我正在尝试从我的 Java 应用程序到客户端的外部服务器进行 SSH 连接。客户端增强了安全性,他们不接受 1024 位素数,但我的 JSch 只发送 1024 位素数。
请在下面找到我的应用程序的详细错误输出:
INFO |: Launching [sftp] handler
INFO |: Creating SFTP session to host [server1] with logger for JSch
INFO |: Connecting via public/private key.
INFO |: Session created.
INFO |: Connecting to server1 port 22
INFO |: Connection established
INFO |: Remote version string: SSH-2.0-VShell_4_1_1_862 VShell
INFO |: Local version string: SSH-2.0-JSCH-0.1.53
INFO |: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO |: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO |: SSH_MSG_KEXINIT sent
INFO |: SSH_MSG_KEXINIT received
INFO |: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
INFO |: kex: server: ecdsa-sha2-nistp256,ssh-dss,ssh-rsa
INFO |: kex: server: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
INFO |: kex: server: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
INFO |: kex: server: hmac-sha2-512,hmac-sha2-256,hmac-sha1
INFO |: kex: server: hmac-sha2-512,hmac-sha2-256,hmac-sha1
INFO |: kex: server: [email protected],zlib,none
INFO |: kex: server: [email protected],zlib,none
INFO |: kex: client: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO |: kex: client: ssh-rsa,ssh-dss
INFO |: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO |: kex: client: aes128-cbc,3des-cbc
INFO |: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO |: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO |: kex: server->client aes128-cbc hmac-sha1 none
INFO |: kex: client->server aes128-ctr hmac-sha1 none
INFO |: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent
INFO |: expecting SSH_MSG_KEX_DH_GEX_GROUP
INFO |: Disconnecting from server1 port 22
ERROR |: Unable to connect to SFTP server. com.jcraft.jsch.JSchException: SSH_MSG_DISCONNECT: 11 No appropriate prime between 1024 and 1024 is available. en
INFO |: -----------------------------------------------------------------------------------------------
很少有其他博客建议升级到 JSch 版本 0.1.53 可以解决该问题,但我已经在我的应用程序中使用 0.1.53 版本。
当我尝试使用详细选项从命令行连接时,我能够连接:
$ sftp -v username@server1
Connecting to server1...
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server1 [10.XX.XXX.XXX] port 22.
debug1: Connection established.
debug1: identity file /.ssh/id_rsa type 1
debug1: identity file /.ssh/id_rsa-cert type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_dsa-cert type -1
debug1: identity file /.ssh/id_ecdsa type -1
debug1: identity file /.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version VShell_4_1_1_862 VShell
debug1: no match: VShell_4_1_1_862 VShell
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server1' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:155
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_GB
debug1: Sending subsystem: sftp
sftp>
注意:我使用 SSH-2 RSA 2048 位密钥来使用我的应用程序和命令行进行连接。我使用应用程序和命令行观察到的唯一区别是:
我的应用程序在连接时发送以下信息:
INFO |: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent
命令行连接在连接时发送以下信息:
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
有关如何更改我的应用程序以发送 SSH2_MSG_KEX_DH_GEX_REQUEST 的任何建议(1024<2048<8192) would be much helpful.
请参阅 JSch 更改日志,了解 “自版本 0.1.52 以来的更改”:
- 更改:僵局:diffie-hellman-group-exchange-sha256 和 diffie-hellman-group-exchange-sha1 将使用 2048 位密钥 Java8 的 SunJCE,感谢 JDK-6521495 和 JDK-7044060。
所以你需要 JSch 0.1.53 是正确的,但你的 JDK 中还需要这些修复: