使用 JSch 和 GlobalScape 的 SFTP
我正在尝试使用 Java 安全通道 (JSCh) 建立 SFTP 连接。 我的软件堆栈是 Red Hat Enterprise Server 5.0、JRE 6.0 和 JSch v0.1.44。 主要的服务器软件堆栈(我尝试连接的)是 Windows Server 2008 和最新版本的 GlobalScape。 当尝试连接到它时,我得到一个
com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:529)
at com.jcraft.jsch.Session.connect(Session.java:291)
启用 JSch 日志记录,对于这个相同的连接,我得到以下信息:
0000001d SystemErr R INFO: Connecting to xxx.xxx.xxx.157 port 22
0000001d SystemErr R INFO: Connection established
0000001d SystemErr R INFO: Remote version string: SSH-2.0-1.36_sshlib GlobalSCAPE
0000001d SystemErr R INFO: Local version string: SSH-2.0-JSCH-0.1.44
0000001d SystemErr R INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256- cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
0000001d SystemErr R INFO: aes256-ctr is not available.
0000001d SystemErr R INFO: aes192-ctr is not available.
0000001d SystemErr R INFO: aes256-cbc is not available.
0000001d SystemErr R INFO: aes192-cbc is not available.
0000001d SystemErr R INFO: arcfour256 is not available.
0000001d SystemErr R INFO: SSH_MSG_KEXINIT sent
0000001d SystemErr R INFO: SSH_MSG_KEXINIT received
0000001d SystemErr R INFO: Disconnecting from xxx.xxx.xxx.157 port 22
因此,从它的外观来看,我正在连接到服务器,实际上我可以发送和接收消息,但是当客户端尝试匹配服务器消息提案和客户端消息提案,它会引发异常。
现在将其与使用以前的 GlobalScape 软件和 Windows Server 2003 成功连接到服务器的 JSch 日志进行比较:
0000001e SystemErr R INFO: Connecting to xxx.xxx.xxx.156 port 22
0000001e SystemErr R INFO: Connection established
0000001e SystemErr R INFO: Remote version string: SSH-2.0-1.36 sshlib: GlobalScape
0000001e SystemErr R INFO: Local version string: SSH-2.0-JSCH-0.1.44
0000001e SystemErr R INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
0000001e SystemErr R INFO: aes256-ctr is not available.
0000001e SystemErr R INFO: aes192-ctr is not available.
0000001e SystemErr R INFO: aes256-cbc is not available.
0000001e SystemErr R INFO: aes192-cbc is not available.
0000001e SystemErr R INFO: arcfour256 is not available.
0000001e SystemErr R INFO: SSH_MSG_KEXINIT sent
0000001e SystemErr R INFO: SSH_MSG_KEXINIT received
0000001e SystemErr R INFO: kex: server->client aes128-cbc hmac-md5 none
0000001e SystemErr R INFO: kex: client->server aes128-cbc hmac-md5 none
0000001e SystemErr R INFO: SSH_MSG_KEXDH_INIT sent
0000001e SystemErr R INFO: expecting SSH_MSG_KEXDH_REPLY
0000001e SystemErr R INFO: ssh_dss_verify: signature true
0000001e SystemErr R WARN: Permanently added 'xxx.xxx.xxx.156' (DSA) to the list of known hosts.
0000001e SystemErr R INFO: SSH_MSG_NEWKEYS sent
0000001e SystemErr R INFO: SSH_MSG_NEWKEYS received
0000001e SystemErr R INFO: SSH_MSG_SERVICE_REQUEST sent
0000001e SystemErr R INFO: SSH_MSG_SERVICE_ACCEPT received
0000001e SystemErr R INFO: Authentications that can continue: publickey,keyboard-inteactive,password
0000001e SystemErr R INFO: Next authentication method: publickey
0000001e SystemErr R INFO: Authentications that can continue: password
0000001e SystemErr R INFO: Next authentication method: password
0000001e SystemErr R INFO: Authentication succeeded (password).
因此,它再次能够连接并能够交换 SSH_MSG_KEXINIT,但这里客户端和服务器建议匹配,并且不会引发异常
sftp 安全性使用公钥/私钥和用户名/密码。
我可以使用 WinSCP、Filezilla 和 linux 命令行(从运行 java 应用程序的同一服务器)连接到它。
我与 SFTP 服务器的一位系统管理员进行了交谈,我们尝试使用用户名/密码,然后我得到相同的异常和日志。
系统管理员告诉我,两台服务器之间的区别是 GlobalScape 版本,现在是 Microsoft 2008 Server。
那么有人对如何解决这个问题有任何想法吗?
