Hellman

Hellman

关注
发信
关注(28)粉丝(399)

ant - ANT SSHEXEC失败,出现算法协商失败错误

我只是尝试使用ant sshexec任务连接到远程主机。我在ant lib目录中具有所需的jar,并且能够使用腻子连接到远程主机。
这就是我运行ssh的方式

 <sshexec host="host"
username="username"
password="password"
trust="yes"
command="ls"/>

似乎加密算法与服务器不匹配。我看不到此任务的任何属性,因此如何指定算法[Ant doc] [1]。这是我得到的错误日志:
com.jcraft.jsch.JSchException: Algorithm negotiation fail
    at com.jcraft.jsch.Session.receive_kexinit(Session.java:540)
    at com.jcraft.jsch.Session.connect(Session.java:288)
    at com.jcraft.jsch.Session.connect(Session.java:145)
    at org.apache.tools.ant.taskdefs.optional.ssh.SSHBase.openSession(SSHBase.java:212)
    at org.apache.tools.ant.taskdefs.optional.ssh.SSHExec.execute(SSHExec.java:158)
    at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
    at org.apache.tools.ant.Task.perform(Task.java:348)
    at org.apache.tools.ant.Target.execute(Target.java:357)
    at org.apache.tools.ant.Target.performTasks(Target.java:385)
    at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1337)
    at org.apache.tools.ant.Project.executeTarget(Project.java:1306)
    at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
    at org.apache.tools.ant.Project.executeTargets(Project.java:1189)
    at org.apache.tools.ant.Main.runBuild(Main.java:758)
    at org.apache.tools.ant.Main.startAnt(Main.java:217)
    at org.apache.tools.ant.launch.Launcher.run(Launcher.java:257)
    at org.apache.tools.ant.launch.Launcher.main(Launcher.java:104)

最佳答案

TL; DR编辑您的sshd_config并在KexAlgorithms中启用对diffie-hellman-group-exchange-sha1和diffie-hellman-group1-sha1的支持:

KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

KexAlgorithms curve25519-sha256 @ libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group -exchange-sha1,diffie-hellman-group1-sha1
我怀疑在OpenSSH 6.7中进行以下更改后,问题就出现了:“密码和MAC的默认设置已更改,以删除不安全的算法。”。 (请参阅changelog)。该版本于10月6日发布,并于10月21日进行了Debian测试(请参阅Debian changelog)。

默认情况下,OpenSSH仅启用以下密钥交换算法:

[email protected]
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group-exchange-sha256
diffie-hellman-group14-sha1
而JSch声称支持these algorithms(请参见“功能”下的内容)进行密钥交换:

diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
因此,确实,他们无法就通用的密钥交换算法达成共识。更新sshd_config(并重新启动SSH服务器)可以解决问题。从版本0.1.50开始,显然JSch应该支持“diffie-hellman-group-exchange-sha256”方法(请参阅changelog)。

10-06 01:08
Powered by LMLPHP ©2024 Hellman 0.026763