Java - JSch尽管密钥对仍然与服务器断开连接

时间:2017-08-15 12:32:56

标签: java ssh jsch

我有一个SFTPHelper类,可以通过以下方式创建jsch会话

public SFTPHelper(final String user, final String host, final int port) throws JSchException
{       
    JSch.setLogger(new SftpLogger());

    try 
    {
        session = jsch.getSession(user, host, port);
    } 
    catch(JSchException e) 
    {
        LOG.error("Cannot get session for {}@{}:{}", user,host,port);
        throw e;
    }

    Properties config = new Properties();
    config.put("StrictHostKeyChecking", "yes");
    session.setConfig(config);
}

public SFTPHelper(final String user, final String host, final int port, final File privateKey) throws JSchException
{
    this(user, host, port);

    checkNotNull(privateKey, "Null privateKey");
    checkArgument(privateKey.exists(), "privateKey file does not exist");

    jsch.addIdentity(privateKey.getAbsolutePath());
}

第二个构造函数添加私钥。

我有两个不同的单元测试类,它们一次都这样做:

        final String host = "hostname";
        final int port = 22;
        final String user = "username";
        final File privKey = new File("/path/to/.ssh/privateKey");
        /* do something with SFTPHelper */

...但其中一项测试无法通过主机进行身份验证。这是两个不同的日志

工作:

     INFO [main] (SFTPHelper.java:298) - Connecting to <host> port 22
 INFO [main] (SFTPHelper.java:298) - Connection established
 INFO [main] (SFTPHelper.java:298) - Remote version string: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
 INFO [main] (SFTPHelper.java:298) - Local version string: SSH-2.0-JSCH-0.1.54
 INFO [main] (SFTPHelper.java:298) - CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
 INFO [main] (SFTPHelper.java:298) - aes256-ctr is not available.
 INFO [main] (SFTPHelper.java:298) - aes192-ctr is not available.
 INFO [main] (SFTPHelper.java:298) - aes256-cbc is not available.
 INFO [main] (SFTPHelper.java:298) - aes192-cbc is not available.
 INFO [main] (SFTPHelper.java:298) - CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
 INFO [main] (SFTPHelper.java:298) - CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
 INFO [main] (SFTPHelper.java:298) - SSH_MSG_KEXINIT sent
 INFO [main] (SFTPHelper.java:298) - SSH_MSG_KEXINIT received
 INFO [main] (SFTPHelper.java:298) - kex: server: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
 INFO [main] (SFTPHelper.java:298) - kex: server: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
 INFO [main] (SFTPHelper.java:298) - kex: server: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
 INFO [main] (SFTPHelper.java:298) - kex: server: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
 INFO [main] (SFTPHelper.java:298) - kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
 INFO [main] (SFTPHelper.java:298) - kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
 INFO [main] (SFTPHelper.java:298) - kex: server: none,zlib@openssh.com
 INFO [main] (SFTPHelper.java:298) - kex: server: none,zlib@openssh.com
 INFO [main] (SFTPHelper.java:298) - kex: server:
 INFO [main] (SFTPHelper.java:298) - kex: server:
 INFO [main] (SFTPHelper.java:298) - kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
 INFO [main] (SFTPHelper.java:298) - kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
 INFO [main] (SFTPHelper.java:298) - kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
 INFO [main] (SFTPHelper.java:298) - kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
 INFO [main] (SFTPHelper.java:298) - kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
 INFO [main] (SFTPHelper.java:298) - kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
 INFO [main] (SFTPHelper.java:298) - kex: client: none
 INFO [main] (SFTPHelper.java:298) - kex: client: none
 INFO [main] (SFTPHelper.java:298) - kex: client:
 INFO [main] (SFTPHelper.java:298) - kex: client:
 INFO [main] (SFTPHelper.java:298) - kex: server->client aes128-ctr hmac-sha1 none
 INFO [main] (SFTPHelper.java:298) - kex: client->server aes128-ctr hmac-sha1 none
 INFO [main] (SFTPHelper.java:298) - SSH_MSG_KEX_ECDH_INIT sent
 INFO [main] (SFTPHelper.java:298) - expecting SSH_MSG_KEX_ECDH_REPLY
 INFO [main] (SFTPHelper.java:298) - ssh_rsa_verify: signature true
 WARN [main] (SFTPHelper.java:298) - Permanently added '<host>' (RSA) to the list of known hosts.
 INFO [main] (SFTPHelper.java:298) - SSH_MSG_NEWKEYS sent
 INFO [main] (SFTPHelper.java:298) - SSH_MSG_NEWKEYS received
 INFO [main] (SFTPHelper.java:298) - SSH_MSG_SERVICE_REQUEST sent
 INFO [main] (SFTPHelper.java:298) - SSH_MSG_SERVICE_ACCEPT received
 INFO [main] (SFTPHelper.java:298) - Authentications that can continue: publickey,keyboard-interactive,password
 INFO [main] (SFTPHelper.java:298) - Next authentication method: publickey
 INFO [main] (SFTPHelper.java:298) - Authentication succeeded (publickey).

