使用 Java 1.4.2 在 jsch-0.1.42 中“验证失败”
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11410708/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
"Auth fail" in jsch-0.1.42 with Java 1.4.2
提问by Tomalak
I have this simple Java program that uses Jschto connect to an SFTP server.
我有这个简单的 Java 程序,它使用Jsch连接到 SFTP 服务器。
The connection fails with an "Auth fail" exception on Java 1.4.2, but it connects flawlessly on Java 1.7.
连接失败并在 Java 1.4.2 上出现“身份验证失败”异常,但它在 Java 1.7 上完美连接。
try {
JSch jsch = new JSch();
jsch.setKnownHosts(KNOWN_HOSTS_PATH);
jsch.addIdentity(PRIVATE_KEY_PATH, PASSPHRASE);
Session session = jsch.getSession(USERNAME, HOSTNAME, 22);
session.connect(2500);
Channel channel = session.openChannel("shell");
channel.setInputStream(System. in );
channel.setOutputStream(System.out);
channel.connect();
} catch (Exception e) {
e.printStackTrace(System.err);
}
The key I'm using is an ssh-rsa 4096bit key. The .pubkey file exists in the same directory as the private key.
我使用的钥匙是一个ssh-rsa 4096位钥匙。该.pub密钥文件存在于同一目录中的私钥。
When connecting a logger, I see the following messages before the exception (which occurs on channel.connect();):
连接记录器时,我在异常(发生在 上channel.connect();)之前看到以下消息:
INFO: Connecting to <redacted> port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-OpenSSH_5.1p1 Debian-5
INFO: Local version string: SSH-2.0-JSCH-0.1.42
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: arcfour is not available.
INFO: arcfour128 is not available.
INFO: arcfour256 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server->client aes128-ctr hmac-md5 none
INFO: kex: client->server aes128-ctr hmac-md5 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: ssh_rsa_verify: signature true
INFO: Host '<redacted>' is known and mathces the RSA host key
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: SSH_MSG_SERVICE_ACCEPT received
INFO: Authentications that can continue: publickey,keyboard-interactive,password
INFO: Next authentication method: publickey
INFO: Authentications that can continue: password
INFO: Next authentication method: password
INFO: Disconnecting from <redacted> port 22
com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:452)
at TestJsch.main(TestJsch.java:19)
When I run the same program with Java 1.7, it says
当我用 Java 1.7 运行相同的程序时,它说
INFO: Connecting to <redacted> port 22 INFO: Connection established INFO: Remote version string: SSH-2.0-OpenSSH_5.1p1 Debian-5 INFO: Local version string: SSH-2.0-JSCH-0.1.42 INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 INFO: SSH_MSG_KEXINIT sent INFO: SSH_MSG_KEXINIT received INFO: kex: server->client aes128-ctr hmac-md5 none INFO: kex: client->server aes128-ctr hmac-md5 none INFO: SSH_MSG_KEXDH_INIT sent INFO: expecting SSH_MSG_KEXDH_REPLY INFO: ssh_rsa_verify: signature true INFO: Host '<redacted>' is known and mathces the RSA host key INFO: SSH_MSG_NEWKEYS sent INFO: SSH_MSG_NEWKEYS received INFO: SSH_MSG_SERVICE_REQUEST sent INFO: SSH_MSG_SERVICE_ACCEPT receivedINFO: Authentications that can continue: publickey,keyboard-interactive,password INFO: Next authentication method: publickey INFO: Authentication succeeded (publickey). Linux <redacted> 2.6.26-2-amd64 #1 SMP Mon Jun 13 16:29:33 UTC 2011 x86_64 <server welcome message follows>
I have installed the Java Cryptography Extensions (JCE) for the 1.4 VM.
我已经为 1.4 VM 安装了 Java Cryptography Extensions (JCE)。
What could be the source of that problem?
这个问题的根源是什么?
采纳答案by user1516873
Java has a limitation for using strong crypto algorithm. Check content of $JRE_HOME/lib/security/US_Export_policy.jarand $JRE_HOME/lib/security/local_policy.jar. If you find something like this:
Java 有使用强加密算法的限制。检查$JRE_HOME/lib/security/US_Export_policy.jar和 的内容$JRE_HOME/lib/security/local_policy.jar。如果你发现这样的事情:
// File: default_local.policy
// Some countries have import limits on crypto strength.
// This policy file is worldwide importable.
grant {
permission javax.crypto.CryptoPermission "DES", 64;
permission javax.crypto.CryptoPermission "DESede", *;
permission javax.crypto.CryptoPermission "RC2", 128,
"javax.crypto.spec.RC2ParameterSpec", 128;
permission javax.crypto.CryptoPermission "RC4", 128;
permission javax.crypto.CryptoPermission "RC5", 128,
"javax.crypto.spec.RC5ParameterSpec", *, 12, *;
permission javax.crypto.CryptoPermission "RSA", 2048;
permission javax.crypto.CryptoPermission *, 128;
};
Decision is to download and install JCE Unlimited Strength Jurisdiction Policy. Previously, it was located on Sun's site, now I don't know where it can be found.
