JSch:UnknownHostKey 异常,即使 known_hosts 文件中存在主机密钥指纹 [英] JSch: UnknownHostKey exception even when the hostkey fingerprint is present in the known_hosts file
问题描述
关于这个异常已经有两个问题了:
There are two questions about this exception already:
我正在使用 Windows 机器并尝试连接到使用运行 Ubuntu 的 Vagrant 创建的 VM.这是我的代码:
I am using a Windows machine and trying to connect to a VM created with Vagrant running Ubuntu. Here is my code:
public static void main(String[] args) {
String host = "localhost";
String username = "vagrant";
int port = 2200;
String privateKey = "C:\keys\openSSH_pair1\open_ssh_private";
JSch js = new JSch();
try {
js.addIdentity(privateKey, "pass");
js.setKnownHosts("C:\Users\user\.ssh\known_hosts");
Session session = js.getSession(username, host, port);
session.connect();
System.out.println("Connected");
} catch (JSchException e) {
e.printStackTrace();
}
}
@Pascal 建议将 strictHostKeyChecking 设置为 no,这对我有用,但这不是首选的解决方案.他的首选解决方案是从命令行使用 SSH,以便将主机添加到 known_hosts 文件中.我已经安装并执行了 Git ssh -i openSSH_pair1open_ssh_private vagrant@localhost -p 2200并在提示输入密码并建立连接之前收到此输出
@Pascal suggests setting strictHostKeyChecking to no, which works for me, but this is not the preferred solution. His preferred solution is to SSH from the command line so that the host will be added to the known_hosts file. I have Git installed and executed ssh -i openSSH_pair1open_ssh_private vagrant@localhost -p 2200
and received this output before being prompted for the pass phrase and establishing a connection
主机'[localhost]:2200([127.0.0.1]:2200)'的真实性不能成立.ECDSA 密钥指纹是11:5d:55:29:8a:77:d8:08:b4:00:9b:a3:61:93:fe:e5.你确定你想要继续连接(是/否)?是 警告:永久添加'[localhost]:2200' (ECDSA) 到已知主机列表.
The authenticity of host '[localhost]:2200 ([127.0.0.1]:2200)' can't be established. ECDSA key fingerprint is 11:5d:55:29:8a:77:d8:08:b4:00:9b:a3:61:93:fe:e5. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[localhost]:2200' (ECDSA) to the list of known hosts.
所以现在我在 git_home.ssh 中的 known_hosts 文件包含一个 localhost:2200 的条目,我还放置了 known_hosts 文件到 user_home.ssh.我还将我的私钥放在我尝试通过 ssh 连接的 VM 上并运行它以生成公钥并将其添加到 authorized_keys
So now my known_hosts file in git_home.ssh contains an entry for localhost:2200, I also placed the known_hosts file into user_home.ssh. I also put my private key on the VM I'm trying to ssh into and ran this to generate a public key and add it to the authorized_keys
ssh-keygen -y -f open_ssh_private > open_ssh_gen.pub
cat open_ssh_gen.pub >> ~/.ssh/authorized_keys
但是我仍然收到此异常
com.jcraft.jsch.JSchException: UnknownHostKey: localhost. RSA key fingerprint is 50:db:75:ba:11:2f:43:c9:ab:14:40:6d:7f:a1:ee:e3
at com.jcraft.jsch.Session.checkHost(Session.java:797)
at com.jcraft.jsch.Session.connect(Session.java:342)
at com.jcraft.jsch.Session.connect(Session.java:183)
at connect.Main.main(Main.java:24)
另一个问题的答案建议添加以下对我也不起作用的内容
The answer to the other question suggests adding the below which doesn't work for me either
js.setKnownHosts("C:\Users\user\.ssh\known_hosts");
推荐答案
问题是您已将 ECDSA 主机密钥添加到 known_hosts,因为 ssh 更喜欢密钥类型:
The problem is that you have added ECDSA host key to the known_hosts, as the ssh prefers that key type:
ECDSA 密钥指纹为 11:5d:55:29:8a:77:d8:08:b4:00:9b:a3:61:93:fe:e5.
ECDSA key fingerprint is 11:5d:55:29:8a:77:d8:08:b4:00:9b:a3:61:93:fe:e5.
但是 JSch 更喜欢 RSA 密钥,它在 known_hosts 中找不到:
But JSch prefers RSA key, which it won't find in the known_hosts:
RSA 密钥指纹为 50:db:75:ba:11:2f:43:c9:ab:14:40:6d:7f:a1:ee:e3
RSA key fingerprint is 50:db:75:ba:11:2f:43:c9:ab:14:40:6d:7f:a1:ee:e3
您可能需要 JCE 才能在 JSch 中启用 ECDSA.
You probably need JCE to enable ECDSA In JSch.
参见JSch 算法协商失败.
或者让 ssh 使用带有 -o HostKeyAlgorithms=ssh-rsa 的 RSA 密钥.
请参阅如何强制 SSH 提供 RSA 密钥而不是 ECDSA?
Or make ssh use RSA key with -o HostKeyAlgorithms=ssh-rsa.
See How can I force SSH to give an RSA key instead of ECDSA?
你也可以使用ssh-keyscan:
ssh-keyscan -t rsa example.com
这篇关于JSch:UnknownHostKey 异常,即使 known_hosts 文件中存在主机密钥指纹的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
