1
我試圖建立一個使用Java安全通道(JSCh)的SFTP連接。 我的軟件堆棧是紅帽企業服務器5.0,JRE 6.0和JSch v0.1.44。 主要服務器軟件堆棧(我試圖連接的)是Windows Server 2008和最新版本的GlobalScape。 當試圖連接到它,我得到一個使用JSch和GlobalScape的SFTP
com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:529)
at com.jcraft.jsch.Session.connect(Session.java:291)
啓用JSch記錄我得到這個相同的連接如下:
0000001d SystemErr R INFO: Connecting to xxx.xxx.xxx.157 port 22
0000001d SystemErr R INFO: Connection established
0000001d SystemErr R INFO: Remote version string: SSH-2.0-1.36_sshlib GlobalSCAPE
0000001d SystemErr R INFO: Local version string: SSH-2.0-JSCH-0.1.44
0000001d SystemErr R INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256- cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
0000001d SystemErr R INFO: aes256-ctr is not available.
0000001d SystemErr R INFO: aes192-ctr is not available.
0000001d SystemErr R INFO: aes256-cbc is not available.
0000001d SystemErr R INFO: aes192-cbc is not available.
0000001d SystemErr R INFO: arcfour256 is not available.
0000001d SystemErr R INFO: SSH_MSG_KEXINIT sent
0000001d SystemErr R INFO: SSH_MSG_KEXINIT received
0000001d SystemErr R INFO: Disconnecting from xxx.xxx.xxx.157 port 22
所以和我實際上可以發送和接收消息,但是當客戶端嘗試匹配服務器消息提議和客戶端消息提議時,它會引發異常。
現在有了成功連接到服務器與以前GlobalScape軟件的JSch日誌比較它的Windows Server 2003:
0000001e SystemErr R INFO: Connecting to xxx.xxx.xxx.156 port 22
0000001e SystemErr R INFO: Connection established
0000001e SystemErr R INFO: Remote version string: SSH-2.0-1.36 sshlib: GlobalScape
0000001e SystemErr R INFO: Local version string: SSH-2.0-JSCH-0.1.44
0000001e SystemErr R INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
0000001e SystemErr R INFO: aes256-ctr is not available.
0000001e SystemErr R INFO: aes192-ctr is not available.
0000001e SystemErr R INFO: aes256-cbc is not available.
0000001e SystemErr R INFO: aes192-cbc is not available.
0000001e SystemErr R INFO: arcfour256 is not available.
0000001e SystemErr R INFO: SSH_MSG_KEXINIT sent
0000001e SystemErr R INFO: SSH_MSG_KEXINIT received
0000001e SystemErr R INFO: kex: server->client aes128-cbc hmac-md5 none
0000001e SystemErr R INFO: kex: client->server aes128-cbc hmac-md5 none
0000001e SystemErr R INFO: SSH_MSG_KEXDH_INIT sent
0000001e SystemErr R INFO: expecting SSH_MSG_KEXDH_REPLY
0000001e SystemErr R INFO: ssh_dss_verify: signature true
0000001e SystemErr R WARN: Permanently added 'xxx.xxx.xxx.156' (DSA) to the list of known hosts.
0000001e SystemErr R INFO: SSH_MSG_NEWKEYS sent
0000001e SystemErr R INFO: SSH_MSG_NEWKEYS received
0000001e SystemErr R INFO: SSH_MSG_SERVICE_REQUEST sent
0000001e SystemErr R INFO: SSH_MSG_SERVICE_ACCEPT received
0000001e SystemErr R INFO: Authentications that can continue: publickey,keyboard-inteactive,password
0000001e SystemErr R INFO: Next authentication method: publickey
0000001e SystemErr R INFO: Authentications that can continue: password
0000001e SystemErr R INFO: Next authentication method: password
0000001e SystemErr R INFO: Authentication succeeded (password).
所以再次它能夠連接並能夠交換SSH_MSG_KEXINIT,但在這裏客戶端和服務器提議匹配且不會引發異常
sftp安全性使用公鑰/私鑰和用戶名/密碼。
我可以使用WinSCP,Filezilla和linux命令行(從運行java應用程序的相同服務器)連接到它。
我與SFTP服務器的一位系統管理員交談過,我們嘗試使用用戶名/密碼,並得到相同的異常和日誌。
系統管理員告訴我,兩臺服務器之間的區別是GlobalScape版本,現在是Microsoft 2008 Server。
因此,任何人都有如何解決這個問題的想法?
非常感謝提前!
我看到它的正確設置的主要區別是您的GlobalScape版本嗎?看看配置,最新版本是否允許帶hmac-md5的aes128-cbc? – 2011-04-06 12:23:02
如果你可以在調試器中運行你的程序,你可以嘗試在'Session.send_keyinit()'的中間放一個斷點來查看'ciphersc2s'和'cipherss2c'的值。或者在那裏放一個'.log(...)'。 – 2011-04-06 12:33:06
是的,迄今在JSch日誌上的主要區別是GlobalScape版本。我已經與該服務器的系統管理員交談過,他正在檢查它。感謝這篇文章。 – 2011-04-06 13:53:41