JSch 0.1.54 dh-group14-sha1算法协商失败

时间:2016-11-10 21:15:40

标签: java ssh jsch

我添加了Java无限制的策略文件并阅读了其他海报在这里提出的解决方案,但仍无法解决我的问题。

  1. 升级至JSch 0.1.54
  2. 安装了UnlimitedJCEPolicy文件。 C:\Program Files\Java\jdk1.7.0_21\jre\lib\security。 我已经验证NetBeans正在使用这个jdk实例。
  3. 我可以连接防火墙上设置的SSH密钥交换组dh-group1-sha1,但当我将其更改为SSH密钥交换组dh-group14-sha1时,我收到以下错误:

    Caused by: com.jcraft.jsch.JSchException: Algorithm negotiation fail
    at com.jcraft.jsch.Session.receive_kexinit(Session.java:590)
    at com.jcraft.jsch.Session.connect(Session.java:320)
    at com.jcraft.jsch.Session.connect(Session.java:183)
    

    我按如下方式创建我的JSch会话:

    Properties config = new Properties();
    config.put("kex", "diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256");
    config.put("StrictHostKeyChecking", "no");
    session.setConfig(config);
    session.connect();
    

    我已经遵循了其他问题所带来的解决方案,但到目前为止还无法解决这个问题。请帮忙。

    这是服务器的日志文件。

    SSH: host key initialised
    SSH1: starting SSH control process
    SSH1: Exchanging versions - SSH-1.99-Cisco-1.25
    
    SSH1: send SSH message: outdata is NULL
    
    server version string:SSH-1.99-Cisco-1.25
    SSH1: receive SSH message: 83 (83)
    SSH1: client version is - SSH-2.0-JSCH-0.1.54
    
    client version string:SSH-2.0-JSCH-0.1.54
    
    SSH2 1: SSH2_MSG_KEXINIT sent
    SSH2 1: SSH2_MSG_KEXINIT received
    SSH2: kex: client->server aes128-ctr hmac-md5 none
    SSH2: kex: server->client aes128-ctr hmac-md5 none
    SSH2 0: kex algo not supported: client diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchan
    SSH2 1: ssh: kex_choose_conf errorSSH1: Session disconnected by SSH server - error 0x00 "Internal error"
    

    以下是JSch日志:

    INFO: Connection established
    INFO: Remote version string: SSH-1.99-Cisco-1.25
    INFO: Local version string: SSH-2.0-JSCH-0.1.54
    INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
    INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
    INFO: diffie-hellman-group14-sha1 is not available.
    INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
    INFO: SSH_MSG_KEXINIT sent
    INFO: SSH_MSG_KEXINIT received
    INFO: kex: server: diffie-hellman-group14-sha1
    INFO: kex: server: ssh-rsa
    INFO: kex: server: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
    INFO: kex: server: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
    INFO: kex: server: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
    INFO: kex: server: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
    INFO: kex: server: none
    INFO: kex: server: none
    INFO: kex: server: 
    INFO: kex: server: 
    INFO: kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    INFO: kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
    INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
    INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
    INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
    INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
    INFO: kex: client: none
    INFO: kex: client: none
    INFO: kex: client: 
    INFO: kex: client: 
    

1 个答案:

答案 0 :(得分:0)

显然你需要使用JDK 8作为“diffie-hellman-group14-sha1”。

请参阅JSch.java static块:

config.put("diffie-hellman-group14-sha1", 
           "com.jcraft.jsch.DHG14");    // available since JDK8.