决定是下载并安装 JCE Unlimited Strength Jurisdiction Policy。以前,它位于Sun的站点上,现在我不知道在哪里可以找到它。
You can read more in this article
你可以在这篇文章中阅读更多
EDIT: After some research, I found my answer was incorrect.
编辑:经过一些研究,我发现我的答案不正确。
Java 1.4 does not support RSA keys more than 2048 byte length BUG 4524097
Java 1.4 不支持长度超过 2048 字节的 RSA 密钥BUG 4524097
回答by shaine
My problems with jsch have been around permissions. So i would do the following to eliminate them as problems
我对 jsch 的问题是权限问题。所以我会做以下事情来消除它们作为问题
- Make sure you can ssh to the remote on the command line using the generated keys.
- Pass in the password and make sure you can get a connection to the remote.
- Check the permissions on the directory locally and on the remote good ssh summary.
- Try using the local host as a remote.
- 确保您可以使用生成的密钥在命令行上通过 ssh 连接到远程。
- 输入密码并确保您可以连接到遥控器。
- 检查本地目录和远程良好 ssh 摘要上的权限。
- 尝试使用本地主机作为远程主机。
Failing that download the source code and step though it in a debug session.
下载源代码失败并在调试会话中逐步执行。
回答by Horse Voice
Have you tried using an Open SSH key? jsch uses Open SSH key formats. You can convert your existing one to an Open SSH format. This is how: Use putty keygen and load your existing key. You may be prompted to enter your password to decrypt it. After that click on the conversions option above and choose the "Export OpenSSH Key". Use this newly generated key in your program above. Hope this helps.
您是否尝试过使用 Open SSH 密钥?jsch 使用 Open SSH 密钥格式。您可以将现有格式转换为 Open SSH 格式。方法如下:使用 putty keygen 并加载您现有的密钥。系统可能会提示您输入密码进行解密。然后单击上面的转换选项并选择“导出 OpenSSH 密钥”。在上面的程序中使用这个新生成的密钥。希望这可以帮助。
回答by murat
This code works fine...
这段代码工作正常...
public class Exec2 {
static String SSH_SERVER_PATH = "localhost";
static String SSH_SERVER_USERNAME = "root";
static String SSH_SERVER_PASSWORD = "root";
public static void main(String[] arg) {
try {
JSch jsch = new JSch();
String host = SSH_SERVER_PATH;
String user = SSH_SERVER_USERNAME;
Session session = jsch.getSession(user, host, 22);
// username and password will be given via UserInfo interface.
UserInfo ui = new MyUserInfo();
session.setUserInfo(ui);
session.connect();
String command = "uname";
Channel channel = session.openChannel("exec");
((ChannelExec) channel).setCommand(command);
channel.setInputStream(null);
((ChannelExec) channel).setErrStream(System.err);
InputStream in = channel.getInputStream();
channel.connect();
byte[] tmp = new byte[1024];
while (true) {
while (in.available() > 0) {
int i = in.read(tmp, 0, 1024);
if (i < 0)
break;
System.out.print(new String(tmp, 0, i));
}
if (channel.isClosed()) {
System.out.println("exit-status: " + channel.getExitStatus());
break;
}
try {
Thread.sleep(1000);
} catch (Exception ee) {
}
}
channel.disconnect();
session.disconnect();
} catch (Exception e) {
System.out.println(e);
}
}
public static class MyUserInfo implements UserInfo, UIKeyboardInteractive {
String passwd;
public String getPassword() {
return passwd;
}
public boolean promptYesNo(String str) {
return true;
}
public String getPassphrase() {
return null;
}
public boolean promptPassphrase(String message) {
return true;
}
public boolean promptPassword(String message) {
passwd = SSH_SERVER_PASSWORD;
return true;
}
public void showMessage(String message) {
System.out.println("message = " + message);
}
public String[] promptKeyboardInteractive(String destination,
String name, String instruction, String[] prompt, boolean[] echo) {
if (prompt[0].equals("Password: ")){
String[] response = new String[1];
response[0] = SSH_SERVER_PASSWORD;
return response;
}
return null;
}
}
}
回答by user3078759
public String getPassphrase() { return null; }
public boolean promptPassphrase(String message) { return true; } public boolean promptPassword(String message) { passwd = SSH_SERVER_PASSWORD; return true; } public void showMessage(String message) { System.out.println("message = " + message);
public String getPassphrase() { return null; }
public boolean promptPassphrase(String message) { return true; } public boolean promptPassword(String message) { passwd = SSH_SERVER_PASSWORD; return true; } public void showMessage(String message) { System.out.println("message = " + message);
