个人中心
gpt4 book ai didi

java - 在 JSch 中使用 2048 位素数

转载 作者:行者123 更新时间:2023-11-30 08:03:04 27 4
gpt4 key购买 nike

我正在尝试尝试从我的 Java 应用程序到客户端的外部服务器的 SSH 连接。客户端增强了安全性,他们不接受 1024 位素数,但我的 JSch 只发送 1024 位素数。

请在下面找到我的应用程序的详细错误输出:

INFO  |: Launching [sftp] handler
INFO  |: Creating SFTP session to host [server1] with logger for JSch
INFO  |: Connecting via public/private key.
INFO  |: Session created.
INFO  |: Connecting to server1 port 22
INFO  |: Connection established
INFO  |: Remote version string: SSH-2.0-VShell_4_1_1_862 VShell
INFO  |: Local version string: SSH-2.0-JSCH-0.1.53
INFO  |: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO  |: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO  |: SSH_MSG_KEXINIT sent
INFO  |: SSH_MSG_KEXINIT received
INFO  |: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
INFO  |: kex: server: ecdsa-sha2-nistp256,ssh-dss,ssh-rsa
INFO  |: kex: server: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
INFO  |: kex: server: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
INFO  |: kex: server: hmac-sha2-512,hmac-sha2-256,hmac-sha1
INFO  |: kex: server: hmac-sha2-512,hmac-sha2-256,hmac-sha1
INFO  |: kex: server: <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="047e686d66446b74616a77776c2a676b69" rel="noreferrer noopener nofollow">[email protected]</a>,zlib,none
INFO  |: kex: server: <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ec9680858eac839c89829f9f84c28f8381" rel="noreferrer noopener nofollow">[email protected]</a>,zlib,none
INFO  |: kex: client: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO  |: kex: client: ssh-rsa,ssh-dss
INFO  |: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO  |: kex: client: aes128-cbc,3des-cbc
INFO  |: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO  |: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO  |: kex: server->client aes128-cbc hmac-sha1 none
INFO  |: kex: client->server aes128-ctr hmac-sha1 none
INFO  |: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent
INFO  |: expecting SSH_MSG_KEX_DH_GEX_GROUP
INFO  |: Disconnecting from server1 port 22
ERROR |: Unable to connect to SFTP server. com.jcraft.jsch.JSchException: SSH_MSG_DISCONNECT: 11 No appropriate prime between 1024 and 1024 is available.  en
INFO  |: -----------------------------------------------------------------------------------------------

很少有其他博客建议升级到 JSch 版本 0.1.53 可以解决该问题,但我已经在我的应用程序中使用 0.1.53 版本。

当我尝试使用详细选项从命令行连接时,我能够连接:

$ sftp -v username@server1
Connecting to server1...
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server1 [10.XX.XXX.XXX] port 22.
debug1: Connection established.
debug1: identity file /.ssh/id_rsa type 1
debug1: identity file /.ssh/id_rsa-cert type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_dsa-cert type -1
debug1: identity file /.ssh/id_ecdsa type -1
debug1: identity file /.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version VShell_4_1_1_862 VShell
debug1: no match: VShell_4_1_1_862 VShell
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server1' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:155
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_GB
debug1: Sending subsystem: sftp
sftp>

注意:我使用 SSH-2 RSA 2048 位 key 来使用我的应用程序和命令行进行连接。我使用应用程序和命令行观察到的唯一区别是:

我的应用程序在连接时发送以下信息:

INFO  |: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent

而命令行连接在连接时发送以下信息:

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent

任何有关如何更改我的应用程序以发送 SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) 的建议都会非常有帮助。

最佳答案

参见JSch change log对于“自版本 0.1.52 以来的更改”:

  • change: Logjam: diffie-hellman-group-exchange-sha256 anddiffie-hellman-group-exchange-sha1 will use 2048-bit key onJava8's SunJCE, thanks to JDK-6521495 and JDK-7044060.

所以您需要 JSch 0.1.53 是正确的,但您还需要 JDK 中的这些修复:

关于java - 在 JSch 中使用 2048 位素数,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36445272/

27 4 0
文章推荐: java - iText,在 PdfPTable 列中插入新的空行
文章推荐: JAVA 在 JFrame 中使用 JFXPanel 和鼠标监听器
文章推荐: java - Hibernate AttributeOverride 不起作用
文章推荐: java - Red5 1.0.7M10 : Could not find or load main class Files
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com