at com.jcraft.jsch.Session.connect(Session.java:183)
    at jsch.Main.main(Main.java:15)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:144) 

Are there chances to fix this without hacks and use JSch with JDK8 or I should switch to another ssh library?

Answer 1

Your JDK8 apparently thinks Kerberos is installed/available, but either is mistaken or it is not working corrrectly somewhere. Although I don't use Kerberos myself, if you mean the Sun/Oracle JDKs AFAIK neither 7 nor 8 defaults to enabling Kerberos, which suggests something wrong (probably misconfigured) in your JDK 8 somewhere.

Instead of (or in addition to) finding and fixing that, it should work to tell JSCH to not use Kerberos , or at least to try other methods first:

# Q&D -- assumes default as of 0.1.53
session.setConfig ("PreferredAuthentications", 
    "publickey,keyboard-interactive,password"); 
# or 
session.setConfig ("PreferredAuthentications", 
    "publickey,keyboard-interactive,password,gssapi-with-mic");

# more robust for future
ArrayList<String> auths = new ArrayList<String>( 
  Arrays.asList( session.getConfig ("PreferredAuthentications") .split(",")) );
auths.remove ("gssapi-with-mic");
# optional add back to end
auths.add ("gssapi-with-mic");
session.setConfig ("PreferredAuthentications", String.join (",", auths));