Jsch 不适用于某些 sftp 服务器
Jsch not working with certain sftp servers
这道题几乎是this的翻版。但由于它没有得到解决,我想问问是否有其他人想出了 JSCH java 库的解决方案 ??
问题又是我可以使用 JSCH 库连接到大多数 SSH 服务器,但似乎有一个我遇到的服务器无法使用 JSCH 连接。在建立连接时它抛出一个异常说明:
INFO: Connecting to xxxx.xxxxx.com port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-2.0
INFO: Local version string: SSH-2.0-JSCH-0.1.53
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
INFO: kex: server: ssh-dss
INFO: kex: server: aes128-cbc,rijndael128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,rijndael192-cbc,aes256-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,cast128-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
INFO: kex: server: aes128-cbc,rijndael128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,rijndael192-cbc,aes256-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,cast128-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
INFO: kex: server: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96
INFO: kex: server: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96
INFO: kex: server: zlib,none
INFO: kex: server: zlib,none
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: kex: server->client aes128-ctr hmac-md5 none
INFO: kex: client->server aes128-ctr hmac-md5 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: Disconnecting from xxxxx.xxxxx.com port 22
com.jcraft.jsch.JSchException: Session.connect: java.security.InvalidKeyException: Key is too long for this algorithm
at com.jcraft.jsch.Session.connect(Session.java:558)
at com.jcraft.jsch.Session.connect(Session.java:183)
at com.test.filetransfer.SftpDownload.main(SftpDownload.java:29)
Exception occurred : Session.connect: java.security.InvalidKeyException: Key is too long for this algorithm
我已经安装了无限加密策略但是
这似乎是支持 DH 和 DSA 生成到 1024 位的默认 Java JCE 提供程序的问题。这个堆栈支持我的主张:
com.jcraft.jsch.JSchException: Session.connect failed
at com.jcraft.jsch.Session.connect(Session.java:560)
at com.jcraft.jsch.Session.connect(Session.java:184)
at com.test.filetransfer.SftpDownload.main(SftpDownload.java:28)
Caused by: java.security.InvalidKeyException: Key is too long for this algorithm
at sun.security.provider.DSA$LegacyDSA.checkKey(DSA.java:487)
at sun.security.provider.DSA.engineInitVerify(DSA.java:152)
at java.security.Signature$Delegate.init(Signature.java:1124)
at java.security.Signature$Delegate.chooseProvider(Signature.java:1087)
at java.security.Signature$Delegate.engineInitVerify(Signature.java:1142)
at java.security.Signature.initVerify(Signature.java:452)
at com.jcraft.jsch.jce.SignatureDSA.setPubKey(SignatureDSA.java:52)
at com.jcraft.jsch.KeyExchange.verify(KeyExchange.java:269)
at com.jcraft.jsch.DHG1.next(DHG1.java:187)
at com.jcraft.jsch.Session.connect(Session.java:327)
我真的不想放弃 JSCH 库,因为它具有丰富的功能、流行度和文档,而且服务器不在我们的管辖范围内。
那么有没有人想出使用 JSCH 库的解决方法???
如果您使用的是 Java 8,那么这可能是由 bug in Java JCE that has recently been fixed. Upgrading to Java SE 8u45(或更高版本)解决问题引起的。
我验证了 1.8.0_45,jsch-0.1.53 实际上能够与使用 1536 位 DSA 密钥的服务器成功协商 SSH 会话。
这道题几乎是this的翻版。但由于它没有得到解决,我想问问是否有其他人想出了 JSCH java 库的解决方案 ??
问题又是我可以使用 JSCH 库连接到大多数 SSH 服务器,但似乎有一个我遇到的服务器无法使用 JSCH 连接。在建立连接时它抛出一个异常说明:
INFO: Connecting to xxxx.xxxxx.com port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-2.0
INFO: Local version string: SSH-2.0-JSCH-0.1.53
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
INFO: kex: server: ssh-dss
INFO: kex: server: aes128-cbc,rijndael128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,rijndael192-cbc,aes256-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,cast128-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
INFO: kex: server: aes128-cbc,rijndael128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,rijndael192-cbc,aes256-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,cast128-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
INFO: kex: server: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96
INFO: kex: server: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96
INFO: kex: server: zlib,none
INFO: kex: server: zlib,none
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: kex: server->client aes128-ctr hmac-md5 none
INFO: kex: client->server aes128-ctr hmac-md5 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: Disconnecting from xxxxx.xxxxx.com port 22
com.jcraft.jsch.JSchException: Session.connect: java.security.InvalidKeyException: Key is too long for this algorithm
at com.jcraft.jsch.Session.connect(Session.java:558)
at com.jcraft.jsch.Session.connect(Session.java:183)
at com.test.filetransfer.SftpDownload.main(SftpDownload.java:29)
Exception occurred : Session.connect: java.security.InvalidKeyException: Key is too long for this algorithm
我已经安装了无限加密策略但是
这似乎是支持 DH 和 DSA 生成到 1024 位的默认 Java JCE 提供程序的问题。这个堆栈支持我的主张:
com.jcraft.jsch.JSchException: Session.connect failed
at com.jcraft.jsch.Session.connect(Session.java:560)
at com.jcraft.jsch.Session.connect(Session.java:184)
at com.test.filetransfer.SftpDownload.main(SftpDownload.java:28)
Caused by: java.security.InvalidKeyException: Key is too long for this algorithm
at sun.security.provider.DSA$LegacyDSA.checkKey(DSA.java:487)
at sun.security.provider.DSA.engineInitVerify(DSA.java:152)
at java.security.Signature$Delegate.init(Signature.java:1124)
at java.security.Signature$Delegate.chooseProvider(Signature.java:1087)
at java.security.Signature$Delegate.engineInitVerify(Signature.java:1142)
at java.security.Signature.initVerify(Signature.java:452)
at com.jcraft.jsch.jce.SignatureDSA.setPubKey(SignatureDSA.java:52)
at com.jcraft.jsch.KeyExchange.verify(KeyExchange.java:269)
at com.jcraft.jsch.DHG1.next(DHG1.java:187)
at com.jcraft.jsch.Session.connect(Session.java:327)
我真的不想放弃 JSCH 库,因为它具有丰富的功能、流行度和文档,而且服务器不在我们的管辖范围内。
那么有没有人想出使用 JSCH 库的解决方法???
如果您使用的是 Java 8,那么这可能是由 bug in Java JCE that has recently been fixed. Upgrading to Java SE 8u45(或更高版本)解决问题引起的。
我验证了 1.8.0_45,jsch-0.1.53 实际上能够与使用 1536 位 DSA 密钥的服务器成功协商 SSH 会话。