您好我正在尝试一个简单的sftp,但我在建立时遇到错误。连接,我正在使用 maverick-legacy-client-all jar https://www.sshtools.com/en/products/java-ssh-client此代码在1.6.9版本中运行良好,但在将其更新为1.6.17时失败了。
我也尝试过那里的jar changes doc here,关于我的异常 DiffieHellmanGroupExchange Algo 相关变化的注释很少,但我没有清楚地理解它们。
public void connect() throws SshException, IOException,
SftpStatusException, ChannelOpenException {
SshConnector con = SshConnector.createInstance();
con.setKnownHosts(new SftpHostKeyVerification());
// Tries SSH2 first and fallback to SSH1 if its not available
con.setSupportedVersions(SshConnector.SSH1 | SshConnector.SSH2);
/*Error coming here, in con.connect*/
this.ssh = con
.connect(new SocketTransport(this.host, DEFAULT_SSH_PORT),
this.userName);
PasswordAuthentication pwd = new PasswordAuthentication();
pwd.setPassword(this.passwod);
int isLoggedIn = this.ssh.authenticate(pwd);
if (SshAuthentication.COMPLETE == isLoggedIn) {
this.client = new SftpClient(this.ssh);
} else {
throw new IOException("[Authentication failure] login status: "
+ isLoggedIn);
}
}
异常日志:
com.maverick.ssh.SshException: com.maverick.ssh.SshException
at com.maverick.ssh.components.jce.client.DiffieHellmanGroupExchangeSha1.performClientExchange(DiffieHellmanGroupExchangeSha1.java:315)
at com.maverick.ssh2.TransportProtocol.performKeyExchange(TransportProtocol.java:1424)
at com.maverick.ssh2.TransportProtocol.processMessage(TransportProtocol.java:1835)
at com.maverick.ssh2.TransportProtocol.startTransportProtocol(TransportProtocol.java:348)
at com.maverick.ssh2.Ssh2Client.connect(Ssh2Client.java:146)
at com.maverick.ssh.SshConnector.connect(SshConnector.java:649)
at com.maverick.ssh.SshConnector.connect(SshConnector.java:471)
at com.tekelec.ems.util.SftpImpl.connect(SftpImpl.java:73)
at com.tekelec.ems.eagle.measurement.WriterThread.run(WriterThread.java:93)
Caused by: com.maverick.ssh.SshException: Failed to generate DH value: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive) [java.security.InvalidAlgorithmParameterException]
at com.maverick.ssh.components.jce.client.DiffieHellmanGroupExchangeSha1.performClientExchange(DiffieHellmanGroupExchangeSha1.java:250)
... 8 more
Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)
at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenerator.java:120)
at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:658)
at java.security.KeyPairGenerator.initialize(KeyPairGenerator.java:400)
at com.maverick.ssh.components.jce.client.DiffieHellmanGroupExchangeSha1.performClientExchange(DiffieHellmanGroupExchangeSha1.java:240)
... 8 more
答案 0 :(得分:1)
这是因为默认密钥交换算法在这些版本之间更改为更安全的算法,并且您没有包含Maverick旧客户端分发版的lib文件夹中提供的所有第三方依赖项。此文件夹包含BouncyCastle JCE提供程序,如果添加到类路径将解决此问题。
您面临的问题是,如果没有BouncyCastle JCE提供程序或支持大型Diffie Hellman素数的合适JCE提供程序,您将无法为更新的,更安全的密钥交换方法生成大质数。
答案 1 :(得分:0)
我认为这对许多程序员来说是一个非常严重的情况, 我还要感谢Lee David这里的建议。我能够通过在maverick lib文件夹中添加Bouncy Castle JCE第三方jar来处理这种情况。
在此之前,我试图按照其他帖子的建议编辑我的java.security文件,但这很简单,这些Bouncy Castle罐子也捆绑在Maverick官方发布中,所以不用担心这一部分。