而不是警告说它添加到known_hosts,第二次测试无法建立连接:

    NFO [main] (SFTPHelper.java:444) - Connecting to <host> port 22
 INFO [main] (SFTPHelper.java:444) - Connection established
 INFO [main] (SFTPHelper.java:444) - Remote version string: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
 INFO [main] (SFTPHelper.java:444) - Local version string: SSH-2.0-JSCH-0.1.54
 INFO [main] (SFTPHelper.java:444) - CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
 INFO [main] (SFTPHelper.java:444) - aes256-ctr is not available.
 INFO [main] (SFTPHelper.java:444) - aes192-ctr is not available.
 INFO [main] (SFTPHelper.java:444) - aes256-cbc is not available.
 INFO [main] (SFTPHelper.java:444) - aes192-cbc is not available.
 INFO [main] (SFTPHelper.java:444) - CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
 INFO [main] (SFTPHelper.java:444) - CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
 INFO [main] (SFTPHelper.java:444) - SSH_MSG_KEXINIT sent
 INFO [main] (SFTPHelper.java:444) - SSH_MSG_KEXINIT received
 INFO [main] (SFTPHelper.java:444) - kex: server: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
 INFO [main] (SFTPHelper.java:444) - kex: server: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
 INFO [main] (SFTPHelper.java:444) - kex: server: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
 INFO [main] (SFTPHelper.java:444) - kex: server: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
 INFO [main] (SFTPHelper.java:444) - kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
 INFO [main] (SFTPHelper.java:444) - kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
 INFO [main] (SFTPHelper.java:444) - kex: server: none,zlib@openssh.com
 INFO [main] (SFTPHelper.java:444) - kex: server: none,zlib@openssh.com
 INFO [main] (SFTPHelper.java:444) - kex: server:
 INFO [main] (SFTPHelper.java:444) - kex: server:
 INFO [main] (SFTPHelper.java:444) - kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
 INFO [main] (SFTPHelper.java:444) - kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
 INFO [main] (SFTPHelper.java:444) - kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
 INFO [main] (SFTPHelper.java:444) - kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
 INFO [main] (SFTPHelper.java:444) - kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
 INFO [main] (SFTPHelper.java:444) - kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
 INFO [main] (SFTPHelper.java:444) - kex: client: none
 INFO [main] (SFTPHelper.java:444) - kex: client: none
 INFO [main] (SFTPHelper.java:444) - kex: client:
 INFO [main] (SFTPHelper.java:444) - kex: client:
 INFO [main] (SFTPHelper.java:444) - kex: server->client aes128-ctr hmac-sha1 none
 INFO [main] (SFTPHelper.java:444) - kex: client->server aes128-ctr hmac-sha1 none
 INFO [main] (SFTPHelper.java:444) - SSH_MSG_KEX_ECDH_INIT sent
 INFO [main] (SFTPHelper.java:444) - expecting SSH_MSG_KEX_ECDH_REPLY
 INFO [main] (SFTPHelper.java:444) - ssh_rsa_verify: signature true
 INFO [main] (SFTPHelper.java:444) - Disconnecting from <host> port 22
ERROR [main] (SFTPHelper.java:109) - Cannot connect to <host>:22

非常感谢您的帮助!

修改

我已经确定一个测试通过,因为它关闭了“StrictHostKeyChecking”,这显然是禁止的。 当我将其设置为true时,为什么会失败:/

0 个答案:

没有答案