java 在JSch中使用2048位素数

yk9xbfzb  于 2023-03-28  发布在  Java
关注(0)|答案(1)|浏览(143)

我尝试从我的Java应用程序到客户端的外部服务器的SSH连接。客户端增强了安全性,他们不接受1024位素数,但我的JSch只发送1024位素数。
请在下面找到我的应用程序的详细错误输出:

INFO  |: Launching [sftp] handler
INFO  |: Creating SFTP session to host [server1] with logger for JSch
INFO  |: Connecting via public/private key.
INFO  |: Session created.
INFO  |: Connecting to server1 port 22
INFO  |: Connection established
INFO  |: Remote version string: SSH-2.0-VShell_4_1_1_862 VShell
INFO  |: Local version string: SSH-2.0-JSCH-0.1.53
INFO  |: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO  |: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO  |: SSH_MSG_KEXINIT sent
INFO  |: SSH_MSG_KEXINIT received
INFO  |: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
INFO  |: kex: server: ecdsa-sha2-nistp256,ssh-dss,ssh-rsa
INFO  |: kex: server: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
INFO  |: kex: server: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
INFO  |: kex: server: hmac-sha2-512,hmac-sha2-256,hmac-sha1
INFO  |: kex: server: hmac-sha2-512,hmac-sha2-256,hmac-sha1
INFO  |: kex: server: zlib@openssh.com,zlib,none
INFO  |: kex: server: zlib@openssh.com,zlib,none
INFO  |: kex: client: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO  |: kex: client: ssh-rsa,ssh-dss
INFO  |: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO  |: kex: client: aes128-cbc,3des-cbc
INFO  |: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO  |: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO  |: kex: server->client aes128-cbc hmac-sha1 none
INFO  |: kex: client->server aes128-ctr hmac-sha1 none
INFO  |: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent
INFO  |: expecting SSH_MSG_KEX_DH_GEX_GROUP
INFO  |: Disconnecting from server1 port 22
ERROR |: Unable to connect to SFTP server. com.jcraft.jsch.JSchException: SSH_MSG_DISCONNECT: 11 No appropriate prime between 1024 and 1024 is available.  en
INFO  |: -----------------------------------------------------------------------------------------------

很少有其他博客建议升级到JSch版本0.1.53可以解决这个问题,但我已经在我的应用程序中使用0.1.53版本。
当我尝试使用verbose选项从命令行连接时,我能够连接:

$ sftp -v username@server1
Connecting to server1...
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server1 [10.XX.XXX.XXX] port 22.
debug1: Connection established.
debug1: identity file /.ssh/id_rsa type 1
debug1: identity file /.ssh/id_rsa-cert type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_dsa-cert type -1
debug1: identity file /.ssh/id_ecdsa type -1
debug1: identity file /.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version VShell_4_1_1_862 VShell
debug1: no match: VShell_4_1_1_862 VShell
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server1' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:155
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_GB
debug1: Sending subsystem: sftp
sftp>

注意:我使用SSH-2 RSA 2048位密钥连接使用我的应用程序和命令行以及.我可以观察到使用我的应用程序和命令行的唯一区别是:
我的应用程序在连接时发送以下信息:

INFO  |: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent

而命令行连接在连接时发送以下信息:

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent

任何关于如何将我的应用程序更改为发送SSH2_MSG_KEX_DH_GEX_REQUEST(1024〈2048〈8192)的建议都将非常有用。

q3qa4bjr

q3qa4bjr1#

参见JSch change log获取 “0.1.52版以来的更改”

  • change:Logjam:diffie-hellman-group-exchange-sha 256和diffie-hellman-group-exchange-sha1将在Java8的SunJCE上使用2048位密钥,这要归功于JDK-6521495和JDK-7044060。

因此,您需要JSch 0.1.53是正确的,但您还需要在JDK中进行以下修复:

相关问题