JSch算法协商失败
我尝试用Java连接SFTP服务器。
我收到了一个错误。
com.jcraft.jsch.JSchException:算法协商失败
这是POM:
com.jcraft jsch 0.1.53 这是日志:
INFO: Connecting to **"FTP ADRESS"** port 22 INFO: Connection established INFO: Remote version string: SSH-2.0-Maverick_SSHD INFO: Local version string: SSH-2.0-JSCH-0.1.53 INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 INFO: aes256-ctr is not available. INFO: aes192-ctr is not available. INFO: aes256-cbc is not available. INFO: aes192-cbc is not available. INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 INFO: diffie-hellman-group14-sha1 is not available. INFO: ecdh-sha2-nistp256 is not available. INFO: ecdh-sha2-nistp384 is not available. INFO: ecdh-sha2-nistp521 is not available. INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 INFO: ecdsa-sha2-nistp256 is not available. INFO: ecdsa-sha2-nistp384 is not available. INFO: ecdsa-sha2-nistp521 is not available. INFO: SSH_MSG_KEXINIT sent INFO: SSH_MSG_KEXINIT received INFO: kex: server: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 INFO: kex: server: ssh-rsa INFO: kex: server: aes256-cbc,aes192-cbc INFO: kex: server: aes256-cbc,aes192-cbc INFO: kex: server: hmac-sha1,hmac-sha1-96 INFO: kex: server: hmac-sha1,hmac-sha1-96 INFO: kex: server: none INFO: kex: server: none INFO: kex: server: INFO: kex: server: INFO: kex: client: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 INFO: kex: client: ssh-rsa,ssh-dss INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 INFO: kex: client: none INFO: kex: client: none INFO: kex: client: INFO: kex: client: INFO: Disconnecting from "FTP ADRESS" port 22
我得到了这个错误,我试图修复。 我无法访问SFTP服务器以下载或更新任何文件或等…
我可以通过FileZilla连接服务器,但我无法通过Java实现。
连接代码:
JSch jsch = new JSch(); Properties config = new Properties(); config.put("cipher.s2c", "aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc"); config.put("cipher.c2s", "aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc"); config.put("kex", "diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256"); Session jschSession = jsch.getSession("username","server",22); jschSession.setConfig("StrictHostKeyChecking", "no"); jschSession.setPassword("password"); jschSession.setConfig(config); jschSession.connect();
当我添加
config.put("cipher.s2c", "aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc");
日志是这样的
INFO: Connecting to ftp.servername port 22 INFO: Connection established INFO: Remote version string: SSH-2.0-Maverick_SSHD INFO: Local version string: SSH-2.0-JSCH-0.1.53 INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 INFO: aes256-ctr is not available. INFO: aes192-ctr is not available. INFO: aes256-cbc is not available. INFO: aes192-cbc is not available. INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 INFO: diffie-hellman-group14-sha1 is not available. INFO: ecdh-sha2-nistp256 is not available. INFO: ecdh-sha2-nistp384 is not available. INFO: ecdh-sha2-nistp521 is not available. INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 INFO: ecdsa-sha2-nistp256 is not available. INFO: ecdsa-sha2-nistp384 is not available. INFO: ecdsa-sha2-nistp521 is not available. INFO: SSH_MSG_KEXINIT sent INFO: SSH_MSG_KEXINIT received INFO: kex: server: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 INFO: kex: server: ssh-rsa INFO: kex: server: aes256-cbc,aes192-cbc INFO: kex: server: aes256-cbc,aes192-cbc INFO: kex: server: hmac-sha1,hmac-sha1-96 INFO: kex: server: hmac-sha1,hmac-sha1-96 INFO: kex: server: none INFO: kex: server: none INFO: kex: server: INFO: kex: server: INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256 INFO: kex: client: ssh-rsa,ssh-dss INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 INFO: kex: client: none INFO: kex: client: none INFO: kex: client: INFO: kex: client: INFO: Disconnecting from ftp.servername port 22 com.jcraft.jsch.JSchException: Algorithm negotiation fail
如您所见,服务器提供以下密码:
信息:kex:服务器:aes256-cbc,aes192-cbc
但是JSch只接受这些:
信息:kex:客户:aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
没有通用的密码可供选择。
请注意,JSch确实支持aes256-cbc和aes192-cbc,但需要JCE(Java Cryptography Extension)来允许它们。
您可能没有JCE,因此这些密码不可用。 这就是原因
信息:aes256-cbc不可用。
下载Java密码术扩展(JCE)无限强度管辖权政策文件8 (或其他版本,如果不使用JDK 1.8)。
另请参阅密码’aes256-cbc’的答案,但它不可用 。
我通过将以下行添加到/ etc / ssh / sshd_config并重新启动sshd服务来解决它。 感谢@wierzbiks在另一个post中的回答
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
我解决了它将库jsch-0.1.27.jar更新为jsch-0.1.54.jar。
最后在你的代码中你应该写这样的东西:
your Method { session.setConfig("StrictHostKeyChecking", "no"); // That solve the problem. }
如果您需要此Java版本,此代码适用于Java 1.5或更高版本。