如何在Java 5中使用jsch与身份验证私钥建立SSH连接

如何解决如何在Java 5中使用jsch与身份验证私钥建立SSH连接

我正在尝试使用jsch版本0.1.53和jdk 1.6与FTP服务器建立连接。当使用私钥传递参数进行身份验证时，我从java中获得以下异常：com.jcraft.jsch.JSchException：Session.connect：java.io.IOException：IO流读取结束

私钥声明：

String privateKey = "C:/Users/rodrigo.meneses/.ssh/id_rsa";

public String connectionSFTP() throws FileNotFoundException {
        try {
            jsch.addIdentity(privateKey);       
            session = jsch.getSession(getUsername(),getHost(),getPort());
            session.setConfig("PreferredAuthentications","publickey,keyboard-interactive,password");
            Properties config = new Properties(); 
            config.put("StrictHostKeyChecking","no"); 
            session.setConfig(config);
            session.connect();          
        } catch (JSchException e) {
            LOGGER.warn(String.format("Erro JSchException '%s' ",e.toString()));
            return e.toString();
        }
        return "";

使用其他版本的Java时，连接有效。

关注日志：

1-终端连接日志（DOS-Windows）-成功

C:\Users\rodrigo.meneses>sftp -v hbsis-ambev@sftp.menu.com.br
OpenSSH_for_Windows_7.7p1,LibreSSL 2.6.5
debug1: Connecting to sftp.menu.com.br [44.235.183.150] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\rodrigo.meneses/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\rodrigo.meneses/.ssh/id_rsa-cert type -1
debug1: identity file C:\\Users\\rodrigo.meneses/.ssh/id_dsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\rodrigo.meneses/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\rodrigo.meneses/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\rodrigo.meneses/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\rodrigo.meneses/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\rodrigo.meneses/.ssh/id_ed25519-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\rodrigo.meneses/.ssh/id_xmss type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\rodrigo.meneses/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0,remote software version AWS_SFTP_1.0
debug1: no match: AWS_SFTP_1.0
debug1: Authenticating to sftp.menu.com.br:22 as 'hbsis-ambev'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:PD/8qoiRBuVKwUf/Mq/xzGXGLnACUMO5YyyGH1gFosg
debug1: Host 'sftp.menu.com.br' is kNown and matches the RSA host key.
debug1: Found key in C:\\Users\\rodrigo.meneses/.ssh/kNown_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Skipping ssh-dss key C:\\Users\\rodrigo.meneses/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:je+BlOhj1uWSBmdlEzqk69lDE/uejcyYyzlXrcWfR40 C:\\Users\\rodrigo.meneses/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 151
debug1: Authentication succeeded (publickey).
Authenticated to sftp.menu.com.br ([44.235.183.150]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: SFTP: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: SFTP: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Sending subsystem: sftp
Connected to hbsis-ambev@sftp.menu.com.br.
sftp>

2-使用jdk 1.6的连接日志-错误

Private Key Added.
session created.
INFO: Connecting to sftp.menu.com.br port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-AWS_SFTP_1.0
INFO: Local version string: SSH-2.0-JSCH-0.1.53
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: aes256-ctr is not available.
INFO: aes192-ctr is not available.
INFO: aes256-cbc is not available.
INFO: aes192-cbc is not available.
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO: diffie-hellman-group14-sha1 is not available.
INFO: ecdh-sha2-nistp256 is not available.
INFO: ecdh-sha2-nistp384 is not available.
INFO: ecdh-sha2-nistp521 is not available.
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp521
INFO: ecdsa-sha2-nistp256 is not available.
INFO: ecdsa-sha2-nistp384 is not ava    ilable.
INFO: ecdsa-sha2-nistp521 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: ecdh-sha2-nistp256,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
INFO: kex: server: ssh-rsa,rsa-sha2-256
INFO: kex: server: chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
INFO: kex: server: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com
INFO: kex: server: umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512
INFO: kex: server: umac-128-etm@openssh.com,hmac-sha2-512
INFO: kex: server: none,zlib@openssh.com
INFO: kex: server: none,zlib@openssh.com
INFO: kex: server: 
INFO: kex: server: 
INFO: kex: client: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: client: ssh-rsa,ssh-dss
INFO: kex: client: aes128-ctr,3des-cbc,blowfish-cbc
INFO: kex: client: aes128-ctr,blowfish-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client: 
INFO: kex: client: 
INFO: kex: server->client aes128-ctr hmac-sha2-256 none
INFO: kex: client->server aes128-ctr hmac-sha2-256 none
INFO: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent
INFO: expecting SSH_MSG_KEX_DH_GEX_GROUP
INFO: disconnecting from sftp.menu.com.br port 22
com.jcraft.jsch.JSchException: Session.connect: java.io.IOException: End of IO Stream Read

3-使用jdk 1.7的连接日志-成功

Private Key Added.
session created.
INFO: Connecting to sftp.menu.com.br port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-AWS_SFTP_1.0
INFO: Local version string: SSH-2.0-JSCH-0.1.53
INFO: CheckCiphers: aes256-ctr,ecdh-sha2-nistp521
INFO: diffie-hellman-group14-sha1 is not available.
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp521
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: ecdh-sha2-nistp256,zlib@openssh.com
INFO: kex: server: 
INFO: kex: server: 
INFO: kex: client: ecdh-sha2-nistp256,ecdsa-sha2-nistp521
INFO: kex: client: aes128-ctr,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client: 
INFO: kex: client: 
INFO: kex: server->client aes128-ctr hmac-sha2-256 none
INFO: kex: client->server aes128-ctr hmac-sha2-256 none
INFO: SSH_MSG_KEX_ECDH_INIT sent
INFO: expecting SSH_MSG_KEX_ECDH_REPLY
INFO: ssh_rsa_verify: signature true
WARN: Permanently added 'sftp.menu.com.br' (RSA) to the list of kNown hosts.
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: SSH_MSG_SERVICE_ACCEPT received
INFO: Authentications that can continue: publickey,password
INFO: Next authentication method: publickey
INFO: Authentication succeeded (publickey).
SFTP connected....
INFO: disconnecting from sftp.menu.com.br port 22
SFTP disconnect...
INFO: Caught an exception,leaving main loop due to Socket closed;

我做了一些研究，并尝试通过设置会话的config属性

session.setConfig("kex","diffie-hellman-group1-sha1");

但是随后我得到了另一个错误，因为显然AWS仅接受默认的kex diffie-hellman-group-exchange-sha256

Private Key Added.
session created.
INFO: Connecting to sftp.menu.com.br port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-AWS_SFTP_1.0
INFO: Local version string: SSH-2.0-JSCH-0.1.53
INFO: CheckCiphers: aes256-ctr,ecdsa-sha2-nistp521
INFO: ecdsa-sha2-nistp256 is not available.
INFO: ecdsa-sha2-nistp384 is not available.
INFO: ecdsa-sha2-nistp521 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: ecdh-sha2-nistp256,zlib@openssh.com
INFO: kex: server: 
INFO: kex: server: 
INFO: kex: client: diffie-hellman-group1-sha1
INFO: kex: client: ssh-rsa,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client: 
INFO: kex: client: 
INFO: disconnecting from sftp.menu.com.br port 22
com.jcraft.jsch.JSchException: Algorithm negotiation fail

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。