JSch 0.1.54 dh-group14-sha1 算法协商失败
JSch 0.1.54 dh-group14-sha1 Algorithm negotiation fail
我已经添加了Java unlimited policy files 并阅读了其他发帖者在这里提出的解决方案,但仍然无法解决我的问题。
- 升级到 JSch 0.1.54
- 安装了 UnlimitedJCEPolicy 文件。
C:\Program Files\Java\jdk1.7.0_21\jre\lib\security。
我已验证 NetBeans 正在使用 jdk 的这个实例。
我可以连接防火墙上设置的 SSH 密钥交换组 dh-group1-sha1,但是当我将其更改为 SSH 密钥交换组 dh-group14-sha1 时,我收到以下错误:
Caused by: com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:590)
at com.jcraft.jsch.Session.connect(Session.java:320)
at com.jcraft.jsch.Session.connect(Session.java:183)
我按如下方式创建我的 JSch 会话:
Properties config = new Properties();
config.put("kex", "diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256");
config.put("StrictHostKeyChecking", "no");
session.setConfig(config);
session.connect();
我已经按照其他问题的解决方案进行了操作,但至今无法解决此问题。请帮忙。
这是来自服务器的日志文件。
SSH: host key initialised
SSH1: starting SSH control process
SSH1: Exchanging versions - SSH-1.99-Cisco-1.25
SSH1: send SSH message: outdata is NULL
server version string:SSH-1.99-Cisco-1.25
SSH1: receive SSH message: 83 (83)
SSH1: client version is - SSH-2.0-JSCH-0.1.54
client version string:SSH-2.0-JSCH-0.1.54
SSH2 1: SSH2_MSG_KEXINIT sent
SSH2 1: SSH2_MSG_KEXINIT received
SSH2: kex: client->server aes128-ctr hmac-md5 none
SSH2: kex: server->client aes128-ctr hmac-md5 none
SSH2 0: kex algo not supported: client diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchan
SSH2 1: ssh: kex_choose_conf errorSSH1: Session disconnected by SSH server - error 0x00 "Internal error"
这是 JSch 日志:
INFO: Connection established
INFO: Remote version string: SSH-1.99-Cisco-1.25
INFO: Local version string: SSH-2.0-JSCH-0.1.54
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO: diffie-hellman-group14-sha1 is not available.
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: diffie-hellman-group14-sha1
INFO: kex: server: ssh-rsa
INFO: kex: server: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
INFO: kex: server: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
INFO: kex: server: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
INFO: kex: server: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
INFO: kex: server: none
INFO: kex: server: none
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
显然您需要使用 JDK 8 作为 "diffie-hellman-group14-sha1"。
查看 JSch.java static 块:
config.put("diffie-hellman-group14-sha1",
"com.jcraft.jsch.DHG14"); // available since JDK8.
我已经添加了Java unlimited policy files 并阅读了其他发帖者在这里提出的解决方案,但仍然无法解决我的问题。
- 升级到 JSch 0.1.54
- 安装了 UnlimitedJCEPolicy 文件。
C:\Program Files\Java\jdk1.7.0_21\jre\lib\security。 我已验证 NetBeans 正在使用 jdk 的这个实例。
我可以连接防火墙上设置的 SSH 密钥交换组 dh-group1-sha1,但是当我将其更改为 SSH 密钥交换组 dh-group14-sha1 时,我收到以下错误:
Caused by: com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:590)
at com.jcraft.jsch.Session.connect(Session.java:320)
at com.jcraft.jsch.Session.connect(Session.java:183)
我按如下方式创建我的 JSch 会话:
Properties config = new Properties();
config.put("kex", "diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256");
config.put("StrictHostKeyChecking", "no");
session.setConfig(config);
session.connect();
我已经按照其他问题的解决方案进行了操作,但至今无法解决此问题。请帮忙。
这是来自服务器的日志文件。
SSH: host key initialised
SSH1: starting SSH control process
SSH1: Exchanging versions - SSH-1.99-Cisco-1.25
SSH1: send SSH message: outdata is NULL
server version string:SSH-1.99-Cisco-1.25
SSH1: receive SSH message: 83 (83)
SSH1: client version is - SSH-2.0-JSCH-0.1.54
client version string:SSH-2.0-JSCH-0.1.54
SSH2 1: SSH2_MSG_KEXINIT sent
SSH2 1: SSH2_MSG_KEXINIT received
SSH2: kex: client->server aes128-ctr hmac-md5 none
SSH2: kex: server->client aes128-ctr hmac-md5 none
SSH2 0: kex algo not supported: client diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchan
SSH2 1: ssh: kex_choose_conf errorSSH1: Session disconnected by SSH server - error 0x00 "Internal error"
这是 JSch 日志:
INFO: Connection established
INFO: Remote version string: SSH-1.99-Cisco-1.25
INFO: Local version string: SSH-2.0-JSCH-0.1.54
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO: diffie-hellman-group14-sha1 is not available.
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: diffie-hellman-group14-sha1
INFO: kex: server: ssh-rsa
INFO: kex: server: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
INFO: kex: server: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
INFO: kex: server: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
INFO: kex: server: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
INFO: kex: server: none
INFO: kex: server: none
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
显然您需要使用 JDK 8 作为 "diffie-hellman-group14-sha1"。
查看 JSch.java static 块:
config.put("diffie-hellman-group14-sha1",
"com.jcraft.jsch.DHG14"); // available since JDK8.