1. 首頁
  2. 問答
  3. Android上的海綿寶寶而不是bouncycastle的Jsch

Android上的海綿寶寶而不是bouncycastle的Jsch

2011-10-26 24 views
5

我目前有一個Android應用程序通過ssh使用密碼連接到我的路由器。我正在尋求改進,所以我可以使用鍵,但我有真正的問題。從我所瞭解的android中包含的bouncycastle版本是一個殘缺版本,因爲這個ssh密鑰不能與jsch一起工作。我曾看過海綿城堡,聲稱是一個更全面的實施。下面的結果與使用bouncycastle,Auth Fail基本相同。Android上的海綿寶寶而不是bouncycastle的Jsch


10-26 18:18:23.528: INFO/System.out(10642): Log(jsch,1): Connecting to 192.168.88.1 port 22 
10-26 18:18:23.538: INFO/System.out(10642): Log(jsch,1): Connection established 
10-26 18:18:23.548: INFO/System.out(10642): Log(jsch,1): Remote version string: SSH-2.0-ROSSSH 
10-26 18:18:23.548: INFO/System.out(10642): Log(jsch,1): Local version string: SSH-2.0-JSCH-0.1.44 
10-26 18:18:23.548: INFO/System.out(10642): Log(jsch,1): CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 
10-26 18:18:23.618: INFO/System.out(10642): Log(jsch,1): SSH_MSG_KEXINIT sent 
10-26 18:18:23.618: INFO/System.out(10642): Log(jsch,1): SSH_MSG_KEXINIT received 
10-26 18:18:23.628: INFO/System.out(10642): Log(jsch,1): kex: server->client aes128-cbc hmac-md5 none 
10-26 18:18:23.628: INFO/System.out(10642): Log(jsch,1): kex: client->server aes128-cbc hmac-md5 none 
10-26 18:18:23.688: INFO/System.out(10642): Log(jsch,1): SSH_MSG_KEXDH_INIT sent 
10-26 18:18:23.688: INFO/System.out(10642): Log(jsch,1): expecting SSH_MSG_KEXDH_REPLY 
10-26 18:18:24.058: INFO/System.out(10642): Log(jsch,1): ssh_dss_verify: signature true 
10-26 18:18:24.058: INFO/System.out(10642): Log(jsch,2): Permanently added '192.168.88.1' (DSA) to the list of known hosts. 
10-26 18:18:24.058: INFO/System.out(10642): Log(jsch,1): SSH_MSG_NEWKEYS sent 
10-26 18:18:24.058: INFO/System.out(10642): Log(jsch,1): SSH_MSG_NEWKEYS received 
10-26 18:18:24.078: INFO/System.out(10642): Log(jsch,1): SSH_MSG_SERVICE_REQUEST sent 
10-26 18:18:24.088: INFO/System.out(10642): Log(jsch,1): SSH_MSG_SERVICE_ACCEPT received 
10-26 18:18:24.108: INFO/System.out(10642): Log(jsch,1): Authentications that can continue: publickey,keyboard-interactive,password 
10-26 18:18:24.108: INFO/System.out(10642): Log(jsch,1): Next authentication method: publickey 
10-26 18:18:24.108: INFO/System.out(10642): Log(jsch,1): Authentications that can continue: password 
10-26 18:18:24.118: INFO/System.out(10642): Log(jsch,1): Next authentication method: password 
10-26 18:18:24.128: INFO/System.out(10642): Log(jsch,1): Disconnecting from 192.168.88.1 port 22 
10-26 18:18:24.138: WARN/System.err(10642): com.jcraft.jsch.JSchException: Auth fail

從jsch沒有大量的日誌記錄信息來幫助我計算出什麼是錯誤的。

我想我用非常標準的代碼如下:



static { 
     Security.addProvider(new org.spongycastle.jce.provider.BouncyCastleProvider()); 
    }

在OnCreate中我刪除原始BouncyCastle的提供商



     Security.removeProvider("BC");

然後我添加的身份只是試圖連接前



     jsch.addIdentity(key_filename); 

    Properties sshProp = new Properties(); 
    sshProp.put("StrictHostKeyChecking", "no"); 
    session.setConfig(sshProp); 
    session.connect();

有沒有人做過這個成功?我忘記了什麼嗎?

