Jenkins 中的算法协商失败 SSH [英] Algorithm negotiation fail SSH in Jenkins

问题描述

我正在尝试从 Jenkins ssh 到本地服务器，但抛出以下错误:

I'm trying to ssh from Jenkins to a local server but the following error is thrown:

[SSH] Exception:Algorithm negotiation fail
    com.jcraft.jsch.JSchException: Algorithm negotiation fail
    at com.jcraft.jsch.Session.receive_kexinit(Session.java:520)
    at com.jcraft.jsch.Session.connect(Session.java:286)
    at com.jcraft.jsch.Session.connect(Session.java:150)
    at org.jvnet.hudson.plugins.SSHSite.createSession(SSHSite.java:141)
    at org.jvnet.hudson.plugins.SSHSite.executeCommand(SSHSite.java:151)
    at org.jvnet.hudson.plugins.SSHBuildWrapper.executePreBuildScript(SSHBuildWrapper.java:75)
    at org.jvnet.hudson.plugins.SSHBuildWrapper.setUp(SSHBuildWrapper.java:59)
    at hudson.model.Build$BuildExecution.doRun(Build.java:154)
    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:533)
    at hudson.model.Run.execute(Run.java:1754)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:89)
    at hudson.model.Executor.run(Executor.java:240)
Finished: FAILURE

在 SSH 服务器上安装的 Java 版本:

Installed version of Java on SSH server:

java version "1.8.0_25"
Java(TM) SE Runtime Environment (build 1.8.0_25-b18)
Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)

客户端安装的java版本:

Installed version of java on client:

java version "1.8.0_25"
Java(TM) SE Runtime Environment (build 1.8.0_25-b18)
Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)

也试过这个解决方案:JSchException:算法协商失败但它不起作用.从腻子一切似乎没问题.连接已建立，但是当我触发 Jenkins 作业时，会抛出错误.我应该尝试另一个版本的 ssh 服务器吗?现在我正在使用 copssh.

Also tried this solution: JSchException: Algorithm negotiation fail but it's not working. From putty everything seems to be ok. The connection is established but when I trigger the Jenkins job the error is thrown. Should I try another version of ssh server. Now I'm using copssh.

推荐答案

TL;DR 编辑您的 sshd_config 并在 KexAlgorithms 中启用对 diffie-hellman-group-exchange-sha1 和 diffie-hellman-group1-sha1 的支持:

TL;DR edit your sshd_config and enable support for diffie-hellman-group-exchange-sha1 and diffie-hellman-group1-sha1 in KexAlgorithms:

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

我怀疑问题是在 OpenSSH 6.7 中进行以下更改后出现的:默认密码和 MAC 集已被更改以删除不安全的算法.".(请参阅更改日志).此版本于 10 月 6 日发布，并于 10 月 21 日进行了 Debian 测试(请参阅 Debian 更改日志).

I suspect that the problem appeared after the following change in OpenSSH 6.7: "The default set of ciphers and MACs has been altered to remove unsafe algorithms.". (see changelog). This version was released on Oct, 6, and made it on Oct, 21 to Debian testing (see Debian changelog).

OpenSSH 默认只启用以下密钥交换算法:

OpenSSH enables only the following key exchange algorithms by default:

• curve25519-sha256@libssh.org
• ecdh-sha2-nistp256
• ecdh-sha2-nistp384
• ecdh-sha2-nistp521
• diffie-hellman-group-exchange-sha256
• diffie-hellman-group14-sha1

而 JSch 声称支持用于密钥交换的这些算法(参见功能"):

Whereas JSch claims to support these algorithms (see under "features") for key exchange:

• diffie-hellman-group-exchange-sha1
• diffie-hellman-group1-sha1

因此，他们确实无法就通用密钥交换算法达成一致.更新 sshd_config(并重新启动 SSH 服务器)可以解决问题.显然，从 0.1.50 版开始，JSch 应该支持diffie-hellman-group-exchange-sha256"方法(参见 changelog).

So indeed, they cannot agree on a common key exchange algorithm. Updating sshd_config (and restarting the SSH server) does the trick. Apparently JSch is supposed to support the "diffie-hellman-group-exchange-sha256" method since version 0.1.50 (see changelog).

这篇关于Jenkins 中的算法协商失败 SSH的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！