我正在尝试进行公钥/私钥授权,但它仅适用于某些服务器。
以下代码在连接到本地按位服务器以及连接到本地 CrushFTP 服务器时有效,但在连接到版本字符串为“SSH-2.0-LiquidSftp”的远程服务器时不起作用 相同的公钥已上传到所有服务器。
JSch jsch = new JSch();
JSch.setLogger(new Log4jLogger());
jsch.addIdentity("privatekey.ppk", "mySecretPassPhrase");
String host = "someserver.com";
String username = "myUsername";
int port = 1100;
Session session = jsch.getSession(username, host, port);
session.setConfig("StrictHostKeyChecking", "no");
session.setConfig("kex","diffie-hellman-group-exchange-sha1");
UserInfo ui = new MyUserInfo();
session.setUserInfo(ui);
session.connect();
从Wireshark监控的Key Exchange Init消息中,并在java中登录,我可以看到服务器支持diffie-hellman-group-exchange-sha1算法,但在尝试验证SSH_MSG_KEX_DH_GEX_REPLY中的签名时失败
SSH_MSG_KEXINIT sent
SSH_MSG_KEXINIT received
kex: server: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
kex: server: ssh-rsa
kex: server: 3des-cbc,blowfish-cbc,twofish256-cbc,twofish192-cbc,twofish128-cbc,aes256-cbc,aes192-cbc,aes128-cbc,serpent256-cbc,serpent192-cbc,serpent128-cbc,arcfour,idea-cbc,cast128-cbc,none,des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-ctr,blowfish-ctr,twofish128-ctr,twofish192-ctr,twofish256-ctr,serpent128-ctr,serpent192-ctr,serpent256-ctr,idea-ctr,cast128-ctr,arcfour128,arcfour256
kex: server: 3des-cbc,blowfish-cbc,twofish256-cbc,twofish192-cbc,twofish128-cbc,aes256-cbc,aes192-cbc,aes128-cbc,serpent256-cbc,serpent192-cbc,serpent128-cbc,arcfour,idea-cbc,cast128-cbc,none,des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-ctr,blowfish-ctr,twofish128-ctr,twofish192-ctr,twofish256-ctr,serpent128-ctr,serpent192-ctr,serpent256-ctr,idea-ctr,cast128-ctr,arcfour128,arcfour256
kex: server: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,none,hmac-ripemd160,hmac-ripemd,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512
kex: server: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,none,hmac-ripemd160,hmac-ripemd,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512
kex: server: none,zlib,[email protected]
kex: server: none,zlib,[email protected]
kex: server:
kex: server:
kex: client: diffie-hellman-group-exchange-sha1
kex: client: ssh-rsa
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
kex: client: none
kex: client: none
kex: client:
kex: client:
kex: server->client aes128-ctr hmac-md5 none
kex: client->server aes128-ctr hmac-md5 none
SSH_MSG_KEX_DH_GEX_REQUEST(1024<2048<2048) sent
SSH_MSG_KEX_DH_GEX_INIT sent
ssh_rsa_verify: signature false
当使用相同的算法和相同的私钥使用 putty 连接到服务器时,一切正常,wireshark 输出看起来非常相似,但客户端在收到
SSH_MSG_KEX_DH_GEX_REPLY知道出了什么问题吗?我错过了一些明显的事情吗?
这个问题得到解决了吗?我的新应用程序服务器在 TeamCity 上也面临类似的问题