編輯點的附加信息:

正如我所說的意見,我現在懷疑,關鍵是連被當我打開sshd的版本OpenSSH_5.3p1 Debian的3ubuntu7

鍵和測試試 

debug2: mac_setup: found hmac-md5 
debug1: kex: client->server aes128-ctr hmac-md5 none 
debug2: mac_setup: found hmac-md5 
debug1: kex: server->client aes128-ctr hmac-md5 none 
debug2: dh_gen_key: priv key bits set: 122/256 
debug2: bits set: 519/1024 
debug1: expecting SSH2_MSG_KEXDH_INIT 
debug2: bits set: 537/1024 
debug2: kex_derive_keys 
debug2: set_newkeys: mode 1 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug2: monitor_read: 5 used once, disabling now 
debug2: set_newkeys: mode 0 
debug1: SSH2_MSG_NEWKEYS received 
debug1: KEX done 
debug1: userauth-request for user root service ssh-connection method none 
debug1: attempt 0 failures 0 
debug2: parse_server_config: config reprocess config len 638 
debug2: input_userauth_request: setting up authctxt for root 
debug2: input_userauth_request: try method none 
debug2: monitor_read: 7 used once, disabling now 
debug1: PAM: initializing for "root" 
debug1: PAM: setting PAM_RHOST to "nexus" 
debug1: PAM: setting PAM_TTY to "ssh" 
debug2: monitor_read: 50 used once, disabling now 
debug2: monitor_read: 3 used once, disabling now 
Failed none for root from 192.168.88.31 port 37807 ssh2 
debug1: userauth-request for user root service ssh-connection method password 
debug1: attempt 1 failures 0 
debug2: input_userauth_request: try method password 
debug1: PAM: password authentication failed for root: Authentication failure 
Failed password for root from 192.168.88.31 port 37807 ssh2 
Received disconnect from 192.168.88.31: 3: com.jcraft.jsch.JSchException: Auth fail 
debug1: do_cleanup 
debug1: do_cleanup 
debug1: PAM: cleanup

我看不出有什麼企圖利用關鍵,而從PC



debug1: userauth-request for user root service ssh-connection method publickey 
debug1: attempt 1 failures 0 
debug2: input_userauth_request: try method publickey 
debug1: test whether pkalg/pkblob are acceptable 
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 
debug1: temporarily_use_uid: 0/0 (e=0/0) 
debug1: trying public key file /root/.ssh/authorized_keys 
debug1: restore_uid: 0/0 
debug1: temporarily_use_uid: 0/0 (e=0/0) 
debug1: trying public key file /root/.ssh/authorized_keys2 
debug1: fd 4 clearing O_NONBLOCK 
debug1: matching key found: file /root/.ssh/authorized_keys2, line 2

我可以看到正在使用的關鍵方法。下面是我用於測試的代碼,不漂亮但功能強大。我知道這是可怕的,但密碼確實包含密鑰的文件名和路徑時的authType == AUTHENTICATION_METHOD_KEY



public static String testSSHCommand (String username, String password, String hostname, int port, String command, int authtype) throws Exception {  

    JSch jsch = new JSch(); 

    JSch.setLogger(new Logger() { 
      public boolean isEnabled(int i) { 
       return true; 
      } 

      public void log(int i, String s) { 
       System.out.println("Log(jsch," + i + "): " + s); 
      } 
    }); 


    if (authtype != AUTHENTICATION_METHOD_PASSWORD) { 
     Log.v("AUTHMETHOD","authmethod was "+authtype+" with key filename of "+password); 
     jsch.addIdentity(password); 
    } 

    Session session = jsch.getSession(username, hostname, 22); 

    if (authtype != AUTHENTICATION_METHOD_KEY) { 
     session.setPassword(password); 
    } 


    Properties prop = new Properties(); 
    prop.put("StrictHostKeyChecking", "no"); 
    session.setConfig(prop); 

    session.connect(); 

    if (session.isConnected()) { 
     ChannelExec channelssh = (ChannelExec)   
     session.openChannel("exec");  
     ByteArrayOutputStream os = new ByteArrayOutputStream(); 
     channelssh.setOutputStream(os); 
     channelssh.setCommand(command); 
     channelssh.connect();   
     channelssh.disconnect(); 

     return os.toString(); 
    } else { 
     return ""; 
    } 
}

來源

2011-10-26 Fuzzy

+0

我懷疑你使用了一個錯誤的公鑰。具有相同密鑰文件(公共+私人)的登錄是否來自普通的PC Java程序? –

+0

我不會做基於PC的Java開發,但是按鍵都很好,我可以在我的電腦上使用它們將ssh放入服務器盒中進行測試。我實際上開始懷疑鑰匙甚至沒有被嘗試過。(請參閱編輯) – Fuzzy

