JSch 0.1.53 session.connect() 抛出“IO 流读取结束”

问题描述 投票:0回答:5

我下载了新的 JSch 0.1.53 库,JSch (sftp) 下载任务不再起作用。此版本在 

session.connect()
函数上失败并抛出错误 
Session.connect: java.io.IOException: End of IO Stream Read

我的旧 jsch.jar(2011-10-06) 在同一主机上运行良好,也许我缺少新的配置道具?

Session session=null;
ChannelSftp channel=null;
try {
    JSch.setLogger(SSHUtil.createJschLogger());

    JSch jsch=new JSch();
    session=jsch.getSession("myuser", "11.22.33.44", 22);
    session.setConfig("StrictHostKeyChecking", "no"); 
    session.setPassword("mypwd");
    session.connect(2000); // <-- FAILS HERE
    channel = (ChannelSftp)session.openChannel("sftp");
    channel.connect(2000);
    ...

这是一个广泛的 JSch 日志记录,指示正在发生的事情。

INFO : Connecting to 11.22.33.44 port 22
INFO : Connection established
INFO : Remote version string: SSH-2.0-OpenSSH_6.6.1
INFO : Local version string: SSH-2.0-JSCH-0.1.53
INFO : CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO : aes256-ctr is not available.
INFO : aes192-ctr is not available.
INFO : aes256-cbc is not available.
INFO : aes192-cbc is not available.
INFO : CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO : diffie-hellman-group14-sha1 is not available.
INFO : ecdh-sha2-nistp256 is not available.
INFO : ecdh-sha2-nistp384 is not available.
INFO : ecdh-sha2-nistp521 is not available.
INFO : CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO : ecdsa-sha2-nistp256 is not available.
INFO : ecdsa-sha2-nistp384 is not available.
INFO : ecdsa-sha2-nistp521 is not available.
INFO : SSH_MSG_KEXINIT sent
INFO : SSH_MSG_KEXINIT received
INFO : kex: server: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
INFO : kex: server: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
INFO : kex: server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
INFO : kex: server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
INFO : kex: server: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
INFO : kex: server: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
INFO : kex: server: none,[email protected]
INFO : kex: server: none,[email protected]
INFO : kex: server:
INFO : kex: server:
INFO : kex: client: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO : kex: client: ssh-rsa,ssh-dss
INFO : kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO : kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO : kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO : kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO : kex: client: none
INFO : kex: client: none
INFO : kex: client:
INFO : kex: client:
INFO : kex: server->client aes128-ctr hmac-md5 none
INFO : kex: client->server aes128-ctr hmac-md5 none
INFO : SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent
INFO : expecting SSH_MSG_KEX_DH_GEX_GROUP
INFO : Disconnecting from 11.22.33.44 port 22
Exception in thread "main" com.jcraft.jsch.JSchException: Session.connect: java.io.IOException: End of IO Stream Read
        at com.jcraft.jsch.Session.connect(Session.java:558)
        at com.jcraft.jsch.Session.connect(Session.java:183)
        at my.test.DownloadSFTP.main(DownloadSFTP.java:37)
Caused by: java.io.IOException: End of IO Stream Read
        at com.jcraft.jsch.IO.getByte(IO.java:84)
        at com.jcraft.jsch.Session.read(Session.java:918)
        at com.jcraft.jsch.Session.connect(Session.java:323)

我还有一个非常旧的 Jsch.jar (2011-10-06),下载任务工作正常,这是一个日志。我想升级的一个原因是文件传输速度非常慢。新版本应该做得更好,我读过。

INFO : Connecting to 11.22.33.44 port 22
INFO : Connection established
INFO : Remote version string: SSH-2.0-OpenSSH_6.6.1
INFO : Local version string: SSH-2.0-JSCH-0.1.44
INFO : CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO : aes256-ctr is not available.
INFO : aes192-ctr is not available.
INFO : aes256-cbc is not available.
INFO : aes192-cbc is not available.
INFO : arcfour256 is not available.
INFO : SSH_MSG_KEXINIT sent
INFO : SSH_MSG_KEXINIT received
INFO : kex: server->client aes128-ctr hmac-md5 none
INFO : kex: client->server aes128-ctr hmac-md5 none
INFO : SSH_MSG_KEXDH_INIT sent
INFO : expecting SSH_MSG_KEXDH_REPLY
INFO : ssh_rsa_verify: signature true
WARN : Permanently added '11.22.33.44' (RSA) to the list of known hosts.
INFO : SSH_MSG_NEWKEYS sent
INFO : SSH_MSG_NEWKEYS received
INFO : SSH_MSG_SERVICE_REQUEST sent
INFO : SSH_MSG_SERVICE_ACCEPT received
INFO : Authentications that can continue: publickey,keyboard-interactive,password
INFO : Next authentication method: publickey
INFO : Authentications that can continue: keyboard-interactive,password
INFO : Next authentication method: keyboard-interactive
INFO : Authentication succeeded (keyboard-interactive).
INFO : Disconnecting from 11.22.33.44 port 22
INFO : Caught an exception, leaving main loop due to socket closed

