我正在使用Spring Integration设置一个SFTP客户端。在集成测试中,我希望该客户端连接到嵌入式SFTP服务器,该服务器是使用Apache SSHD实现的。客户端验证服务器的身份很重要。现在,服务器的公钥验证在客户端失败:
[13:58:29]2019-04-08 11:58:29.363 INFO 93631 --- [ask-scheduler-1] o.s.i.s.s.DefaultSftpSessionFactory : WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
[13:58:29]IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
[13:58:29]Someone could be eavesdropping on you right now (man-in-the-middle attack)!
[13:58:29]It is also possible that the RSA host key has just been changed.
[13:58:29]The fingerprint for the RSA key sent by the remote host [localhost]:30302 is
[13:58:29]2a:d7:91:85:e3:53:ab:aa:cd:74:5f:a2:c9:c9:8b:e7.
[13:58:29]Please contact your system administrator.
[13:58:29]Add correct host key in known_hosts to get rid of this message.
[13:58:29]Do you want to delete the old key and insert the new key?
[13:58:29]2019-04-08 11:58:29.363 INFO 93631 --- [ask-scheduler-1] com.jcraft.jsch : Disconnecting from localhost port 30302
[13:58:29]2019-04-08 11:58:29.408 ERROR 93631 --- [ask-scheduler-1] o.s.integration.handler.LoggingHandler : org.springframework.messaging.MessagingException: Problem occurred while synchronizing remote to local directory; nested exception is org.springframework.messaging.MessagingException: Failed to obtain pooled item; nested exception is java.lang.IllegalStateException: failed to create SFTP Session
[13:58:29] at org.springframework.integration.file.remote.synchronizer.AbstractInboundFileSynchronizer.synchronizeToLocalDirectory(AbstractInboundFileSynchronizer.java:331)
[...]
[13:58:29] ... 28 more
[13:58:29]Caused by: com.jcraft.jsch.JSchException: HostKey has been changed: [localhost]:30302
[13:58:29] at com.jcraft.jsch.Session.checkHost(Session.java:775)
[13:58:29] at com.jcraft.jsch.Session.connect(Session.java:345)
[13:58:29] at com.jcraft.jsch.Session.connect(Session.java:183)
[13:58:29] at org.springframework.integration.sftp.session.DefaultSftpSessionFactory.getSession(DefaultSftpSessionFactory.java:366)
[13:58:29] ... 28 more
我希望公开密钥验证能够通过,因为我自己生成了密钥对:
$ ssh-keygen -t rsa sftpServer
在我的SSHD(SFTP)服务器中,我集成了私钥:
SshServer server = ServerBuilder.builder().interactiveAuthenticator(null).build();
server.setKeyPairProvider(new SimpleGeneratorHostKeyProvider(new ClassPathResource("META-INF/keys/sftpServer").getFile().toPath()));
我不怀疑客户端有问题,因为我能够连接到独立的SFTP服务器实例(即Rebex Tiny SFTP Server)。相互身份验证在那里工作。
调试到com.jcraft.jsch.Session#checkHost时,我可以看到服务器传输其公钥时,它已经与我存储在客户端中的公钥不同。如我在字节数组中所见,至少指数e是不同的。
那怎么可能?我知道服务器是从私钥中派生公钥的。我是否需要另一个JCE Java密码学扩展,例如。 G。弹跳城堡?