使用 JSch SFTP 库时如何解析 Java UnknownHostKey? [英] How to resolve Java UnknownHostKey, while using JSch SFTP library?

查看:41
本文介绍了使用 JSch SFTP 库时如何解析 Java UnknownHostKey?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在运行一个 Java 程序,我使用 Java SFTP 将文件从一个文件夹传输到另一个文件夹.我遇到的问题是我的 Java SFTP(使用 JSch)中出现以下错误:

<块引用>

C:OracleMiddlewareOracle_Homeoracle_commonjdkinjavaw.exe-server -classpath C:JDevelopermyworkJava_Hello_World.adf;C:JDevelopermyworkJava_Hello_WorldClientclasses;C:UsersADMINDownloadsjsch-0.1.53.jar-Djavax.net.ssl.trustStore=C:UsersIBM_AD~1AppDataLocalTemp rustStore5840796204189742395.jksFileTransfer com.jcraft.jsch.JSchException:UnknownHostKey:127.0.0.1.RSA 密钥指纹为 a2:39:3f:44:88:e9:1f:d7:d1:71:f4:85:98:fb:90:dc在 com.jcraft.jsch.Session.checkHost(Session.java:797) 在com.jcraft.jsch.Session.connect(Session.java:342) 在com.jcraft.jsch.Session.connect(Session.java:183) 在FileTransfer.main(FileTransfer.java:33) 进程以退出代码退出0.

以下是我目前的代码:

FileTransfer fileTransfer = new FileTransfer();JSch jsch = new JSch();尝试 {字符串主机 = "127.0.0.1";内部端口 = 22;字符串用户 = "用户";Session session = jsch.getSession(user, host, port);session = jsch.getSession("用户名", "127.0.0.1", 22);会话连接();//这里的错误,java.net.ConnectExceptionChannelSftp sftp = null;sftp = (ChannelSftp)session.openChannel("sftp") ;//渠道;//额外的配置代码java.util.Properties config = new java.util.Properties();config.put("StrictHostKeyChecking", "no");session.setConfig(config);//结束额外的配置代码sftp.rename("C:\Users\ADMIN\Desktop\Work\ConnectOne_Bancorp\Java_Work\SFTP_1\house.bmp", "C:\Users\ADMIN\Desktop\Work\ConnectOne_Bancorp\Java_Work\SFTP_2\house.bmp");session.disconnect();} catch (JSchException e) {e.printStackTrace();} catch (SftpException e) {e.printStackTrace();}//收尾

我的 Cygwin 已设置,我检查(使用 netstat -a -b )它正在运行.

解决方案

您试图通过将 StrictHostKeyChecking 设置为 no 来跳过主机密钥检查.

但是你必须在检查之前这样做,即在 session.connect() 之前.

<小时>

无论如何,你永远不应该这样做,除非你不关心安全.主机密钥检查旨在保护您免受中间人攻击.

相反,设置一个预期的主机密钥让 JSch 验证它.

例如:

  • 调用JSch.setKnownHosts 提供了一个类似 .ssh/known_hosts 的文件的路径.

    要生成类似 .ssh/known_hosts 的文件,您可以使用来自 OpenSSH 的 ssh-keyscan 命令.如果你从 *nix 服务器连接,你应该有可用的命令,只需运行

    ssh-keyscan example.com >已知主机

    它将具有如下格式:

    <预> <代码> example.com SSH-RSA AAAAB3NzaC1yc2EAAAABIwAAAQEA0hVqZOvZ7yWgie9OHdTORJVI5fJJoH1yEGamAd5G3werH0z7e9ybtq1mGUeRkJtea7bzru0ISR0EZ9HIONoGYrDmI7S + BiwpDBUKjva4mAsvzzvsy6Ogy/apkxm6Kbcml8u4wjxaOw3NKzKqeBvR3pc + nQVA + SJUZq8D2XBRd4EDUFXeLzwqwen9G7gSLGB1hJkSuRtGRfOHbLUuCKNR8RV82i3JvlSnAwb3MwN0m3WGdlJA8J + 5YAg4e6JgSKrsCObZK7W1R6iuyuH1zA + dtAHyDyYVHB4FnYZPL0hgz2PSb9c + iDEiFcT/LT4/dQ的+ kRW6DYn66lS8peS8zCJ9CSQ ==

    并在您的 JSch 代码中引用生成的 known_hosts 文件.

    如果您使用的是 Windows,则可以从 ssh-keyscan 的 Windows 版本"noreferrer">Win32-OpenSSH 项目 或适用于 Windows 的 Git.

