I am trying to get SFTP to work using private key, but it keeps on throwing Invalid Private Key exception. Does anyone have any example?

Here are the steps I have done

  1. I use jSch and that library is available in TM
  2. private key is stored as a file accessible by TM under /data/avoka/transact/manager/keystores/sftp_privkey.key
  3. public key is given to the client's SFTP server

      4. Infrastructure team has done the test via unix command using the private key to login into client's SFT server and that works.

      5. There is no passphrase for the private key.

6. Below is the code I have written

import com.jcraft.jsch.JSch
import com.avoka.core.groovy.GroovyLogger as logger
import com.avoka.tm.vo.FileAttach;
import com.avoka.tm.query.TxnQuery;
import com.avoka.tm.vo.Txn;
import com.jcraft.jsch.Channel;
import com.jcraft.jsch.ChannelSftp;
import com.jcraft.jsch.JSch;
import com.jcraft.jsch.JSchException;
import com.jcraft.jsch.Session;
import com.jcraft.jsch.SftpException;

String SFTPHOST = "";
int SFTPPORT = 22;
String SFTPUSER = "mft_***_rest";

String privateKey = "/data/avoka/transact/manager/keystores/sftp_privkey.key";
//logger.info publicKey
logger.info privateKey

//byte[] passphrase = null;
final byte[] emptyPassPhrase = new byte[0];

Session session = null;
Channel channel = null;
ChannelSftp channelSftp = null;

try {
final byte[] prvkey = new File(privateKey).getBytes();

JSch jsch = new JSch();
logger.info ("Identity Added")

session = jsch.getSession(SFTPUSER,SFTPHOST,SFTPPORT);
//logger.info ("session created.")
java.util.Properties config = new java.util.Properties();
config.put("StrictHostKeyChecking", "no");
//logger.info("Session connected")
//channel = session.openChannel("sftp");
//logger.info("shell channel connected....");
//channelSftp = (ChannelSftp)channel;
//logger.info (channelSftp.getHome())

} catch (JSchException e) {


} catch (SftpException e) {

if(channel!=null) channel.disconnect();

if(session!=null) session.disconnect();

The exception seems to be thrown after jsch.addIdentity(privateKey);

Below is the stacktrace

com.jcraft.jsch.JSchException: invalid privatekey: [B@250f9c29
at com.jcraft.jsch.KeyPair.load(KeyPair.java:884)
at com.jcraft.jsch.KeyPair.load(KeyPair.java:542)
at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:40)
at com.jcraft.jsch.JSch.addIdentity(JSch.java:389)
at com.jcraft.jsch.JSch.addIdentity(JSch.java:349)
at com.jcraft.jsch.JSch$addIdentity.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)

    CommentAdd your comment...

    1 answer


      After investigation further with Yo, we have identified that the private key has to have a passphrase associated with it. Once we have created a private key with passphrase, we no longer have "Invalid privatekey" exception. and connection is ok.

        CommentAdd your comment...