Java JSch 算法协商失败
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30846076/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
JSch Algorithm negotiation fail
提问by deeptrancex
I try to connect SFTP server by Java.
我尝试通过 Java 连接 SFTP 服务器。
I got an error.
我有一个错误。
com.jcraft.jsch.JSchException: Algorithm negotiation fail
com.jcraft.jsch.JSchException:算法协商失败
Here is the POM:
这是POM:
<dependency>
<groupId>com.jcraft</groupId>
<artifactId>jsch</artifactId>
<version>0.1.53</version>
</dependency>
Here is the log:
这是日志:
INFO: Connecting to **"FTP ADRESS"** port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-Maverick_SSHD
INFO: Local version string: SSH-2.0-JSCH-0.1.53
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: aes256-ctr is not available.
INFO: aes192-ctr is not available.
INFO: aes256-cbc is not available.
INFO: aes192-cbc is not available.
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO: diffie-hellman-group14-sha1 is not available.
INFO: ecdh-sha2-nistp256 is not available.
INFO: ecdh-sha2-nistp384 is not available.
INFO: ecdh-sha2-nistp521 is not available.
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: ecdsa-sha2-nistp256 is not available.
INFO: ecdsa-sha2-nistp384 is not available.
INFO: ecdsa-sha2-nistp521 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
INFO: kex: server: ssh-rsa
INFO: kex: server: aes256-cbc,aes192-cbc
INFO: kex: server: aes256-cbc,aes192-cbc
INFO: kex: server: hmac-sha1,hmac-sha1-96
INFO: kex: server: hmac-sha1,hmac-sha1-96
INFO: kex: server: none
INFO: kex: server: none
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: client: ssh-rsa,ssh-dss
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: Disconnecting from "FTP ADRESS" port 22
I got this error what i tried to fix. I cannot access the SFTP server to download or update any file or etc...
我遇到了我试图修复的错误。我无法访问 SFTP 服务器以下载或更新任何文件等...
I can connect the server by FileZilla, but I cannot make it by Java.
我可以通过 FileZilla 连接服务器,但我无法通过 Java 连接。
Connection Code:
连接代码:
JSch jsch = new JSch();
Properties config = new Properties();
config.put("cipher.s2c",
"aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc");
config.put("cipher.c2s",
"aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc");
config.put("kex", "diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256");
Session jschSession = jsch.getSession("username","server",22);
jschSession.setConfig("StrictHostKeyChecking", "no");
jschSession.setPassword("password");
jschSession.setConfig(config);
jschSession.connect();
When I added
当我添加
config.put("cipher.s2c",
"aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc");
the logs are like this
日志是这样的
INFO: Connecting to ftp.servername port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-Maverick_SSHD
INFO: Local version string: SSH-2.0-JSCH-0.1.53
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: aes256-ctr is not available.
INFO: aes192-ctr is not available.
INFO: aes256-cbc is not available.
INFO: aes192-cbc is not available.
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO: diffie-hellman-group14-sha1 is not available.
INFO: ecdh-sha2-nistp256 is not available.
INFO: ecdh-sha2-nistp384 is not available.
INFO: ecdh-sha2-nistp521 is not available.
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: ecdsa-sha2-nistp256 is not available.
INFO: ecdsa-sha2-nistp384 is not available.
INFO: ecdsa-sha2-nistp521 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
INFO: kex: server: ssh-rsa
INFO: kex: server: aes256-cbc,aes192-cbc
INFO: kex: server: aes256-cbc,aes192-cbc
INFO: kex: server: hmac-sha1,hmac-sha1-96
INFO: kex: server: hmac-sha1,hmac-sha1-96
INFO: kex: server: none
INFO: kex: server: none
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256
INFO: kex: client: ssh-rsa,ssh-dss
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: Disconnecting from ftp.servername port 22
com.jcraft.jsch.JSchException: Algorithm negotiation fail
采纳答案by Martin Prikryl
As you can see, the server offers these ciphers:
如您所见,服务器提供以下密码:
INFO: kex: server: aes256-cbc,aes192-cbc
信息:kex:服务器:aes256-cbc,aes192-cbc
But JSch accepts only these:
但是 JSch 只接受这些:
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
信息:kex:客户端:aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
There's no common cipher to choose from.
没有通用的密码可供选择。
Note that JSch does support both aes256-cbc and aes192-cbc, but requires JCE (Java Cryptography Extension) to allow them.
请注意,JSch 确实支持 aes256-cbc 和 aes192-cbc,但需要 JCE(Java 加密扩展)来允许它们。
You probably do not have JCE, so these ciphers are not available. That's why there's
您可能没有 JCE,因此这些密码不可用。这就是为什么有
INFO: aes256-cbc is not available.
信息:aes256-cbc 不可用。
Download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8(or other version if other JDK – 1.7, 1.6, IBM JDK 1.6).
下载Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8(或其他版本,如果其他 JDK – 1.7, 1.6, IBM JDK 1.6)。
See also an answer to The cipher 'aes256-cbc' is required, but it is not available.
另请参阅The cipher 'aes256-cbc' is required, but it is not available的答案。
回答by Rockie Yang
I solve it by adding the following line to /etc/ssh/sshd_config and restart the sshd service. Thanks for answer by @wierzbiks at another thread
我通过将以下行添加到 /etc/ssh/sshd_config 并重新启动 sshd 服务来解决它。感谢@wierzbiks 在另一个线程中的回答
KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
回答by Juan Esteban Katz Delgado
I solve it updating the library jsch-0.1.27.jar to jsch-0.1.54.jar.
我解决了将库 jsch-0.1.27.jar 更新为 jsch-0.1.54.jar 的问题。
Finally in your code you should write something like this:
最后,在您的代码中,您应该编写如下内容:
your Method {
session.setConfig("StrictHostKeyChecking", "no");
// That solve the problem.
}
This code works in Java 1.5 or above if you need this java version.
如果您需要此 Java 版本,此代码适用于 Java 1.5 或更高版本。
