我正在尝试从我的Java应用程序到客户端的外部服务器进行SSH连接。客户端增强了安全性,他们不接受1024位素数,但我的JSch只发送1024位素数。
请在下面的应用程序中找到详细的错误输出:
INFO |: Launching [sftp] handler
INFO |: Creating SFTP session to host [server1] with logger for JSch
INFO |: Connecting via public/private key.
INFO |: Session created.
INFO |: Connecting to server1 port 22
INFO |: Connection established
INFO |: Remote version string: SSH-2.0-VShell_4_1_1_862 VShell
INFO |: Local version string: SSH-2.0-JSCH-0.1.53
INFO |: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO |: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO |: SSH_MSG_KEXINIT sent
INFO |: SSH_MSG_KEXINIT received
INFO |: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
INFO |: kex: server: ecdsa-sha2-nistp256,ssh-dss,ssh-rsa
INFO |: kex: server: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
INFO |: kex: server: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
INFO |: kex: server: hmac-sha2-512,hmac-sha2-256,hmac-sha1
INFO |: kex: server: hmac-sha2-512,hmac-sha2-256,hmac-sha1
INFO |: kex: server: zlib@openssh.com,zlib,none
INFO |: kex: server: zlib@openssh.com,zlib,none
INFO |: kex: client: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO |: kex: client: ssh-rsa,ssh-dss
INFO |: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO |: kex: client: aes128-cbc,3des-cbc
INFO |: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO |: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO |: kex: server->client aes128-cbc hmac-sha1 none
INFO |: kex: client->server aes128-ctr hmac-sha1 none
INFO |: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent
INFO |: expecting SSH_MSG_KEX_DH_GEX_GROUP
INFO |: Disconnecting from server1 port 22
ERROR |: Unable to connect to SFTP server. com.jcraft.jsch.JSchException: SSH_MSG_DISCONNECT: 11 No appropriate prime between 1024 and 1024 is available. en
INFO |: -----------------------------------------------------------------------------------------------
很少有其他博客建议升级到JSch版本0.1.53会解决问题,但我已在我的应用程序中使用0.1.53版本。
当我尝试使用详细选项从命令行连接时,我能够连接:
$ sftp -v username@server1
Connecting to server1...
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server1 [10.XX.XXX.XXX] port 22.
debug1: Connection established.
debug1: identity file /.ssh/id_rsa type 1
debug1: identity file /.ssh/id_rsa-cert type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_dsa-cert type -1
debug1: identity file /.ssh/id_ecdsa type -1
debug1: identity file /.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version VShell_4_1_1_862 VShell
debug1: no match: VShell_4_1_1_862 VShell
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server1' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:155
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_GB
debug1: Sending subsystem: sftp
sftp>
注意:我使用SSH-2 RSA 2048位密钥进行连接,使用我的应用程序和命令行。我使用我的应用程序和命令行可以看到的唯一区别是:
我的应用程序在连接时发送以下信息:
INFO |: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent
连接时,命令行连接正在发送以下信息:
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
关于如何更改我的应用程序以发送SSH2_MSG_KEX_DH_GEX_REQUEST(1024 <2048&lt; 8192)的任何建议都会有所帮助。
答案 0 :(得分:3)
请参阅JSch change log了解“自0.1.52版以来的更改”:
- 更改:Logjam:diffie-hellman-group-exchange-sha256和 diffie-hellman-group-exchange-sha1将使用2048位密钥 Java8的SunJCE,得益于JDK-6521495和JDK-7044060。
所以你是正确的,你需要JSch 0.1.53,但你也需要在JDK中修复这些: