分享程序员开发的那些事...
更新时间:2023-01-18 13:46:55
如您所见,服务器提供了以下密码:
INFO:kex:server: aes256-cbc,aes192-cbc
但是JSch只接受这些:
INFO:kex:client:aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
没有通用的密码可供选择。
请注意,JSch支持aes256-cbc和aes192-cbc,但需要JCE(Java Cryptography Extension)来允许它们。
您可能没有JCE,所以这些密码不可用。这就是为什么有
信息:aes256-cbc不可用。
下载 Java密码术扩展(JCE)无限强度管辖权政策文件8 (或其他版本,如果不使用JDK 1.8)。
I try to connect SFTP server by Java.
I got an error.
com.jcraft.jsch.JSchException: Algorithm negotiation fail
Here is the POM:
<dependency>
<groupId>com.jcraft</groupId>
<artifactId>jsch</artifactId>
<version>0.1.53</version>
</dependency>
Here is the log:
INFO: Connecting to **"FTP ADRESS"** port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-Maverick_SSHD
INFO: Local version string: SSH-2.0-JSCH-0.1.53
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: aes256-ctr is not available.
INFO: aes192-ctr is not available.
INFO: aes256-cbc is not available.
INFO: aes192-cbc is not available.
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO: diffie-hellman-group14-sha1 is not available.
INFO: ecdh-sha2-nistp256 is not available.
INFO: ecdh-sha2-nistp384 is not available.
INFO: ecdh-sha2-nistp521 is not available.
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: ecdsa-sha2-nistp256 is not available.
INFO: ecdsa-sha2-nistp384 is not available.
INFO: ecdsa-sha2-nistp521 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
INFO: kex: server: ssh-rsa
INFO: kex: server: aes256-cbc,aes192-cbc
INFO: kex: server: aes256-cbc,aes192-cbc
INFO: kex: server: hmac-sha1,hmac-sha1-96
INFO: kex: server: hmac-sha1,hmac-sha1-96
INFO: kex: server: none
INFO: kex: server: none
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: client: ssh-rsa,ssh-dss
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: Disconnecting from "FTP ADRESS" port 22
I got this error what i tried to fix. I cannot access the SFTP server to download or update any file or etc...
I can connect the server by FileZilla, but I cannot make it by Java.
Connection Code:
JSch jsch = new JSch();
Properties config = new Properties();
config.put("cipher.s2c",
"aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc");
config.put("cipher.c2s",
"aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc");
config.put("kex", "diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256");
Session jschSession = jsch.getSession("username","server",22);
jschSession.setConfig("StrictHostKeyChecking", "no");
jschSession.setPassword("password");
jschSession.setConfig(config);
jschSession.connect();
When I added
config.put("cipher.s2c",
"aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc");
the logs are like this
INFO: Connecting to ftp.servername port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-Maverick_SSHD
INFO: Local version string: SSH-2.0-JSCH-0.1.53
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: aes256-ctr is not available.
INFO: aes192-ctr is not available.
INFO: aes256-cbc is not available.
INFO: aes192-cbc is not available.
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO: diffie-hellman-group14-sha1 is not available.
INFO: ecdh-sha2-nistp256 is not available.
INFO: ecdh-sha2-nistp384 is not available.
INFO: ecdh-sha2-nistp521 is not available.
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: ecdsa-sha2-nistp256 is not available.
INFO: ecdsa-sha2-nistp384 is not available.
INFO: ecdsa-sha2-nistp521 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
INFO: kex: server: ssh-rsa
INFO: kex: server: aes256-cbc,aes192-cbc
INFO: kex: server: aes256-cbc,aes192-cbc
INFO: kex: server: hmac-sha1,hmac-sha1-96
INFO: kex: server: hmac-sha1,hmac-sha1-96
INFO: kex: server: none
INFO: kex: server: none
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256
INFO: kex: client: ssh-rsa,ssh-dss
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: Disconnecting from ftp.servername port 22
com.jcraft.jsch.JSchException: Algorithm negotiation fail
As you can see, the server offers these ciphers:
INFO: kex: server: aes256-cbc,aes192-cbc
But JSch accepts only these:
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
There's no common cipher to choose from.
Note that JSch does support both aes256-cbc and aes192-cbc, but requires JCE (Java Cryptography Extension) to allow them.
You probably do not have JCE, so these ciphers are not available. That's why there's
INFO: aes256-cbc is not available.
Download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 (or other version if not using JDK 1.8).
See also an answer to The cipher 'aes256-cbc' is required, but it is not available.