我下载了新的 JSch 0.1.53 库,JSch (sftp) 下载任务不再起作用。此版本在
session.connect()
函数上失败并抛出错误 Session.connect: java.io.IOException: End of IO Stream Read
。
我的旧 jsch.jar(2011-10-06) 在同一主机上运行良好,也许我缺少新的配置道具?
Session session=null;
ChannelSftp channel=null;
try {
JSch.setLogger(SSHUtil.createJschLogger());
JSch jsch=new JSch();
session=jsch.getSession("myuser", "11.22.33.44", 22);
session.setConfig("StrictHostKeyChecking", "no");
session.setPassword("mypwd");
session.connect(2000); // <-- FAILS HERE
channel = (ChannelSftp)session.openChannel("sftp");
channel.connect(2000);
...
这是一个广泛的 JSch 日志记录,指示正在发生的事情。
INFO : Connecting to 11.22.33.44 port 22
INFO : Connection established
INFO : Remote version string: SSH-2.0-OpenSSH_6.6.1
INFO : Local version string: SSH-2.0-JSCH-0.1.53
INFO : CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO : aes256-ctr is not available.
INFO : aes192-ctr is not available.
INFO : aes256-cbc is not available.
INFO : aes192-cbc is not available.
INFO : CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO : diffie-hellman-group14-sha1 is not available.
INFO : ecdh-sha2-nistp256 is not available.
INFO : ecdh-sha2-nistp384 is not available.
INFO : ecdh-sha2-nistp521 is not available.
INFO : CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO : ecdsa-sha2-nistp256 is not available.
INFO : ecdsa-sha2-nistp384 is not available.
INFO : ecdsa-sha2-nistp521 is not available.
INFO : SSH_MSG_KEXINIT sent
INFO : SSH_MSG_KEXINIT received
INFO : kex: server: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
INFO : kex: server: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
INFO : kex: server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
INFO : kex: server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
INFO : kex: server: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
INFO : kex: server: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
INFO : kex: server: none,[email protected]
INFO : kex: server: none,[email protected]
INFO : kex: server:
INFO : kex: server:
INFO : kex: client: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO : kex: client: ssh-rsa,ssh-dss
INFO : kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO : kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO : kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO : kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO : kex: client: none
INFO : kex: client: none
INFO : kex: client:
INFO : kex: client:
INFO : kex: server->client aes128-ctr hmac-md5 none
INFO : kex: client->server aes128-ctr hmac-md5 none
INFO : SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent
INFO : expecting SSH_MSG_KEX_DH_GEX_GROUP
INFO : Disconnecting from 11.22.33.44 port 22
Exception in thread "main" com.jcraft.jsch.JSchException: Session.connect: java.io.IOException: End of IO Stream Read
at com.jcraft.jsch.Session.connect(Session.java:558)
at com.jcraft.jsch.Session.connect(Session.java:183)
at my.test.DownloadSFTP.main(DownloadSFTP.java:37)
Caused by: java.io.IOException: End of IO Stream Read
at com.jcraft.jsch.IO.getByte(IO.java:84)
at com.jcraft.jsch.Session.read(Session.java:918)
at com.jcraft.jsch.Session.connect(Session.java:323)
我还有一个非常旧的 Jsch.jar (2011-10-06),下载任务工作正常,这是一个日志。我想升级的一个原因是文件传输速度非常慢。新版本应该做得更好,我读过。
INFO : Connecting to 11.22.33.44 port 22
INFO : Connection established
INFO : Remote version string: SSH-2.0-OpenSSH_6.6.1
INFO : Local version string: SSH-2.0-JSCH-0.1.44
INFO : CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO : aes256-ctr is not available.
INFO : aes192-ctr is not available.
INFO : aes256-cbc is not available.
INFO : aes192-cbc is not available.
INFO : arcfour256 is not available.
INFO : SSH_MSG_KEXINIT sent
INFO : SSH_MSG_KEXINIT received
INFO : kex: server->client aes128-ctr hmac-md5 none
INFO : kex: client->server aes128-ctr hmac-md5 none
INFO : SSH_MSG_KEXDH_INIT sent
INFO : expecting SSH_MSG_KEXDH_REPLY
INFO : ssh_rsa_verify: signature true
WARN : Permanently added '11.22.33.44' (RSA) to the list of known hosts.
INFO : SSH_MSG_NEWKEYS sent
INFO : SSH_MSG_NEWKEYS received
INFO : SSH_MSG_SERVICE_REQUEST sent
INFO : SSH_MSG_SERVICE_ACCEPT received
INFO : Authentications that can continue: publickey,keyboard-interactive,password
INFO : Next authentication method: publickey
INFO : Authentications that can continue: keyboard-interactive,password
INFO : Next authentication method: keyboard-interactive
INFO : Authentication succeeded (keyboard-interactive).
