Java SFTP Client with Modern Cipher Support

This project provides enhanced SFTP client implementations that support modern ciphers including AEAD (Authenticated Encryption with Associated Data) ciphers required by Tectia SSH Server.

Problem Statement

The original SFTP client using j2ssh-maverick-1.5.5.jar was unable to connect to Tectia SSH Server due to cipher compatibility issues. Tectia supports these modern ciphers:

• AEAD_AES_128_GCM
• AEAD_AES_256_GCM
• [email protected]
• [email protected]
• [email protected]

Solutions Provided

This project includes two alternative implementations:

1. SSHJ-based Implementation (EnhancedSftpClient.java)

• Uses the modern SSHJ library (version 0.35.0)
• Full support for AEAD ciphers and modern SSH protocols
• Better error handling and connection management
• Recommended for new implementations

2. JSch-based Implementation (JSchSftpClient.java)

• Uses JSch library (version 0.1.55)
• Good compatibility with various SSH servers
• Lighter weight alternative
• Good for migration from existing JSch-based code

Features

• ✅ Support for modern AEAD ciphers (AES-GCM)
• ✅ Backward compatibility with older ciphers
• ✅ Both password and public key authentication
• ✅ Enhanced connection management with automatic reconnection
• ✅ Comprehensive logging for debugging
• ✅ Thread-safe singleton pattern
• ✅ Proper resource cleanup

Dependencies

The project uses Maven for dependency management and includes:

• SSHJ 0.35.0 - Modern SSH client library
• JSch 0.1.55 - Alternative SSH client library
• Bouncy Castle - Enhanced cryptographic support
• Commons Logging - Logging framework

Configuration

Both implementations use the same configuration pattern:

Hashtable<String, String> config = new Hashtable<String, String>();
config.put("host", "10.103.3.102");     // Your server IP/hostname
config.put("port", "22");               // SSH port
config.put("username", "FTPDCOSMY");    // Your username

// Choose authentication method:
// Option 1: Password authentication
config.put("password", "encrypted_password");

// Option 2: Public key authentication
config.put("privatekey", "/path/to/private/key");

Usage Examples

Using SSHJ Implementation

EnhancedSftpClient.setConfigs(config);
EnhancedSftpClient client = EnhancedSftpClient.getInstance();

if (client != null && client.getSftpClient() != null) {
    // Perform SFTP operations
    for (RemoteResourceInfo file : client.getSftpClient().ls(".")) {
        System.out.println("File: " + file.getName());
    }
}

// Clean up
EnhancedSftpClient.disconnect();

Using JSch Implementation

JSchSftpClient.setConfigs(config);
JSchSftpClient client = JSchSftpClient.getInstance();

if (client != null && client.getSftpChannel() != null) {
    // Perform SFTP operations
    Vector<ChannelSftp.LsEntry> files = client.getSftpChannel().ls(".");
    for (ChannelSftp.LsEntry file : files) {
        System.out.println("File: " + file.getFilename());
    }
}

// Clean up
JSchSftpClient.disconnect();

Building the Project

# Compile the project
mvn clean compile

# Run tests
mvn test

# Create JAR with dependencies
mvn clean package

# The JAR file will be created in target/ directory

Testing

1. Update Configuration: Modify the configuration in the test classes with your actual server details
2. Run SSHJ Test: java -cp target/classes my.com.eprotea.ftp.SftpClientMain
3. Run JSch Test: java -cp target/classes my.com.eprotea.ftp.JSchSftpClientTest

Migration from j2ssh-maverick

To migrate from your existing code:

1. Replace the JAR: Remove j2ssh-maverick-1.5.5.jar and use the new Maven dependencies
2. Update Imports: Change import statements to use the new client classes
3. Update Configuration: The configuration method remains similar
4. Test Connection: Use the provided test classes to verify connectivity

Cipher Support

The implementations support these cipher suites:

Priority Order (Client to Server):

1. [email protected] ⭐ (Preferred by Tectia)
2. [email protected] ⭐ (Preferred by Tectia)
3. aes256-ctr
4. aes192-ctr
5. aes128-ctr
6. aes256-cbc
7. aes192-cbc
8. aes128-cbc

Troubleshooting

Connection Issues

• Check server IP and port
• Verify username and authentication credentials
• Review server logs for cipher negotiation errors
• Enable debug logging to see negotiated ciphers

Authentication Issues

• Verify password decryption is working correctly
• Check private key file path and permissions
• Ensure public key is properly configured on server

Cipher Issues

• The client will automatically negotiate the best supported cipher
• Check logs to see which cipher was negotiated
• Verify server supports the offered ciphers

Security Notes

• The current host key verification always trusts the server (for testing)
• Customize the HostKeyVerifier for production environments
• Store private keys securely with proper file permissions
• Use strong encryption for password storage

Support

This implementation addresses the specific cipher compatibility issues with Tectia SSH Server while maintaining compatibility with other SSH servers. Both SSHJ and JSch implementations are provided to give you flexibility in choosing the best solution for your environment.