使用 JSch 0.1.48 获取 AuthFail 异常,但在 0.1.49 和更新版本中没有使用密码身份验证
Getting AuthFail exception with JSch 0.1.48 but not in 0.1.49 and newer with password authentication
以前 JSch 0.1.48 运行良好,但最近它停止工作并抛出异常
com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:484)
at com.jcraft.jsch.Session.connect(Session.java:162)
at ftptrial.main.TestTop.main(TestTop.java:52)
当我将 JSch 的版本更改为 0.1.49 时,它工作正常。但是我无法弄清楚原因。
session = jsch.getSession(userName, hostName, portNumber);
session.setPassword(password);
session.connect();
JSch 0.1.48 日志:
INFO: Connecting to abc.defg.com port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-1.82_sshlib GlobalSCAPE
INFO: Local version string: SSH-2.0-JSCH-0.1.48
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1
INFO: diffie-hellman-group14-sha1 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: server: ssh-rsa
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
INFO: kex: server: zlib,none
INFO: kex: server: zlib,none
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
INFO: kex: client: ssh-rsa,ssh-dss
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: kex: server->client aes128-cbc hmac-md5 none
INFO: kex: client->server aes128-cbc hmac-md5 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: ssh_rsa_verify: signature true
WARN: Permanently added 'abc.defg.com' (RSA) to the list of known hosts.
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: SSH_MSG_SERVICE_ACCEPT received
INFO: Authentications that can continue: publickey,keyboard-interactive,password
INFO: Next authentication method: publickey
INFO: Authentications that can continue: keyboard-interactive,password
INFO: Next authentication method: keyboard-interactive
INFO: Authentications that can continue: password
INFO: Next authentication method: password
INFO: Disconnecting from abc.defg.com port 22
com.jcraft.jsch.JSchException: Auth fail
JSch 0.1.54 日志
INFO: Connecting to abc.defg.com port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-1.82_sshlib GlobalSCAPE
INFO: Local version string: SSH-2.0-JSCH-0.1.54
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO: diffie-hellman-group14-sha1 is not available.
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: server: ssh-rsa
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
INFO: kex: server: zlib,none
INFO: kex: server: zlib,none
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: kex: server->client aes128-cbc hmac-md5 none
INFO: kex: client->server aes128-cbc hmac-md5 none
INFO: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent
INFO: expecting SSH_MSG_KEX_DH_GEX_GROUP
INFO: SSH_MSG_KEX_DH_GEX_INIT sent
INFO: expecting SSH_MSG_KEX_DH_GEX_REPLY
INFO: ssh_rsa_verify: signature true
WARN: Permanently added 'abc.defg.com' (RSA) to the list of known hosts.
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: SSH_MSG_SERVICE_ACCEPT received
INFO: Authentications that can continue: publickey,keyboard-interactive,password
INFO: Next authentication method: publickey
INFO: Authentications that can continue: keyboard-interactive,password
INFO: Next authentication method: keyboard-interactive
INFO: Authentication succeeded (keyboard-interactive).
Connection success
JSch 0.1.48 和 JSch 0.1.49 都是 5 岁。不要使用它们!
