In JCraft based SFTP communication is established using JSch library for my project. It works well but my doubt is why we have to share the private key like below?
JSch jsch=new JSch();
jsch.addIdentity(ex. ~/.ssh/id_dsa);
I knew when communication happens, the client has to produce public key, but here we share private key of client. Please help me is this risky to share private key here.
On
When using a public key authentication, you need to have the private key to encrypt the messages (and to decrypt messages encrypted by the server using your public key).
That's how Public-key cryptography works.
So you have to provide your private key to the JSch (or any other SSH/SFTP library you might be using).
The JSch does not share the private key with anyone (not even the server). If that's your concern. It only uses the private key locally for encryption and decryption.
No, it's not risky to give JSch your private key.
In order to make asymmetric cryptography work, you have to use a private key. In this case, JSch is doing the job for you, but it won't send it to anyone, it's just using it to decrypt data you receive, and encrypt data you send.
Not trusting every library you can find is a good thing. In fact, it would be possible for JSch to just send your private key with all your other credentials to some server. The good thing about open source: you can take a look if JSch does these kind of things! (but be aware that the source code is poorly documented and not well written, so it could take some time to see for yourself)
As far as I know, it doesn't, and I guess it wouldn't be the de-facto standard for SSH in Java if it would.