Skip to content


Subversion checkout URL

You can clone with
Download ZIP
ssh, scp and sftp for java


sshj - SSHv2 library for Java


To get started, have a look at one of the examples. Hopefully you will find the API pleasant to work with :)

Getting SSHJ

To get SSHJ, you have two options:

  1. Add a dependency to SSHJ to your project.

  2. Build SSHJ yourself.

And, if you want, you can also run the SSHJ examples.

Binary releases of SSHJ are not provided here, but you can download it straight from the Maven Central repository if you want to.

Depending on SSHJ

If you’re building your project using Maven, you can add the following dependency to the pom.xml:


If your project is built using another build tool that uses the Maven Central repository, translate this dependency into the format used by your build tool.

Building SSHJ

  1. Clone the Overthere repository.

  2. Ensure you have Java6 installed with the Unlimited strength Java Cryptography Extensions (JCE).

  3. Run the command ./gradlew clean build.

Running the examples

In the examples directory, there is a separate Maven project that shows how the library can be used in some sample cases. If you want to run them, follow these guidelines:

  1. Install Maven 2.2.1 or up.

  2. Clone the Overthere repository.

  3. Go into the examples directory and run the command mvn eclipse:eclipse.

  4. Import the examples project into Eclipse.

  5. Change the login details in the example classes (address, username and password) and run them!

Features of the library include:

  • reading known_hosts files for host key verification

  • publickey, password and keyboard-interactive authentication

  • command, subsystem and shell channels

  • local and remote port forwarding

  • scp + complete sftp version 0-3 implementation

Supported algorithms

Implementations / adapters for the following algorithms are included:


aes{128,192,256}-{cbc,ctr}, blowfish-{cbc,ctr}, 3des-{cbc,ctr}, twofish{128,192,256}-{cbc,ctr}, twofish-cbc, serpent{128,192,256}-{cbc,ctr}, idea-{cbc,ctr}, cast128-{cbc,ctr}, arcfour, arcfour{128,256} SSHJ also supports the following extended (non official) ciphers: camellia{128,192,256}-{cbc,ctr}, camellia{128,192,256}-{cbc,ctr}

key exchange

diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521,


ssh-rsa, ssh-dss, ecdsa-sha2-nistp256, ssh-ed25519


hmac-md5, hmac-md5-96, hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-sha2-512


zlib and (delayed zlib)

private key files

pkcs8 encoded (what openssh uses)

If you need something that is not included, it shouldn’t be too hard to add (do contribute it!)

Comparing to other implementations


Java 6+. slf4j is required. bouncycastle is highly recommended and required for using some of the crypto algorithms. jzlib is required for using zlib compression.

Reporting bugs


Fork away!

Release history

SSHJ 0.15.0 (2015-11-20)
  • Fixed #220: Added support for ssh-ed25519 host keys

  • Fixed #225: Fixed bug in ECDSA fingerprint calculation that sometimes produced an incorrect fingerprint

  • Added arcfour Stream Ciphers from RFC4253 and RFC4345

  • Added all Block Ciphers from RFC4344 and RFC4253

SSHJ 0.14.0 (2015-11-04)
  • Fixed #171: Added support for key exchange algorithm

  • Added support for ecdh-sha2-nistp256, ecdh-sha2-nistp384 and ecdh-sha2-nistp521 key exchange algorithms

  • Fixed #167: Added support for diffie-hellman-group-exchange-sha1 and diffie-hellman-group-exchange-sha256 key exchange methods

  • Fixed #212: Configure path escaping to enable shell expansion to work correctly

  • Merged #210: RemoteFileInputStream.skip returns wrong value (Fixes #209)

  • Merged #208: Added SCP bandwidth limitation support

  • Merged #211: Made keyfile format detection more robust

SSHJ 0.13.0 (2015-08-18)
  • Merged #199: Fix for IndexOutOfBoundsException in ReadAheadRemoteFileInputStream, fixes #183

  • Merged #195: New authentication supported: gssapi-with-mic

  • Merged #201: New option to verify negotiated key exchange algorithms

  • Merged #196: Fix for looking up complete hostname in known hosts file

SSHJ 0.12.0 (2015-04-14)
  • Added support for HTTP proxies when running JDK6 or JDK7, fixes: #170

  • Merged #186: Fix for detecting end-of-stream

  • Compiling to JDK6, fixes #179 and #185

  • Correctly close socket and channel when LocalPortForwarder fails to open and start the channel (Fixes #175 and #176)

  • Merged #181: Invalid write packet length when reading with offset (Fixes #180)

SSHJ 0.11.0 (2015-01-23)
  • New maven coordinates com.hierynomus:sshj:0.11.0 as @hierynomus took over as maintainer of SSHJ

  • Migrated build system to Gradle 2.2.1

  • Merged #150: Fix for incorrect file handle on some SSH servers, fixes: #54, #119, #168, #169

  • Made jzlib optional in OSGi bundling, fixes: #162

  • Improved some log levels, fixes: #161

  • Merged #156, #164, #165: Fixed block sizes for hmac-sha2-256 and hmac-sha2-512

  • Merged #141: Add proxy support

  • Merged #157, #163: Doc and build fixes

  • Upgraded BouncyCastle to 1.51, fixes: #142

  • Implemented keep-alive with connection drop detection, fixes #166

Something went wrong with that request. Please try again.