“验证失败"在Java 1.4.2的jsch-0.1.42中 [英] "Auth fail" in jsch-0.1.42 with Java 1.4.2

问题描述

我有这个简单的Java程序，它使用 Jsch 连接到SFTP服务器.

I have this simple Java program that uses Jsch to connect to an SFTP server.

在Java 1.4.2上，连接失败，并出现验证失败"异常，但在Java 1.7上，连接无懈可击.

The connection fails with an "Auth fail" exception on Java 1.4.2, but it connects flawlessly on Java 1.7.

try {
    JSch jsch = new JSch();

    jsch.setKnownHosts(KNOWN_HOSTS_PATH);
    jsch.addIdentity(PRIVATE_KEY_PATH, PASSPHRASE);

    Session session = jsch.getSession(USERNAME, HOSTNAME, 22);
    session.connect(2500);

    Channel channel = session.openChannel("shell");
    channel.setInputStream(System. in );
    channel.setOutputStream(System.out);
    channel.connect();
} catch (Exception e) {
    e.printStackTrace(System.err);
}

我正在使用的密钥是ssh-rsa 4096位密钥. .pub密钥文件与私钥存在于同一目录中.

The key I'm using is an ssh-rsa 4096 bit key. The .pub key file exists in the same directory as the private key.

连接记录器时，在异常(发生在channel.connect();上)之前，我看到以下消息:

When connecting a logger, I see the following messages before the exception (which occurs on channel.connect();):

INFO: Connecting to <redacted> port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-OpenSSH_5.1p1 Debian-5
INFO: Local version string: SSH-2.0-JSCH-0.1.42
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: arcfour is not available.
INFO: arcfour128 is not available.
INFO: arcfour256 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server->client aes128-ctr hmac-md5 none
INFO: kex: client->server aes128-ctr hmac-md5 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: ssh_rsa_verify: signature true
INFO: Host '<redacted>' is known and mathces the RSA host key
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: SSH_MSG_SERVICE_ACCEPT received
INFO: Authentications that can continue: publickey,keyboard-interactive,password
INFO: Next authentication method: publickey
INFO: Authentications that can continue: password
INFO: Next authentication method: password
INFO: Disconnecting from <redacted> port 22
com.jcraft.jsch.JSchException: Auth fail
        at com.jcraft.jsch.Session.connect(Session.java:452)
        at TestJsch.main(TestJsch.java:19)

当我使用Java 1.7运行相同的程序时，它说

When I run the same program with Java 1.7, it says

INFO: Connecting to <redacted> port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-OpenSSH_5.1p1 Debian-5
INFO: Local version string: SSH-2.0-JSCH-0.1.42
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server->client aes128-ctr hmac-md5 none
INFO: kex: client->server aes128-ctr hmac-md5 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: ssh_rsa_verify: signature true
INFO: Host '<redacted>' is known and mathces the RSA host key
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: SSH_MSG_SERVICE_ACCEPT receivedINFO: Authentications that can continue: publickey,keyboard-interactive,password
INFO: Next authentication method: publickey
INFO: Authentication succeeded (publickey).
Linux <redacted> 2.6.26-2-amd64 #1 SMP Mon Jun 13 16:29:33 UTC 2011 x86_64

<server welcome message follows>

我已经为1.4 VM安装了Java密码学扩展(JCE).

I have installed the Java Cryptography Extensions (JCE) for the 1.4 VM.

该问题的根源是什么?

推荐答案

Java在使用强加密算法方面有一个限制.检查$JRE_HOME/lib/security/US_Export_policy.jar和$JRE_HOME/lib/security/local_policy.jar的内容.如果您发现类似这样的内容:

Java has a limitation for using strong crypto algorithm. Check content of $JRE_HOME/lib/security/US_Export_policy.jar and $JRE_HOME/lib/security/local_policy.jar. If you find something like this:

// File: default_local.policy
// Some countries have import limits on crypto strength.
// This policy file is worldwide importable.
grant {
    permission javax.crypto.CryptoPermission "DES", 64;
    permission javax.crypto.CryptoPermission "DESede", *;
    permission javax.crypto.CryptoPermission "RC2", 128,
                   "javax.crypto.spec.RC2ParameterSpec", 128;
    permission javax.crypto.CryptoPermission "RC4", 128;
    permission javax.crypto.CryptoPermission "RC5", 128,
          "javax.crypto.spec.RC5ParameterSpec", *, 12, *;
    permission javax.crypto.CryptoPermission "RSA", 2048;
    permission javax.crypto.CryptoPermission *, 128;
};

决定将下载并安装JCE无限强度管辖权政策.以前，它位于Sun的站点上，现在我不知道在哪里可以找到它.

Decision is to download and install JCE Unlimited Strength Jurisdiction Policy. Previously, it was located on Sun's site, now I don't know where it can be found.

您可以在本文中阅读更多的

You can read more in this article

经过研究，我发现答案不正确.

After some research, I found my answer was incorrect.

Java 1.4不支持长度超过2048个字节的RSA密钥 BUG 4524097

Java 1.4 does not support RSA keys more than 2048 byte length BUG 4524097

这篇关于“验证失败"在Java 1.4.2的jsch-0.1.42中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！