编辑 我有一个想法是在 Maven 存储库 中回退版本,但实际上这个非常新的版本无法正常工作。以前的 jsch-0.1.52.jar 版本工作正常。我尝试联系图书馆开发人员。

这是来自工作 0.1.52 版本的日志。

INFO : Connecting to 11.22.33.44 port 22
INFO : Connection established
INFO : Remote version string: SSH-2.0-OpenSSH_6.6.1
INFO : Local version string: SSH-2.0-JSCH-0.1.52
INFO : CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO : aes256-ctr is not available.
INFO : aes192-ctr is not available.
INFO : aes256-cbc is not available.
INFO : aes192-cbc is not available.
INFO : CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO : diffie-hellman-group14-sha1 is not available.
INFO : ecdh-sha2-nistp256 is not available.
INFO : ecdh-sha2-nistp384 is not available.
INFO : ecdh-sha2-nistp521 is not available.
INFO : CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO : ecdsa-sha2-nistp256 is not available.
INFO : ecdsa-sha2-nistp384 is not available.
INFO : ecdsa-sha2-nistp521 is not available.
INFO : SSH_MSG_KEXINIT sent
INFO : SSH_MSG_KEXINIT received
INFO : kex: server: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
INFO : kex: server: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
INFO : kex: server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
INFO : kex: server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
INFO : kex: server: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
INFO : kex: server: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
INFO : kex: server: none,[email protected]
INFO : kex: server: none,[email protected]
INFO : kex: server:
INFO : kex: server:
INFO : kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256
INFO : kex: client: ssh-rsa,ssh-dss
INFO : kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO : kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO : kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO : kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO : kex: client: none
INFO : kex: client: none
INFO : kex: client:
INFO : kex: client:
INFO : kex: server->client aes128-ctr hmac-md5 none
INFO : kex: client->server aes128-ctr hmac-md5 none
INFO : SSH_MSG_KEXDH_INIT sent
INFO : expecting SSH_MSG_KEXDH_REPLY
INFO : ssh_rsa_verify: signature true
WARN : Permanently added '11.22.33.44' (RSA) to the list of known hosts.
INFO : SSH_MSG_NEWKEYS sent
INFO : SSH_MSG_NEWKEYS received
INFO : SSH_MSG_SERVICE_REQUEST sent
INFO : SSH_MSG_SERVICE_ACCEPT received
INFO : Authentications that can continue: publickey,keyboard-interactive,password
INFO : Next authentication method: publickey
INFO : Authentications that can continue: keyboard-interactive,password
INFO : Next authentication method: keyboard-interactive
INFO : Authentication succeeded (keyboard-interactive).
java sftp jsch
5个回答
11
投票

JSch 0.1.53 支持(并且更喜欢)

diffie-hellman-group-exchange-sha256
KEX,服务器声称也支持它,因此 JSch 尝试使用它。

由于某种原因,服务器随后会断开您的连接。

要解决此问题,请强制 JSch 使用 

diffie-hellman-group1-sha1
KEX,这是 JSch 0.1.52 更喜欢的:

session.setConfig("kex", "diffie-hellman-group1-sha1");

强制警告:不要使用

StrictHostKeyChecking=no
盲目接受所有主机密钥。这是一个安全缺陷。您将失去针对 MITM 攻击 的保护。有关正确(且安全)的方法,请参阅:如何在使用 JSch SFTP 库时解析 Java UnknownHostKey?

2
投票

我也遇到了同样的问题,我只是将 jsch 版本更改为 0.1.54 并得到了解决

将其添加到您的 pom.xml

<dependency>
   <groupId>com.jcraft</groupId>
   <artifactId>jsch</artifactId>
   <version>0.1.54</version>
</dependency>
2
投票

尝试了很多解决方案后,下面解决了我的问题

  • 在文本编辑器中打开ssh服务器的sshd_config并添加以下内容 行到文件末尾:

    KexAlgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

  • 编辑文件后,确保重新启动 ssh 服务

0
投票

信息:SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent

这表明您的最大密钥长度是1024 因为它失败了 https://github.com/is/jsch/blob/addb8e3a0ebd71cbbf51cf6ba746e8e128df713c/src/main/java/com/jcraft/jsch/DHGEX.java#L240

服务器预计密钥长度可能为 2048 或更长。因此断开连接。

1) 将服务器上的最小密钥长度减少到 1024 或

2)禁用 diffie-hellman-group-exchange-sha1 https://github.com/is/jsch/blob/addb8e3a0ebd71cbbf51cf6ba746e8e128df713c/src/main/java/com/jcraft/jsch/JSch.java#L60

3)尝试:https://search.maven.org/artifact/com.github.mwiede/jsch

0
投票

我也有同样的问题。您需要更改库版本。

替换不支持的com.jcraft(最新版本2018年11月26日):

<dependency>
    <groupId>com.jcraft</groupId>
    <artifactId>jsch</artifactId>
    <version>0.1.55</version>
</dependency>

添加新支持的 com.github.mwiede :

<dependency>
    <groupId>com.github.mwiede</groupId>
    <artifactId>jsch</artifactId>
    <version>0.2.17</version>
</dependency>

Mvn 存储库:https://mvnrepository.com/artifact/com.github.mwiede/jsch

项目主页:https://github.com/mwiede/jsch

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.