INFO : Disconnecting from 11.22.33.44 port 22
INFO : Caught an exception, leaving main loop due to socket closed
编辑 我有一个想法是在 Maven 存储库 中回退版本,但实际上这个非常新的版本无法正常工作。以前的 jsch-0.1.52.jar 版本工作正常。我尝试联系图书馆开发人员。
这是来自工作 0.1.52 版本的日志。
INFO : Connecting to 11.22.33.44 port 22
INFO : Connection established
INFO : Remote version string: SSH-2.0-OpenSSH_6.6.1
INFO : Local version string: SSH-2.0-JSCH-0.1.52
INFO : CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO : aes256-ctr is not available.
INFO : aes192-ctr is not available.
INFO : aes256-cbc is not available.
INFO : aes192-cbc is not available.
INFO : CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO : diffie-hellman-group14-sha1 is not available.
INFO : ecdh-sha2-nistp256 is not available.
INFO : ecdh-sha2-nistp384 is not available.
INFO : ecdh-sha2-nistp521 is not available.
INFO : CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO : ecdsa-sha2-nistp256 is not available.
INFO : ecdsa-sha2-nistp384 is not available.
INFO : ecdsa-sha2-nistp521 is not available.
INFO : SSH_MSG_KEXINIT sent
INFO : SSH_MSG_KEXINIT received
INFO : kex: server: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
INFO : kex: server: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
INFO : kex: server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
INFO : kex: server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
INFO : kex: server: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
INFO : kex: server: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
INFO : kex: server: none,[email protected]
INFO : kex: server: none,[email protected]
INFO : kex: server:
INFO : kex: server:
INFO : kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256
INFO : kex: client: ssh-rsa,ssh-dss
INFO : kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO : kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO : kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO : kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO : kex: client: none
INFO : kex: client: none
INFO : kex: client:
INFO : kex: client:
INFO : kex: server->client aes128-ctr hmac-md5 none
INFO : kex: client->server aes128-ctr hmac-md5 none
INFO : SSH_MSG_KEXDH_INIT sent
INFO : expecting SSH_MSG_KEXDH_REPLY
INFO : ssh_rsa_verify: signature true
WARN : Permanently added '11.22.33.44' (RSA) to the list of known hosts.
INFO : SSH_MSG_NEWKEYS sent
INFO : SSH_MSG_NEWKEYS received
INFO : SSH_MSG_SERVICE_REQUEST sent
INFO : SSH_MSG_SERVICE_ACCEPT received
INFO : Authentications that can continue: publickey,keyboard-interactive,password
INFO : Next authentication method: publickey
INFO : Authentications that can continue: keyboard-interactive,password
INFO : Next authentication method: keyboard-interactive
INFO : Authentication succeeded (keyboard-interactive).
JSch 0.1.53 支持(并且更喜欢)
diffie-hellman-group-exchange-sha256
KEX,服务器声称也支持它,因此 JSch 尝试使用它。
由于某种原因,服务器随后会断开您的连接。
要解决此问题,请强制 JSch 使用
diffie-hellman-group1-sha1
KEX,这是 JSch 0.1.52 更喜欢的:
session.setConfig("kex", "diffie-hellman-group1-sha1");
强制警告:不要使用
StrictHostKeyChecking=no
盲目接受所有主机密钥。这是一个安全缺陷。您将失去针对 MITM 攻击 的保护。有关正确(且安全)的方法,请参阅:如何在使用 JSch SFTP 库时解析 Java UnknownHostKey?
我也遇到了同样的问题,我只是将 jsch 版本更改为 0.1.54 并得到了解决
将其添加到您的 pom.xml
<dependency>
<groupId>com.jcraft</groupId>
<artifactId>jsch</artifactId>
<version>0.1.54</version>
</dependency>
尝试了很多解决方案后,下面解决了我的问题
在文本编辑器中打开ssh服务器的sshd_config并添加以下内容 行到文件末尾:
KexAlgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
编辑文件后,确保重新启动 ssh 服务
信息:SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent
这表明您的最大密钥长度是1024 因为它失败了 https://github.com/is/jsch/blob/addb8e3a0ebd71cbbf51cf6ba746e8e128df713c/src/main/java/com/jcraft/jsch/DHGEX.java#L240
服务器预计密钥长度可能为 2048 或更长。因此断开连接。
1) 将服务器上的最小密钥长度减少到 1024 或
2)禁用 diffie-hellman-group-exchange-sha1 https://github.com/is/jsch/blob/addb8e3a0ebd71cbbf51cf6ba746e8e128df713c/src/main/java/com/jcraft/jsch/JSch.java#L60
3)尝试:https://search.maven.org/artifact/com.github.mwiede/jsch
我也有同样的问题。您需要更改库版本。
替换不支持的com.jcraft(最新版本2018年11月26日):
<dependency>
<groupId>com.jcraft</groupId>
<artifactId>jsch</artifactId>
<version>0.1.55</version>
</dependency>
添加新支持的 com.github.mwiede :
<dependency>
<groupId>com.github.mwiede</groupId>
<artifactId>jsch</artifactId>
<version>0.2.17</version>
</dependency>
Mvn 存储库:https://mvnrepository.com/artifact/com.github.mwiede/jsch