com.jcraft.jsch.JSchException:身份验证取消
我正在尝试编写一个 Ant 脚本来通过端口隧道检索 URL。
当我使用密码时(出于隐私考虑,名称 xxxx 被删除),它效果很好:
<project default="main">
<target name="main">
<sshsession host="xxxx"
username="xxxx"
password="xxxx">
<LocalTunnel lport="1080" rhost="xxxx" rport="80"/>
<sequential>
<get src="http://localhost:1080/xxxx" dest="/tmp/xxxx"/>
</sequential>
</sshsession>
</target>
</project>
但是当我使用密钥文件时,它不起作用,如下所示:
<sshsession host="xxxx"
username="xxxx"
keyfile="/Users/xxxx/.ssh/id_dsa"
passphrase="xxxx">
<LocalTunnel lport="1080" rhost="xxxx" rport="80"/>
<sequential>
<get src="http://localhost:1080/xxxx" dest="/tmp/xxxx"/>
</sequential>
</sshsession>
我收到此异常:
/tmp/build.xml:8: com.jcraft.jsch.JSchException: Auth cancel
at com.jcraft.jsch.Session.connect(Session.java:451)
at com.jcraft.jsch.Session.connect(Session.java:150)
at org.apache.tools.ant.taskdefs.optional.ssh.SSHBase.openSession(SSHBase.java:223)
- 我确定我使用的是正确的密钥文件(我尝试使用错误的名称,这会产生合法的 FileNotFoundException)。
- 我可以从命令行成功 ssh,而不会提示输入密码。
- 我确定我为密钥文件使用了正确的密码。
导致此错误的原因是什么?我该怎么办?
I'm trying to write an Ant script to retrieve an URL via port tunnelling.
It works great when I use a password (the names xxxx'd out for privacy):
<project default="main">
<target name="main">
<sshsession host="xxxx"
username="xxxx"
password="xxxx">
<LocalTunnel lport="1080" rhost="xxxx" rport="80"/>
<sequential>
<get src="http://localhost:1080/xxxx" dest="/tmp/xxxx"/>
</sequential>
</sshsession>
</target>
</project>
But it doesn't work when I use a keyfile, like this:
<sshsession host="xxxx"
username="xxxx"
keyfile="/Users/xxxx/.ssh/id_dsa"
passphrase="xxxx">
<LocalTunnel lport="1080" rhost="xxxx" rport="80"/>
<sequential>
<get src="http://localhost:1080/xxxx" dest="/tmp/xxxx"/>
</sequential>
</sshsession>
I get this exception:
/tmp/build.xml:8: com.jcraft.jsch.JSchException: Auth cancel
at com.jcraft.jsch.Session.connect(Session.java:451)
at com.jcraft.jsch.Session.connect(Session.java:150)
at org.apache.tools.ant.taskdefs.optional.ssh.SSHBase.openSession(SSHBase.java:223)
- I'm sure I'm using the correct keyfile (I've tried using the wrong name, which gives a legitimate FileNotFoundException).
- I can successfully ssh from the command line without being prompted for a password.
- I'm sure I'm using the correct passphrase for the keyfile.
What's the cause of this error and what can I do about it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
我调试了代码。这是失败的,因为我的私钥未通过身份验证; JSch 默默地退回到密码身份验证,该身份验证已被取消,因为我没有指定密码。
JSch 错误处理很糟糕。回溯您的步骤,重新生成(单独的)私钥文件,使用 ssh -i 来保证您使用的是正确的文件,并祈祷吧。
I debugged the code. This was failing because my private key was failing authentication; JSch silently fell back to password authentication, which was canceled, because I didn't specify a password.
