我有一个SFTPHelper
类,可以通过以下方式创建jsch
会话
public SFTPHelper(final String user, final String host, final int port) throws JSchException
{
JSch.setLogger(new SftpLogger());
try
{
session = jsch.getSession(user, host, port);
}
catch(JSchException e)
{
LOG.error("Cannot get session for {}@{}:{}", user,host,port);
throw e;
}
Properties config = new Properties();
config.put("StrictHostKeyChecking", "yes");
session.setConfig(config);
}
public SFTPHelper(final String user, final String host, final int port, final File privateKey) throws JSchException
{
this(user, host, port);
checkNotNull(privateKey, "Null privateKey");
checkArgument(privateKey.exists(), "privateKey file does not exist");
jsch.addIdentity(privateKey.getAbsolutePath());
}
第二个构造函数添加私钥。
我有两个不同的单元测试类,它们一次都这样做:
final String host = "hostname";
final int port = 22;
final String user = "username";
final File privKey = new File("/path/to/.ssh/privateKey");
/* do something with SFTPHelper */
...但其中一项测试无法通过主机进行身份验证。这是两个不同的日志
工作:
INFO [main] (SFTPHelper.java:298) - Connecting to <host> port 22
INFO [main] (SFTPHelper.java:298) - Connection established
INFO [main] (SFTPHelper.java:298) - Remote version string: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
INFO [main] (SFTPHelper.java:298) - Local version string: SSH-2.0-JSCH-0.1.54
INFO [main] (SFTPHelper.java:298) - CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO [main] (SFTPHelper.java:298) - aes256-ctr is not available.
INFO [main] (SFTPHelper.java:298) - aes192-ctr is not available.
INFO [main] (SFTPHelper.java:298) - aes256-cbc is not available.
INFO [main] (SFTPHelper.java:298) - aes192-cbc is not available.
INFO [main] (SFTPHelper.java:298) - CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO [main] (SFTPHelper.java:298) - CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO [main] (SFTPHelper.java:298) - SSH_MSG_KEXINIT sent
INFO [main] (SFTPHelper.java:298) - SSH_MSG_KEXINIT received
INFO [main] (SFTPHelper.java:298) - kex: server: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
INFO [main] (SFTPHelper.java:298) - kex: server: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
INFO [main] (SFTPHelper.java:298) - kex: server: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
INFO [main] (SFTPHelper.java:298) - kex: server: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
INFO [main] (SFTPHelper.java:298) - kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
INFO [main] (SFTPHelper.java:298) - kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
INFO [main] (SFTPHelper.java:298) - kex: server: none,zlib@openssh.com
INFO [main] (SFTPHelper.java:298) - kex: server: none,zlib@openssh.com
INFO [main] (SFTPHelper.java:298) - kex: server:
INFO [main] (SFTPHelper.java:298) - kex: server:
INFO [main] (SFTPHelper.java:298) - kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO [main] (SFTPHelper.java:298) - kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO [main] (SFTPHelper.java:298) - kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO [main] (SFTPHelper.java:298) - kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO [main] (SFTPHelper.java:298) - kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO [main] (SFTPHelper.java:298) - kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO [main] (SFTPHelper.java:298) - kex: client: none
INFO [main] (SFTPHelper.java:298) - kex: client: none
INFO [main] (SFTPHelper.java:298) - kex: client:
INFO [main] (SFTPHelper.java:298) - kex: client:
INFO [main] (SFTPHelper.java:298) - kex: server->client aes128-ctr hmac-sha1 none
INFO [main] (SFTPHelper.java:298) - kex: client->server aes128-ctr hmac-sha1 none
INFO [main] (SFTPHelper.java:298) - SSH_MSG_KEX_ECDH_INIT sent
INFO [main] (SFTPHelper.java:298) - expecting SSH_MSG_KEX_ECDH_REPLY
INFO [main] (SFTPHelper.java:298) - ssh_rsa_verify: signature true
WARN [main] (SFTPHelper.java:298) - Permanently added '<host>' (RSA) to the list of known hosts.
