我对sshj(使用sshj v0.6.0)有一个奇怪的问题,我需要一些帮助。 使用公钥进行身份验证在某些计算机上运行正常但在其他计算机上无法正常工作,我看到以下错误。
唯一的区别是,有问题的UNIX ID即coonradt似乎在〜/ .ssh / config下面的下面列出的配置设置仅在触发了以下错误的框上
Host *
Protocol 1,2
FallBackToRsh no
ForwardAgent yes
ForwardX11 yes
PasswordAuthentication yes
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
NoHostAuthenticationForLocalhost yes
StrictHostKeyChecking no
KeepAlive yes
从上面的配置文件中我了解到有问题的ID应该使用Protocol 1,2并且我怀疑这可能与我的失败有关(我不是很确定它,但这是只是预感)
对于其工作正常的所有其他UNIX ID,我没有任何此类配置文件。
PS:我无法更改UNIX ID“coonradt”的配置,因为中央哈德森服务器正在使用此ID。
如果有人可以帮助我建议这里可能出现的问题,我将不胜感激
以下是我看到的错误:
Oct 24, 2011 2:30:37 AM net.schmizz.sshj.DefaultConfig initCipherFactories
WARNING: Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.TransportImpl init
INFO: Client identity string: SSH-2.0-SSHJ_0_6_0
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.TransportImpl init
INFO: Server identity string: SSH-1.99-OpenSSH_4.3
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.KeyExchanger sendKexInit
INFO: Sending SSH_MSG_KEXINIT
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.KeyExchanger handle
INFO: Received SSH_MSG_KEXINIT
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.kex.AbstractDHG init
INFO: Sending SSH_MSG_KEXDH_INIT
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.KeyExchanger handle
INFO: Received kex followup data
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.kex.AbstractDHG next
INFO: Received SSH_MSG_KEXDH_REPLY
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.TransportImpl die
SEVERE: Dying because - net.schmizz.sshj.transport.TransportException: [HOST_KEY_NOT_VERIFIABLE] Could not verify `ssh-rsa` host key with fingerprint `ca:0b:b3:7f:53:5a:e3:bc:bf:44:63:d8:2d:26:c0:41` for `mymachine.domain.com` on port 22
Oct 24, 2011 2:30:38 AM net.schmizz.concurrent.Promise tryRetrieve
SEVERE: <<kex done>> woke to: net.schmizz.sshj.transport.TransportException: [HOST_KEY_NOT_VERIFIABLE] Could not verify `ssh-rsa` host key with fingerprint `ca:0b:b3:7f:53:5a:e3:bc:bf:44:63:d8:2d:26:c0:41` for `mymachine.domain.com` on port 22
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.TransportImpl setService
INFO: Setting active service to null-service
Oct 24, 2011 2:30:38 AM com.test.jaws.execution.ssh.impl.SSHJClientImpl$ExceptionHandler handleSevereCondition
SEVERE: mymachine.domain.com is not added to your /x/home/coonradt/.ssh/known_hosts file.
Throwable occurred: net.schmizz.sshj.transport.TransportException: [HOST_KEY_NOT_VERIFIABLE] Could not verify `ssh-rsa` host key with fingerprint `ca:0b:b3:7f:53:5a:e3:bc:bf:44:63:d8:2d:26:c0:41` for `mymachine.domain.com` on port 22
at net.schmizz.sshj.transport.KeyExchanger.verifyHost(KeyExchanger.java:222)
at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:373)
at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:477)
at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:127)
at net.schmizz.sshj.transport.Decoder.received(Decoder.java:195)
at net.schmizz.sshj.transport.Reader.run(Reader.java:72)
答案 0 :(得分:19)
您可以将SSH客户端设置为接受所有密钥而无需任何验证(忽略主机密钥验证)
SSHClient sshClient = new SSHClient();
sshClient.addHostKeyVerifier(new PromiscuousVerifier());
...
答案 1 :(得分:14)
如何为此机器添加HostKeyVerifier?
sshClient.addHostKeyVerifier("ca:0b:b3:7f:53:5a:e3:bc:bf:44:63:d8:2d:26:c0:41");
它不会自动发生的原因可能是因为known_hosts文件不在$(user.home)/。ssh / known_hosts。您还可以从特定位置显式加载已知主机。
sshClient.loadKnownHosts(new File("path_to_known_hosts"));
答案 2 :(得分:7)
try {
ssh.connect(envConf.getIp(), port);
} catch (TransportException e) {
if (e.getDisconnectReason() == DisconnectReason.HOST_KEY_NOT_VERIFIABLE) {
String msg = e.getMessage();
String[] split = msg.split("`");
String vc = split[3];
ssh = new SSHClient();
ssh.addHostKeyVerifier(vc);
ssh.connect(envConf.getIp(), port);
} else {
throw e;
}
}
ssh.authPassword(envConf.getName(), envConf.getPw());
ssh.newSCPFileTransfer().download(envConf.getHomePath() + FilePath, toPath);
答案 3 :(得分:0)
要获得替代答案,请确保您尝试连接的主机名与known_hosts文件中的主机名完全匹配。我正在做的一个示例错误是尝试连接到完整的网址bob.insidenetwork.pvt,但我的known_hosts文件只有bob作为条目,因为当我ssh手动我也是懒得输入整个网址......