JSch error handling sucks a lot. Retrace your steps, regenerate a (separate) private key file, use
ssh -ito guarantee you're using the right file, and keep your fingers crossed.要使
jsch连接正常工作,您必须指定known_hosts文件和包含私钥的文件的路径。这是使用setKnownHosts和addIdentity方法完成的。如果密钥有密码,您可以将其添加到
addIdentity参数列表中:请参阅 Javadocs
To get the
jschconnection to work, you must specify the paths to both theknown_hostsfile and to the file containing the private key. This is done using thesetKnownHostsandaddIdentitymethods.If the key has a passphrase, you can add it to the
addIdentityargument list:See Javadocs
我在使用 sshexec 任务时遇到了同样的问题。我也添加了密码短语属性,效果很好。为您的私钥创建一个密码并将其添加为任务中的属性。如果您在 Windows 上使用 puttygen 生成密钥,也不要忘记将您的私钥转换为开放 ssh 格式。
I had the same issue while using sshexec task. I added passphrase attibute too and it worked fine. create a passphrase for your private key and add this as a attribute in your task. Also don't forget to convert your private key to open ssh format if you generated the key using puttygen on windows.
现在有一个全新的 Jsch 分支出来了。异常处理更加全面。不再有吞咽或违约的情况。前往 https://github.com/vngx/vngx-jsch 进行查看。如果某些内容未按您预期的方式工作,请将其作为问题提出,或在我们积极维护它时发送拉取请求。我们还希望尽快将其添加到 Maven 中央存储库中。
There is a brand new fork of Jsch out now. The exception handling is far more comprehensive. No more swallowing or defaulting. Head over to https://github.com/vngx/vngx-jsch to check it out. If something doesn't work the way you expect, please raise it as an issue, or send a pull request as we are actively maintaining it. We are also looking to get it up on the maven central repos soon.
我今天有类似的问题。所以我想我也会分享我的解决方案。我遇到了同样的异常,但问题实际上是我的密码中有一个元音变音。选择新密码后,一切正常。
I had a similar Issue today. So i thought i will share my solution aswell. I got the same exception but the problem was in fact that i had a umlaut within my password. after choosing a new password without it everything worked fine.
由于某种原因,jsch 使用完全不同的身份验证方法。
TLDL;
创建 rsa-sha2-512 密钥(使用 PEM 格式)。
ssh-keygen -t rsa-sha2-512 -m PEM -T '' -f ~/.ssh/id_rsa-sha2-512如果您无法轻松更改密钥类型:
重新创建rsa 密钥(使用 PEM 格式)。
ssh-keygen -t rsa -m PEM -T '' -f ~/.ssh/id_rsa配置 ssh 服务器接受此方法。
sudo bash -c "echo 'PubkeyAcceptedAlgorithms +ssh-rsa' > /etc/ssh/sshd_config.d/ssh-rsa.conf"重新启动 sshd 服务器。
sudo systemctl restart sshd现在,它可以工作了!
PS:JSCH支持的类型有:ssh-rsa、ssh-dss、ecdca-sha2-nistp256、ecdca-sha2-nistp384、ecdca-sha2-nistp521
https://unix.stackexchange.com/questions/721606/ssh-server-gives-userauth-pubkey-密钥类型 ssh-rsa-not-in-pubkeyacceptedalgorit
For some reason, jsch use a quite different authentication method.
TLDL;
Create a rsa-sha2-512 key (using a PEM format).
ssh-keygen -t rsa-sha2-512 -m PEM -T '' -f ~/.ssh/id_rsa-sha2-512In cases where you cantt easily change key type:
recreate a rsa key (using a PEM format).
ssh-keygen -t rsa -m PEM -T '' -f ~/.ssh/id_rsaconfigure ssh server to accept this method.
sudo bash -c "echo 'PubkeyAcceptedAlgorithms +ssh-rsa' > /etc/ssh/sshd_config.d/ssh-rsa.conf"Restart sshd server.
sudo systemctl restart sshdnow, it works!
PS: JSCH supported types are: ssh-rsa, ssh-dss, ecdca-sha2-nistp256, ecdca-sha2-nistp384, ecdca-sha2-nistp521
https://unix.stackexchange.com/questions/721606/ssh-server-gives-userauth-pubkey-key-type-ssh-rsa-not-in-pubkeyacceptedalgorit