1
我试图建立一个使用Java安全通道(JSCh)的SFTP连接。 我的软件堆栈是红帽企业服务器5.0,JRE 6.0和JSch v0.1.44。 主要服务器软件堆栈(我试图连接的)是Windows Server 2008和最新版本的GlobalScape。 当试图连接到它,我得到一个使用JSch和GlobalScape的SFTP
com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:529)
at com.jcraft.jsch.Session.connect(Session.java:291)
启用JSch记录我得到这个相同的连接如下:
0000001d SystemErr R INFO: Connecting to xxx.xxx.xxx.157 port 22
0000001d SystemErr R INFO: Connection established
0000001d SystemErr R INFO: Remote version string: SSH-2.0-1.36_sshlib GlobalSCAPE
0000001d SystemErr R INFO: Local version string: SSH-2.0-JSCH-0.1.44
0000001d SystemErr R INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256- cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
0000001d SystemErr R INFO: aes256-ctr is not available.
0000001d SystemErr R INFO: aes192-ctr is not available.
0000001d SystemErr R INFO: aes256-cbc is not available.
0000001d SystemErr R INFO: aes192-cbc is not available.
0000001d SystemErr R INFO: arcfour256 is not available.
0000001d SystemErr R INFO: SSH_MSG_KEXINIT sent
0000001d SystemErr R INFO: SSH_MSG_KEXINIT received
0000001d SystemErr R INFO: Disconnecting from xxx.xxx.xxx.157 port 22
所以和我实际上可以发送和接收消息,但是当客户端尝试匹配服务器消息提议和客户端消息提议时,它会引发异常。
现在有了成功连接到服务器与以前GlobalScape软件的JSch日志比较它的Windows Server 2003:
0000001e SystemErr R INFO: Connecting to xxx.xxx.xxx.156 port 22
0000001e SystemErr R INFO: Connection established
0000001e SystemErr R INFO: Remote version string: SSH-2.0-1.36 sshlib: GlobalScape
0000001e SystemErr R INFO: Local version string: SSH-2.0-JSCH-0.1.44
0000001e SystemErr R INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
0000001e SystemErr R INFO: aes256-ctr is not available.
0000001e SystemErr R INFO: aes192-ctr is not available.
0000001e SystemErr R INFO: aes256-cbc is not available.
0000001e SystemErr R INFO: aes192-cbc is not available.
0000001e SystemErr R INFO: arcfour256 is not available.
0000001e SystemErr R INFO: SSH_MSG_KEXINIT sent
0000001e SystemErr R INFO: SSH_MSG_KEXINIT received
0000001e SystemErr R INFO: kex: server->client aes128-cbc hmac-md5 none
0000001e SystemErr R INFO: kex: client->server aes128-cbc hmac-md5 none
0000001e SystemErr R INFO: SSH_MSG_KEXDH_INIT sent
0000001e SystemErr R INFO: expecting SSH_MSG_KEXDH_REPLY
0000001e SystemErr R INFO: ssh_dss_verify: signature true
0000001e SystemErr R WARN: Permanently added 'xxx.xxx.xxx.156' (DSA) to the list of known hosts.
0000001e SystemErr R INFO: SSH_MSG_NEWKEYS sent
0000001e SystemErr R INFO: SSH_MSG_NEWKEYS received
0000001e SystemErr R INFO: SSH_MSG_SERVICE_REQUEST sent
0000001e SystemErr R INFO: SSH_MSG_SERVICE_ACCEPT received
0000001e SystemErr R INFO: Authentications that can continue: publickey,keyboard-inteactive,password
0000001e SystemErr R INFO: Next authentication method: publickey
0000001e SystemErr R INFO: Authentications that can continue: password
0000001e SystemErr R INFO: Next authentication method: password
0000001e SystemErr R INFO: Authentication succeeded (password).
所以再次它能够连接并能够交换SSH_MSG_KEXINIT,但在这里客户端和服务器提议匹配且不会引发异常
sftp安全性使用公钥/私钥和用户名/密码。
我可以使用WinSCP,Filezilla和linux命令行(从运行java应用程序的相同服务器)连接到它。
我与SFTP服务器的一位系统管理员交谈过,我们尝试使用用户名/密码,并得到相同的异常和日志。
系统管理员告诉我,两台服务器之间的区别是GlobalScape版本,现在是Microsoft 2008 Server。
因此,任何人都有如何解决这个问题的想法?
非常感谢提前!
我看到它的正确设置的主要区别是您的GlobalScape版本吗?看看配置,最新版本是否允许带hmac-md5的aes128-cbc? – 2011-04-06 12:23:02
如果你可以在调试器中运行你的程序,你可以尝试在'Session.send_keyinit()'的中间放一个断点来查看'ciphersc2s'和'cipherss2c'的值。或者在那里放一个'.log(...)'。 – 2011-04-06 12:33:06
是的,迄今在JSch日志上的主要区别是GlobalScape版本。我已经与该服务器的系统管理员交谈过,他正在检查它。感谢这篇文章。 – 2011-04-06 13:53:41