使用最新版本的 JSch(目前为 0.1.55)。
如果没有更多信息,我无法最终解释差异,但由于 0.1.54 实际上成功地使用了键盘交互式身份验证(与 0.1.48 中不成功的密码身份验证相比),我将此归咎于 UserAuthKeyboardInteractive.start :
0.1.48:
prompt[0].toLowerCase().startsWith("password:")){
0.1.49:
prompt[0].toLowerCase().indexOf("password:") >= 0){
您的代码实际上是在尝试密码验证。但是 JSch 有一个启发式方法,如果它得到输入单个密码的键盘交互式身份验证提示,它将使用键盘交互式身份验证,而不是密码身份验证。
我猜你服务器的提示是这样的
user password:
因此 0.1.48 startsWith 检查不会捕获提示,而 0.1.49 和更新版本 indexOf 检查会捕获提示。
如果您不想依赖这种启发式方法,您应该更改您的代码以实际使用键盘交互式身份验证。
参见 http://www.jcraft.com/jsch/examples/UserAuthKI.java.html
以前 JSch 0.1.48 运行良好,但最近它停止工作并抛出异常
com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:484)
at com.jcraft.jsch.Session.connect(Session.java:162)
at ftptrial.main.TestTop.main(TestTop.java:52)
当我将 JSch 的版本更改为 0.1.49 时,它工作正常。但是我无法弄清楚原因。
session = jsch.getSession(userName, hostName, portNumber);
session.setPassword(password);
session.connect();
JSch 0.1.48 日志:
INFO: Connecting to abc.defg.com port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-1.82_sshlib GlobalSCAPE
INFO: Local version string: SSH-2.0-JSCH-0.1.48
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1
INFO: diffie-hellman-group14-sha1 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: server: ssh-rsa
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
INFO: kex: server: zlib,none
INFO: kex: server: zlib,none
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
INFO: kex: client: ssh-rsa,ssh-dss
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: kex: server->client aes128-cbc hmac-md5 none
INFO: kex: client->server aes128-cbc hmac-md5 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: ssh_rsa_verify: signature true
WARN: Permanently added 'abc.defg.com' (RSA) to the list of known hosts.
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: SSH_MSG_SERVICE_ACCEPT received
INFO: Authentications that can continue: publickey,keyboard-interactive,password
INFO: Next authentication method: publickey
INFO: Authentications that can continue: keyboard-interactive,password
INFO: Next authentication method: keyboard-interactive
INFO: Authentications that can continue: password
INFO: Next authentication method: password
INFO: Disconnecting from abc.defg.com port 22
com.jcraft.jsch.JSchException: Auth fail
JSch 0.1.54 日志
INFO: Connecting to abc.defg.com port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-1.82_sshlib GlobalSCAPE
INFO: Local version string: SSH-2.0-JSCH-0.1.54
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO: diffie-hellman-group14-sha1 is not available.
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: server: ssh-rsa
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
INFO: kex: server: zlib,none
INFO: kex: server: zlib,none
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: kex: server->client aes128-cbc hmac-md5 none
INFO: kex: client->server aes128-cbc hmac-md5 none
INFO: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent
INFO: expecting SSH_MSG_KEX_DH_GEX_GROUP
INFO: SSH_MSG_KEX_DH_GEX_INIT sent
INFO: expecting SSH_MSG_KEX_DH_GEX_REPLY
INFO: ssh_rsa_verify: signature true
WARN: Permanently added 'abc.defg.com' (RSA) to the list of known hosts.
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: SSH_MSG_SERVICE_ACCEPT received
INFO: Authentications that can continue: publickey,keyboard-interactive,password
INFO: Next authentication method: publickey
INFO: Authentications that can continue: keyboard-interactive,password
INFO: Next authentication method: keyboard-interactive
INFO: Authentication succeeded (keyboard-interactive).
Connection success
JSch 0.1.48 和 JSch 0.1.49 都是 5 岁。不要使用它们!
使用最新版本的 JSch(目前为 0.1.55)。
如果没有更多信息,我无法最终解释差异,但由于 0.1.54 实际上成功地使用了键盘交互式身份验证(与 0.1.48 中不成功的密码身份验证相比),我将此归咎于 UserAuthKeyboardInteractive.start :
0.1.48:
prompt[0].toLowerCase().startsWith("password:")){0.1.49:
prompt[0].toLowerCase().indexOf("password:") >= 0){
您的代码实际上是在尝试密码验证。但是 JSch 有一个启发式方法,如果它得到输入单个密码的键盘交互式身份验证提示,它将使用键盘交互式身份验证,而不是密码身份验证。
我猜你服务器的提示是这样的
user password:
因此 0.1.48 startsWith 检查不会捕获提示,而 0.1.49 和更新版本 indexOf 检查会捕获提示。
如果您不想依赖这种启发式方法,您应该更改您的代码以实际使用键盘交互式身份验证。
参见 http://www.jcraft.com/jsch/examples/UserAuthKI.java.html