JSchException:算法协商失败diffie-hellman-group14-sha1 [英] JSchException: Algorithm negotiation fail diffie-hellman-group14-sha1
问题描述
我知道有人问过几次,但是我已经尝试了许多已经接受的解决方案。
I know this has been asked a few times but I have tried many of the accepted solutions already given.
我正在使用JSch创建一个简单的SSH隧道。并且在日志中不断出现此错误:
I am creating a simple SSH tunnel using JSch. and I keep getting this error along with this in the logs:
INFO: diffie-hellman-group14-sha1 is not available.
我已经将Java无限策略文件添加到了正确的文件夹中,并且将此算法添加到了sshd_config文件中的KexAlgorithms部分。以下是完整的日志明细。
I have already added the Java unlimited policy files to the correct folder and I have added this algorithm to the KexAlgorithms section in the sshd_config file. Below is the full log breakdown.
INFO: Connecting to xx.xx.xxx.xxx port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-OpenSSH_6.8
INFO: Local version string: SSH-2.0-JSCH-0.1.50
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192- cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1
INFO: diffie-hellman-group14-sha1 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
INFO: kex: server: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
INFO: kex: server: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
INFO: kex: server: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
INFO: kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
INFO: kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
INFO: kex: server: none,zlib@openssh.com
INFO: kex: server: none,zlib@openssh.com
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
INFO: kex: client: ssh-rsa,ssh-dss
INFO: kex: client: aes256-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
INFO: kex: client: hmac-sha2-256
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: Disconnecting from xx.xx.xxx.xxx port 22
com.jcraft.jsch.JSchException: Algorithm negotiation fail
推荐答案
您的客户端和服务器不共享通用的KEX算法:
Your client and server do not share a common KEX algorithm:
信息:kex:服务器:curve25519-sha256 @ lib ssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
INFO: kex: server: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
INFO:kex:客户:diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
如您所见,在另一方的列表中找不到任何一方支持的算法。您可以通过以下两种方式之一向客户端添加对其他KEX算法的支持:
As you can see, none of the algorithms supported by either are found in the other's list. You can add support for additional KEX algorithms to your client in one of two ways:
- 将JSch升级到最新版本(0.1.52)自动启用对sha256的支持。
-
如果您坚持使用0.1.51,则可以通过编程方式启用sha256:
- Upgrade JSch to the latest release (0.1.52) to automatically enable support for sha256.
If you're stuck with 0.1.51, you can programatically enable sha256:
JSch shell = new JSch();
Properties config = new Properties();
config.put("kex", "diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256");
config.put("StrictHostKeyChecking", "no");
然后创建会话并使用以下命令设置配置:
Then create your session and set the configuration with:
Session session = ...
session.setConfig(config);
这篇关于JSchException:算法协商失败diffie-hellman-group14-sha1的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
