本文介绍了在JSch中使用2048位素数的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试从我的Java应用程序到客户端的外部服务器的SSH连接。客户端增强了安全性,他们不接受1024位素数,但是我的JSch仅发送1024位素数。

I am trying to attempt SSH connection from my Java application to an external server of client. The client has enhanced the security and they are not accepting 1024 bit primes but my JSch is sending only 1024 bit primes.

请在下面的应用程序中找到详细的错误输出:

Please find verbose error output from my application below:

INFO  |: Launching [sftp] handler
INFO  |: Creating SFTP session to host [server1] with logger for JSch
INFO  |: Connecting via public/private key.
INFO  |: Session created.
INFO  |: Connecting to server1 port 22
INFO  |: Connection established
INFO  |: Remote version string: SSH-2.0-VShell_4_1_1_862 VShell
INFO  |: Local version string: SSH-2.0-JSCH-0.1.53
INFO  |: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO  |: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO  |: SSH_MSG_KEXINIT sent
INFO  |: SSH_MSG_KEXINIT received
INFO  |: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
INFO  |: kex: server: ecdsa-sha2-nistp256,ssh-dss,ssh-rsa
INFO  |: kex: server: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
INFO  |: kex: server: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
INFO  |: kex: server: hmac-sha2-512,hmac-sha2-256,hmac-sha1
INFO  |: kex: server: hmac-sha2-512,hmac-sha2-256,hmac-sha1
INFO  |: kex: server: [email protected],zlib,none
INFO  |: kex: server: [email protected],zlib,none
INFO  |: kex: client: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO  |: kex: client: ssh-rsa,ssh-dss
INFO  |: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO  |: kex: client: aes128-cbc,3des-cbc
INFO  |: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO  |: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO  |: kex: server->client aes128-cbc hmac-sha1 none
INFO  |: kex: client->server aes128-ctr hmac-sha1 none
INFO  |: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent
INFO  |: expecting SSH_MSG_KEX_DH_GEX_GROUP
INFO  |: Disconnecting from server1 port 22
ERROR |: Unable to connect to SFTP server. com.jcraft.jsch.JSchException: SSH_MSG_DISCONNECT: 11 No appropriate prime between 1024 and 1024 is available.  en
INFO  |: -----------------------------------------------------------------------------------------------

很少有其他博客建议升级到JSch版本0.1.53将解决此问题,但我是已经在我的应用程序中使用了0.1.53版本。

Few other blogs suggested upgrading to JSch version 0.1.53 would fix the issue but I am already using 0.1.53 version in my application.

当我尝试使用详细选项从命令行进行连接时,我可以进行连接:

When I try to connect from command line using verbose option I am able to connect:

$ sftp -v username@server1
Connecting to server1...
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server1 [10.XX.XXX.XXX] port 22.
debug1: Connection established.
debug1: identity file /.ssh/id_rsa type 1
debug1: identity file /.ssh/id_rsa-cert type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_dsa-cert type -1
debug1: identity file /.ssh/id_ecdsa type -1
debug1: identity file /.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version VShell_4_1_1_862 VShell
debug1: no match: VShell_4_1_1_862 VShell
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server1' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:155
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_GB
debug1: Sending subsystem: sftp
sftp>

注意:我正在使用SSH-2 RSA 2048位密钥通过我的应用程序和命令行进行连接也一样使用应用程序和命令行可以观察到的唯一区别是:

Note: I am using SSH-2 RSA 2048 bit keys for connectivity using my application and in command line as well. The only difference I could observe using my application and command line is:

我的应用程序在连接时发送以下信息:

My application is sending the below information when connecting:

INFO  |: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent

连接时命令行连接正在发送以下信息:

Whereas command line connectivity is sending below information when connecting:

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent

关于如何更改我的任何建议发送SSH2_MSG_KEX_DH_GEX_REQUEST(1024< 2048< 8192)的应用程序会很有帮助。

Any suggestion on how to change my application to send SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) would be much helpful.

推荐答案

请参见 :

因此,您正确地需要JSch 0.1.53,但是您在JDK中也需要这些修复:

So you are correct that you need JSch 0.1.53, but you also need these fixes in your JDK:




  • https://bugs.java.com/bugdatabase/view_bug.do?bug_id=6521495
  • https://bugs.openjdk.java.net/browse/JDK-7044060

这篇关于在JSch中使用2048位素数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-11 08:47