INFO [main] (SFTPHelper.java:298) - SSH_MSG_NEWKEYS sent
INFO [main] (SFTPHelper.java:298) - SSH_MSG_NEWKEYS received
INFO [main] (SFTPHelper.java:298) - SSH_MSG_SERVICE_REQUEST sent
INFO [main] (SFTPHelper.java:298) - SSH_MSG_SERVICE_ACCEPT received
INFO [main] (SFTPHelper.java:298) - Authentications that can continue: publickey,keyboard-interactive,password
INFO [main] (SFTPHelper.java:298) - Next authentication method: publickey
INFO [main] (SFTPHelper.java:298) - Authentication succeeded (publickey).
而不是警告说它添加到known_hosts,第二次测试无法建立连接:
NFO [main] (SFTPHelper.java:444) - Connecting to <host> port 22
INFO [main] (SFTPHelper.java:444) - Connection established
INFO [main] (SFTPHelper.java:444) - Remote version string: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
INFO [main] (SFTPHelper.java:444) - Local version string: SSH-2.0-JSCH-0.1.54
INFO [main] (SFTPHelper.java:444) - CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO [main] (SFTPHelper.java:444) - aes256-ctr is not available.
INFO [main] (SFTPHelper.java:444) - aes192-ctr is not available.
INFO [main] (SFTPHelper.java:444) - aes256-cbc is not available.
INFO [main] (SFTPHelper.java:444) - aes192-cbc is not available.
INFO [main] (SFTPHelper.java:444) - CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO [main] (SFTPHelper.java:444) - CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO [main] (SFTPHelper.java:444) - SSH_MSG_KEXINIT sent
INFO [main] (SFTPHelper.java:444) - SSH_MSG_KEXINIT received
INFO [main] (SFTPHelper.java:444) - kex: server: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
INFO [main] (SFTPHelper.java:444) - kex: server: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
INFO [main] (SFTPHelper.java:444) - kex: server: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
INFO [main] (SFTPHelper.java:444) - kex: server: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
INFO [main] (SFTPHelper.java:444) - kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
INFO [main] (SFTPHelper.java:444) - kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
INFO [main] (SFTPHelper.java:444) - kex: server: none,zlib@openssh.com
INFO [main] (SFTPHelper.java:444) - kex: server: none,zlib@openssh.com
INFO [main] (SFTPHelper.java:444) - kex: server:
INFO [main] (SFTPHelper.java:444) - kex: server:
INFO [main] (SFTPHelper.java:444) - kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO [main] (SFTPHelper.java:444) - kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO [main] (SFTPHelper.java:444) - kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO [main] (SFTPHelper.java:444) - kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO [main] (SFTPHelper.java:444) - kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO [main] (SFTPHelper.java:444) - kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO [main] (SFTPHelper.java:444) - kex: client: none
INFO [main] (SFTPHelper.java:444) - kex: client: none
INFO [main] (SFTPHelper.java:444) - kex: client:
INFO [main] (SFTPHelper.java:444) - kex: client:
INFO [main] (SFTPHelper.java:444) - kex: server->client aes128-ctr hmac-sha1 none
INFO [main] (SFTPHelper.java:444) - kex: client->server aes128-ctr hmac-sha1 none
INFO [main] (SFTPHelper.java:444) - SSH_MSG_KEX_ECDH_INIT sent
INFO [main] (SFTPHelper.java:444) - expecting SSH_MSG_KEX_ECDH_REPLY
INFO [main] (SFTPHelper.java:444) - ssh_rsa_verify: signature true
INFO [main] (SFTPHelper.java:444) - Disconnecting from <host> port 22
ERROR [main] (SFTPHelper.java:109) - Cannot connect to <host>:22
非常感谢您的帮助!
修改
我已经确定一个测试通过,因为它关闭了“StrictHostKeyChecking”,这显然是禁止的。 当我将其设置为true时,为什么会失败:/