Jenkins中的算法协商失败了SSH [英] Algorithm negotiation fail SSH in Jenkins
问题描述
我正在尝试从Jenkins ssh到本地服务器,但抛出以下错误:
I'm trying to ssh from Jenkins to a local server but the following error is thrown:
[SSH] Exception:Algorithm negotiation fail
com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:520)
at com.jcraft.jsch.Session.connect(Session.java:286)
at com.jcraft.jsch.Session.connect(Session.java:150)
at org.jvnet.hudson.plugins.SSHSite.createSession(SSHSite.java:141)
at org.jvnet.hudson.plugins.SSHSite.executeCommand(SSHSite.java:151)
at org.jvnet.hudson.plugins.SSHBuildWrapper.executePreBuildScript(SSHBuildWrapper.java:75)
at org.jvnet.hudson.plugins.SSHBuildWrapper.setUp(SSHBuildWrapper.java:59)
at hudson.model.Build$BuildExecution.doRun(Build.java:154)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:533)
at hudson.model.Run.execute(Run.java:1754)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:89)
at hudson.model.Executor.run(Executor.java:240)
Finished: FAILURE
SSH服务器上已安装的Java版本:
Installed version of Java on SSH server:
java version "1.8.0_25"
Java(TM) SE Runtime Environment (build 1.8.0_25-b18)
Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)
客户端上安装的java版本:
Installed version of java on client:
java version "1.8.0_25"
Java(TM) SE Runtime Environment (build 1.8.0_25-b18)
Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)
也试过这个解决方案:
JSchException:算法协商失败
但它不起作用。从腻子一切似乎都没问题。建立连接,但是当我触发Jenkins作业时,会抛出错误。我应该尝试另一个版本的ssh服务器。现在我正在使用copssh。
Also tried this solution: JSchException: Algorithm negotiation fail but it's not working. From putty everything seems to be ok. The connection is established but when I trigger the Jenkins job the error is thrown. Should I try another version of ssh server. Now I'm using copssh.
推荐答案
TL; DR编辑你的sshd_config并启用对diffie-hellman-group-exchange-的支持KexAlgorithms中的sha1和diffie-hellman-group1-sha1:
TL;DR edit your sshd_config and enable support for diffie-hellman-group-exchange-sha1 and diffie-hellman-group1-sha1 in KexAlgorithms:
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
我怀疑在OpenSSH 6.7中发生以下更改后问题出现了:默认的密码和MAC集合已经被改变以删除不安全的算法。 (请参阅更改日志)。这个版本于10月6日发布,并于10月21日在Debian测试中发布(参见 Debian更改日志)。
I suspect that the problem appeared after the following change in OpenSSH 6.7: "The default set of ciphers and MACs has been altered to remove unsafe algorithms.". (see changelog). This version was released on Oct, 6, and made it on Oct, 21 to Debian testing (see Debian changelog).
默认情况下,OpenSSH仅启用以下密钥交换算法:
OpenSSH enables only the following key exchange algorithms by default:
- curve25519-sha256@libssh.org
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group14-sha1
- curve25519-sha256@libssh.org
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group14-sha1
JSch声称支持这些算法(见下)密钥交换的功能:
Whereas JSch claims to support these algorithms (see under "features") for key exchange:
- diffie-hellman-group-exchange-sha1
- diffie-hellman-group1-sha1
事实上,他们无法就通用密钥交换算法达成一致。更新sshd_config(并重新启动SSH服务器)可以解决问题。显然,自0.1.50版以来,JSch应支持diffie-hellman-group-exchange-sha256方法(参见 changelog )。
So indeed, they cannot agree on a common key exchange algorithm. Updating sshd_config (and restarting the SSH server) does the trick. Apparently JSch is supposed to support the "diffie-hellman-group-exchange-sha256" method since version 0.1.50 (see changelog).
这篇关于Jenkins中的算法协商失败了SSH的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
