JSchException:算法协商失败 [英] JSchException: Algorithm negotiation fail
问题描述
我正在尝试通过ssh与JSch(0.1.44-1)连接到远程sftp服务器,但在session.connect()期间;我得到这个例外:
com.jcraft.jsch.JSchException:算法协商失败在
com.jcraft。 jsch.Session.receive_kexinit(Session.java:529)at
com.jcraft.jsch.Session.connect(Session.java:291)at com.jcraft.jsch.Session.connect(Session.java:154)
...
从JSch登录:
INFO:连接到xx.xx.xx.xxport 22
INFO:建立连接
INFO:远程版本字符串:SSH-2.0-WeOnlyDo 2.0 .6
INFO:本地版本的字符串:SSH-2.0-JSCH-0.1.44
信息:CheckCiphers:aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128 -cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO:aes256-ctr不可用。
信息:aes192-ctr不可用。
信息:aes256-cbc不可用。
INFO:aes192-cbc不可用。
信息:arcfour256不可用。
信息:SSH_MSG_KEXINIT发送
信息:SSH_MSG_KEXINIT收到
信息:断开与xx.xx.xx.xx端口22
我可以使用linux sftp命令登录到远程服务器。我试图在互联网上找到任何线索,但我失败了。
从linux sftp命令调试输出:
OpenSSH_5.5p1-DAM_1.2,OpenSSL 0.9.8r 8 Feb 201
debug1:读取配置数据/ etc / DAM / ssh / ssh_config
debug1:为*
应用选项debug1:应用*。*
的选项debug1:连接到xx.xx.xx.xx [xx.xx.xx.xx]端口22.
debug1:建立连接。
debug1:标识文件/**/spv_id_rsa.key类型-1
debug1:标识文件/**/spv_id_rsa.key-cert类型-1
debug1:远程协议版本2.0,远程软件版本WeOnlyDo 2.0.6
debug1:不匹配:WeOnlyDo 2.0.6
debug1:启用协议2.0的兼容性模式
debug1:本地版本的字符串SSH-2.0-OpenSSH_5.5p1-DAM_1。 2
debug1:SSH2_MSG_KEXINIT发送
debug1:SSH2_MSG_KEXINIT收到
debug1:kex:server->客户端aes256-cbc hmac-md5 none
debug1:kex:client->服务器aes256-cbc hmac-md5 none
debug1:发送SSH2_MSG_KEXDH_INIT
debug1:期望SSH2_MSG_KEXDH_REPLY
debug1:主机'xx.xx.xx.xx'是已知的,并与RSA主机密钥相匹配。
debug1:找到密钥〜/ .ssh / known_hosts:8
debug1:ssh_rsa_verify:签名正确
debug1:SSH2_MSG_NEWKEYS发送
debug1:期望SSH2_MSG_NEWKEYS
debug1:SSH2_MSG_NEWKEYS收到
debug1:漫游不允许服务器
调试1:SSH2_MSG_SERVICE_REQUEST发送
调试1:SSH2_MSG_SERVICE_ACCEPT收到
调试1:认证可以继续:publickey
debug1:下一个身份验证方法: publickey
debug1:尝试私钥:/**/spv_id_rsa.key
debug1:读取PEM私钥完成:类型RSA
debug1:认证成功(publickey)。
debug1:channel 0:new [client-session]
debug1:进入交互式会话。
debug1:发送子系统:sftp
连接到xx.xx.xx.xx。
sftp>
SSH客户端和服务器有几个地方尝试并商定一个共同的实施。我知道的两个是加密和压缩。服务器和客户端生成可用选项列表,然后选择两个列表中最佳可用选项。
如果列表中没有可接受的选项,则它将失败你得到的错误我从这里的调试输出猜测,但是看起来加密的唯一服务器选项是aes256-cbc hmac-md5 none。
JSch不做由于您的Java策略文件,hmac-md5和aes256-cbc被禁用。您可以尝试的两件事是...
- 要增加服务器上的可用加密库,请在客户端上安装无限制的策略文件,启用aes256-cbc(确保消息说它被禁用,这些策略文件是非常容易安装在错误的JVM上)从 Sun Java 6下载网站,
- 或尝试禁用加密。
第一个是理想的,如果您有访问权限到服务器(相信我aes128-cbc是大量的加密),但第二个是很容易,以快速测试出理论。
I am trying to connect to remote sftp server over ssh with JSch (0.1.44-1) but during "session.connect();" I am getting this exception:
com.jcraft.jsch.JSchException: Algorithm negotiation fail at
com.jcraft.jsch.Session.receive_kexinit(Session.java:529) at
com.jcraft.jsch.Session.connect(Session.java:291) at com.jcraft.jsch.Session.connect(Session.java:154)
...
Logs from JSch:
INFO: Connecting to xx.xx.xx.xxport 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-WeOnlyDo 2.0.6
INFO: Local version string: SSH-2.0-JSCH-0.1.44
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: aes256-ctr is not available.
INFO: aes192-ctr is not available.
INFO: aes256-cbc is not available.
INFO: aes192-cbc is not available.
INFO: arcfour256 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: Disconnecting from xx.xx.xx.xx port 22
I am able to log in to remote server with linux sftp command. I was trying to find any kind of clue in the internet but I failed.
Debug output from linux sftp command:
OpenSSH_5.5p1-DAM_1.2, OpenSSL 0.9.8r 8 Feb 201
debug1: Reading configuration data /etc/DAM/ssh/ssh_config
debug1: Applying options for *
debug1: Applying options for *.*
debug1: Connecting to xx.xx.xx.xx [xx.xx.xx.xx] port 22.
debug1: Connection established.
debug1: identity file /**/spv_id_rsa.key type -1
debug1: identity file /**/spv_id_rsa.key-cert type -1
debug1: Remote protocol version 2.0, remote software version WeOnlyDo 2.0.6
debug1: no match: WeOnlyDo 2.0.6
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1-DAM_1.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes256-cbc hmac-md5 none
debug1: kex: client->server aes256-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'xx.xx.xx.xx' is known and matches the RSA host key.
debug1: Found key in ~/.ssh/known_hosts:8
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /**/spv_id_rsa.key
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
Connected to xx.xx.xx.xx.
sftp>
There are a couple of places that SSH clients and servers try and agree on a common implementation. Two I know of are encryption and compression. The server and client produce a list of available options and then the best available option in both lists is chosen.
If there is no acceptable option in the lists then it fails with the error you got. I'm guessing from the debug output here but it looks like the only server options for encryption are "aes256-cbc hmac-md5 none".
JSch doesn't do hmac-md5 and aes256-cbc is disabled because of your Java policy files. Two things you could try are...
- To increase the available encryption libraries on the server, install unrestricted policy files on your client, enabling aes256-cbc (make sure the message saying it is disabled goes away, those policy files are notoriously easy to install on the wrong JVM) from the Sun Java 6 download site,
- or try and disable encryption.
The first is ideal if you have access to the server (trust me aes128-cbc is plenty of encryption), but the second is easy enough to quickly test out the theory.
这篇关于JSchException:算法协商失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
