我有这个简单的Java程序,它使用Jsch连接到SFTP服务器.
连接失败,Java 1.4.2上出现"Auth fail"异常,但它在Java 1.7上完美连接.
try {
JSch jsch = new JSch();
jsch.setKnownHosts(KNOWN_HOSTS_PATH);
jsch.addIdentity(PRIVATE_KEY_PATH, PASSPHRASE);
Session session = jsch.getSession(USERNAME, HOSTNAME, 22);
session.connect(2500);
Channel channel = session.openChannel("shell");
channel.setInputStream(System. in );
channel.setOutputStream(System.out);
channel.connect();
} catch (Exception e) {
e.printStackTrace(System.err);
}
我正在使用的ssh-rsa 4096密钥有点关键.该.pub密钥文件存在于同一目录中的私钥.
连接记录器时,我会在异常(发生channel.connect();)之前看到以下消息:
INFO: Connecting to <redacted> port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-OpenSSH_5.1p1 Debian-5
INFO: Local version string: SSH-2.0-JSCH-0.1.42
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: arcfour is not available.
INFO: arcfour128 is not available.
INFO: arcfour256 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server->client aes128-ctr hmac-md5 none
INFO: kex: client->server aes128-ctr hmac-md5 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: ssh_rsa_verify: signature true
INFO: Host '<redacted>' is known and mathces the RSA host key
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: SSH_MSG_SERVICE_ACCEPT received
INFO: Authentications that can continue: publickey,keyboard-interactive,password
INFO: Next authentication method: publickey
INFO: Authentications that can continue: password
INFO: Next authentication method: password
INFO: Disconnecting from <redacted> port 22
com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:452)
at TestJsch.main(TestJsch.java:19)
当我用Java 1.7运行相同的程序时,它说
INFO: Connecting to <redacted> port 22 INFO: Connection established INFO: Remote version string: SSH-2.0-OpenSSH_5.1p1 Debian-5 INFO: Local version string: SSH-2.0-JSCH-0.1.42 INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 INFO: SSH_MSG_KEXINIT sent INFO: SSH_MSG_KEXINIT received INFO: kex: server->client aes128-ctr hmac-md5 none INFO: kex: client->server aes128-ctr hmac-md5 none INFO: SSH_MSG_KEXDH_INIT sent INFO: expecting SSH_MSG_KEXDH_REPLY INFO: ssh_rsa_verify: signature true INFO: Host '<redacted>' is known and mathces the RSA host key INFO: SSH_MSG_NEWKEYS sent INFO: SSH_MSG_NEWKEYS received INFO: SSH_MSG_SERVICE_REQUEST sent INFO: SSH_MSG_SERVICE_ACCEPT receivedINFO: Authentications that can continue: publickey,keyboard-interactive,password INFO: Next authentication method: publickey INFO: Authentication succeeded (publickey). Linux <redacted> 2.6.26-2-amd64 #1 SMP Mon Jun 13 16:29:33 UTC 2011 x86_64 <server welcome message follows>
我已经为1.4 VM安装了Java Cryptography Extensions(JCE).
可能是这个问题的根源是什么?
Java 在使用强加密算法方面存在限制。$JRE_HOME/lib/security/US_Export_policy.jar检查和的内容$JRE_HOME/lib/security/local_policy.jar。如果你发现这样的事情:
// File: default_local.policy
// Some countries have import limits on crypto strength.
// This policy file is worldwide importable.
grant {
permission javax.crypto.CryptoPermission "DES", 64;
permission javax.crypto.CryptoPermission "DESede", *;
permission javax.crypto.CryptoPermission "RC2", 128,
"javax.crypto.spec.RC2ParameterSpec", 128;
permission javax.crypto.CryptoPermission "RC4", 128;
permission javax.crypto.CryptoPermission "RC5", 128,
"javax.crypto.spec.RC5ParameterSpec", *, 12, *;
permission javax.crypto.CryptoPermission "RSA", 2048;
permission javax.crypto.CryptoPermission *, 128;
};
决定下载并安装 JCE 无限强度管辖权政策。以前在Sun的网站上有,现在不知道在哪里可以找到。
您可以在这篇文章中阅读更多内容
编辑:经过一些研究,我发现我的答案是不正确的。
Java 1.4 不支持长度超过 2048 字节的 RSA 密钥BUG 4524097
| 归档时间: |
|
| 查看次数: |
19424 次 |
| 最近记录: |