JSCH SSH -Authentifizierungsfehler mit privatem Schlüssel (Auth -Fehler Fehler) ⇐ Java

[Anonymous]

JSch Log [level 1]: Connecting to 10.***.150 port 22
JSch Log [level 1]: Connection established
JSch Log [level 1]: Remote version string: SSH-2.0-OpenSSH_8.7
JSch Log [level 1]: Local version string: SSH-2.0-JSCH-0.1.54
JSch Log [level 1]: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
JSch Log [level 1]: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
JSch Log [level 1]: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
JSch Log [level 1]: SSH_MSG_KEXINIT sent
JSch Log [level 1]: SSH_MSG_KEXINIT received
JSch Log [level 1]: kex: server: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
JSch Log [level 1]: kex: server: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
JSch Log [level 1]: kex: server: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
JSch Log [level 1]: kex: server: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
JSch Log [level 1]: kex: server: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
JSch Log [level 1]: kex: server: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
JSch Log [level 1]: kex: server: none,zlib@openssh.com
JSch Log [level 1]: kex: server: none,zlib@openssh.com
JSch Log [level 1]: kex: server:
JSch Log [level 1]: kex: server:
JSch Log [level 1]: kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
JSch Log [level 1]: kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
JSch Log [level 1]: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
JSch Log [level 1]: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
JSch Log [level 1]: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
JSch Log [level 1]: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
JSch Log [level 1]: kex: client: none
JSch Log [level 1]: kex: client: none
JSch Log [level 1]: kex: server->client aes128-ctr hmac-sha1 none
JSch Log [level 1]: kex: client->server aes128-ctr hmac-sha1 none
JSch Log [level 1]: SSH_MSG_KEX_ECDH_INIT sent
JSch Log [level 1]: expecting SSH_MSG_KEX_ECDH_REPLY
JSch Log [level 2]: Permanently added '10.***.150' (ECDSA) to the list of known hosts.
JSch Log [level 1]: SSH_MSG_NEWKEYS sent
JSch Log [level 1]: SSH_MSG_NEWKEYS received
JSch Log [level 1]: SSH_MSG_SERVICE_REQUEST sent
JSch Log [level 1]: SSH_MSG_SERVICE_ACCEPT received
JSch Log [level 1]: Authentications that can continue: gssapi-with-mic,publickey,keyboard-interactive,password
JSch Log [level 1]: Next authentication method: gssapi-with-mic
JSch Log [level 1]: Authentications that can continue: publickey,keyboard-interactive,password
JSch Log [level 1]: Next authentication method: publickey
JSch Log [level 1]: Authentications that can continue: password
JSch Log [level 1]: Next authentication method: password
JSch Log [level 1]: Disconnecting from 10.***.150 port 22
com.jcraft.jsch.JSchException: Auth fail
< /code>

String privateKey = "-----BEGIN RSA PRIVATE KEY----- .......-----END RSA PRIVATE KEY-----";
byte[] privateKeyBytes = privateKey.getBytes(StandardCharsets.UTF_8);

jsch.addIdentity("id_rsa", privateKeyBytes, null, null); // no passphrase

JSch.setLogger(new Logger() {
public boolean isEnabled(int level) {
return level

What I’ve Done
Converted .ppk to OpenSSH format using PuTTYgen.
Copied the public key to the server’s ~/.ssh/authorized_keys.
Set correct permissions on ~/.ssh and authorized_keys.
Embedded the private key as a string in Java and loaded it using jsch.addIdentity(...).
Verified there’s no passphrase.
Enabled detailed logging in JSch
Why is JSch failing public key authentication even though the key format and authorized_keys setup seem correct? What else should I check or correct?