+0

將此與一般的PC Java進行比較將有助於找出問題,即與您的加密提供程序或您的代碼有關。 –

回答

1

我被包成一個class with main method測試你的方法被使用,以及與此,它在正常工作Java 6 JRE(no BouncyCastle),JSch-0.1.45(具有更多日誌記錄輸出的修改版本)和「OpenSSH_5.8p1 Debian-1ubuntu3」sshd。

雖然我在代碼中加了一個session.disconnect()和一些睡覺。

我沒有Android在這裏看看這是否會有所作爲。

這裏是我的本地輸出:

authmethod was 2 with key filename of /home/paulo/.ssh/id_rsa 
Log(jsch,1): Connecting to localhost port 22 
Log(jsch,1): Connection established 
Log(jsch,1): Remote version string: SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu3 
Log(jsch,1): Local version string: SSH-2.0-JSCH-0.1.45 
Log(jsch,1): CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 
Log(jsch,1): aes256-ctr is not available. 
Log(jsch,1): aes192-ctr is not available. 
Log(jsch,1): aes256-cbc is not available. 
Log(jsch,1): aes192-cbc is not available. 
Log(jsch,1): arcfour256 is not available. 
Log(jsch,1): CheckKexes: diffie-hellman-group14-sha1 
Log(jsch,1): diffie-hellman-group14-sha1 is not available. 
Log(jsch,1): SSH_MSG_KEXINIT sent 
Log(jsch,1): SSH_MSG_KEXINIT received 
Log(jsch,1): kex: server->client aes128-ctr hmac-md5 none 
Log(jsch,1): kex: client->server aes128-ctr hmac-md5 none 
Log(jsch,1): SSH_MSG_KEXDH_INIT sent 
Log(jsch,1): expecting SSH_MSG_KEXDH_REPLY 
Log(jsch,1): ssh_rsa_verify: signature true 
Log(jsch,2): Permanently added 'localhost' (RSA) to the list of known hosts. 
Log(jsch,1): SSH_MSG_NEWKEYS sent 
Log(jsch,1): SSH_MSG_NEWKEYS received 
Log(jsch,1): SSH_MSG_SERVICE_REQUEST sent 
Log(jsch,1): SSH_MSG_SERVICE_ACCEPT received 
Log(jsch,1): Authentications that can continue: publickey,keyboard-interactive,password 
Log(jsch,1): Next authentication method: publickey 
Log(jsch,1): Authentication succeeded (publickey). 
Log(jsch,0): packet received, type: 91 
Log(jsch,1): SSH_MSG_CHANNEL_OPEN_CONFIRMATION received, channel: 0 
Log(jsch,0): packet received, type: 94 
Log(jsch,1): SSH_MSG_CHANNEL_DATA received, channel: 0, len: 13 
Log(jsch,0): packet received, type: 96 
Log(jsch,1): SSH_MSG_CHANNEL_EOF received, channel: 0 
Log(jsch,0): packet received, type: 98 
Log(jsch,1): SSH_MSG_CHANNEL_REQUEST received, channel: 0, type: [[email protected], want reply: false 
Log(jsch,0): packet received, type: 97 
Log(jsch,1): SSH_MSG_CHANNEL_CLOSE received, channel: 0 
Log(jsch,1): Disconnecting from localhost port 22 
Log(jsch,1): Caught an exception, leaving main loop due to Socket closed 
Output: »Hallo, Welt! 
«

(我叫帶參數paulo -key /home/paulo/.ssh/id_rsa localhost 22 hello程序,所以它在目標機器上執行默認的Hello World程序,並在德國,因爲這是我設定的語言。 )

來源

2011-10-29 20:56:01

+0

那麼我們說jsch不能用於android上的按鍵? – Fuzzy

+0

我在說我不知道​​原因。不過,您可以在電腦上試用我的測試程序進行比較。 (也許可以在鏈接的GitHub存儲庫中測試JSch的更多調試輸出版本,以查看是否可以獲得更多信息。) –

+0

今天我非常黯淡,無法從您提供的鏈接中找到更新的jar ,你能提供直接鏈接嗎? – Fuzzy

相關問題

 相關問題