  • 调用 JSch.getHostKeyRepository().add() 以提供预期的主机密钥(例如,硬编码,作为您的其他凭据).

    请参阅从 .pub 格式的公钥创建 JSch HostKey 实例.

I'm running a java program where I transfer a file from one folder to another, using Java SFTP. The problem I'm having is that I'm getting the following error in my Java SFTP (using JSch) :

C:OracleMiddlewareOracle_Homeoracle_commonjdkinjavaw.exe -server -classpath C:JDevelopermyworkJava_Hello_World.adf;C:JDevelopermyworkJava_Hello_WorldClientclasses;C:UsersADMINDownloadsjsch-0.1.53.jar -Djavax.net.ssl.trustStore=C:UsersIBM_AD~1AppDataLocalTemp rustStore5840796204189742395.jks FileTransfer com.jcraft.jsch.JSchException: UnknownHostKey: 127.0.0.1. RSA key fingerprint is a2:39:3f:44:88:e9:1f:d7:d1:71:f4:85:98:fb:90:dc at com.jcraft.jsch.Session.checkHost(Session.java:797) at com.jcraft.jsch.Session.connect(Session.java:342) at com.jcraft.jsch.Session.connect(Session.java:183) at FileTransfer.main(FileTransfer.java:33) Process exited with exit code 0.

The following is my code so far:

FileTransfer fileTransfer = new FileTransfer();              

JSch jsch = new JSch();

try {

    String host = "127.0.0.1";
    int port = 22;

    String user = "user";
    Session session = jsch.getSession(user, host, port);      
    session = jsch.getSession("username", "127.0.0.1", 22);
    session.connect();  // bug here , java.net.ConnectException

    ChannelSftp sftp = null;
    sftp = (ChannelSftp)session.openChannel("sftp") ; //channel;

    //extra config code
    java.util.Properties config = new java.util.Properties(); 
    config.put("StrictHostKeyChecking", "no");
    session.setConfig(config);
    // end extra config code

    sftp.rename("C:\Users\ADMIN\Desktop\Work\ConnectOne_Bancorp\Java_Work\SFTP_1\house.bmp", "C:\Users\ADMIN\Desktop\Work\ConnectOne_Bancorp\Java_Work\SFTP_2\house.bmp");  
    session.disconnect();

} catch (JSchException e) {
    e.printStackTrace();  
} catch (SftpException e) {
    e.printStackTrace();
} //end-catch

My Cygwin is set up, and I checked (with netstat -a -b ) that it's running.

解决方案

You are trying to skip a host key checking by setting StrictHostKeyChecking to no.

But you have to do that before the checking, i.e. before the session.connect().

Anyway, you should never do this, unless you do not care about security. The host key checking is there to protect you from man-in-the-middle attacks.

Instead, set up an expected host key to let JSch verify it.

For example:

  • Call JSch.setKnownHosts providing a path to a .ssh/known_hosts-like file.

    To generate the .ssh/known_hosts-like file, you can use an ssh-keyscan command from OpenSSH. If you are connecting from a *nix server, you should have the command available, just run

    ssh-keyscan example.com > known_hosts

    It will have a format like:

    example.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0hVqZOvZ7yWgie9OHdTORJVI5fJJoH1yEGamAd5G3werH0z7e9ybtq1mGUeRkJtea7bzru0ISR0EZ9HIONoGYrDmI7S+BiwpDBUKjva4mAsvzzvsy6Ogy/apkxm6Kbcml8u4wjxaOw3NKzKqeBvR3pc+nQVA+SJUZq8D2XBRd4EDUFXeLzwqwen9G7gSLGB1hJkSuRtGRfOHbLUuCKNR8RV82i3JvlSnAwb3MwN0m3WGdlJA8J+5YAg4e6JgSKrsCObZK7W1R6iuyuH1zA+dtAHyDyYVHB4FnYZPL0hgz2PSb9c+iDEiFcT/lT4/dQ+kRW6DYn66lS8peS8zCJ9CSQ==

    And reference the generated known_hosts file in your JSch code.

    If you are on Windows, you can get a Windows build of ssh-keyscan from Win32-OpenSSH project or Git for Windows.

  • Call JSch.getHostKeyRepository().add() to provide the expected host key (e.g. hard-coded, as your other credentials).

    See Creating JSch HostKey instance from a public key in .pub format.

这篇关于使用 JSch SFTP 库时如何解析 Java UnknownHostKey?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Java开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