提前非常感谢!
I'm trying to establish a SFTP connection using Java secure chanel (JSCh).
My software stack is Red Hat Enterprise Server 5.0, JRE 6.0 and JSch v0.1.44.
The primarily server software stack (to which I'm trying to connect) is Windows Server 2008 and the latest version of GlobalScape.
When trying to connect to it I get a
com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:529)
at com.jcraft.jsch.Session.connect(Session.java:291)
Enabling JSch logging I get the following for this same connection:
0000001d SystemErr R INFO: Connecting to xxx.xxx.xxx.157 port 22
0000001d SystemErr R INFO: Connection established
0000001d SystemErr R INFO: Remote version string: SSH-2.0-1.36_sshlib GlobalSCAPE
0000001d SystemErr R INFO: Local version string: SSH-2.0-JSCH-0.1.44
0000001d SystemErr R INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256- cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
0000001d SystemErr R INFO: aes256-ctr is not available.
0000001d SystemErr R INFO: aes192-ctr is not available.
0000001d SystemErr R INFO: aes256-cbc is not available.
0000001d SystemErr R INFO: aes192-cbc is not available.
0000001d SystemErr R INFO: arcfour256 is not available.
0000001d SystemErr R INFO: SSH_MSG_KEXINIT sent
0000001d SystemErr R INFO: SSH_MSG_KEXINIT received
0000001d SystemErr R INFO: Disconnecting from xxx.xxx.xxx.157 port 22
So from the looks of it I'm connecting to the server and I actually can send and receive a msg, but when the client tries to match the server msg proposal and the client msg proposal it throws an exception.
Now comparing it with the JSch logs of a successful connection to a Server with a previous GlobalScape software and Windows Server 2003:
0000001e SystemErr R INFO: Connecting to xxx.xxx.xxx.156 port 22
0000001e SystemErr R INFO: Connection established
0000001e SystemErr R INFO: Remote version string: SSH-2.0-1.36 sshlib: GlobalScape
0000001e SystemErr R INFO: Local version string: SSH-2.0-JSCH-0.1.44
0000001e SystemErr R INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
0000001e SystemErr R INFO: aes256-ctr is not available.
0000001e SystemErr R INFO: aes192-ctr is not available.
0000001e SystemErr R INFO: aes256-cbc is not available.
0000001e SystemErr R INFO: aes192-cbc is not available.
0000001e SystemErr R INFO: arcfour256 is not available.
0000001e SystemErr R INFO: SSH_MSG_KEXINIT sent
0000001e SystemErr R INFO: SSH_MSG_KEXINIT received
0000001e SystemErr R INFO: kex: server->client aes128-cbc hmac-md5 none
0000001e SystemErr R INFO: kex: client->server aes128-cbc hmac-md5 none
0000001e SystemErr R INFO: SSH_MSG_KEXDH_INIT sent
0000001e SystemErr R INFO: expecting SSH_MSG_KEXDH_REPLY
0000001e SystemErr R INFO: ssh_dss_verify: signature true
0000001e SystemErr R WARN: Permanently added 'xxx.xxx.xxx.156' (DSA) to the list of known hosts.
0000001e SystemErr R INFO: SSH_MSG_NEWKEYS sent
0000001e SystemErr R INFO: SSH_MSG_NEWKEYS received
0000001e SystemErr R INFO: SSH_MSG_SERVICE_REQUEST sent
0000001e SystemErr R INFO: SSH_MSG_SERVICE_ACCEPT received
0000001e SystemErr R INFO: Authentications that can continue: publickey,keyboard-inteactive,password
0000001e SystemErr R INFO: Next authentication method: publickey
0000001e SystemErr R INFO: Authentications that can continue: password
0000001e SystemErr R INFO: Next authentication method: password
0000001e SystemErr R INFO: Authentication succeeded (password).
So once again it's able to connect and able to exchange SSH_MSG_KEXINIT, but here the client and server proposals match and no exception is thrown
The sftp security is using a public/private key and username/password.
I can connect to it using WinSCP, Filezilla and linux command line (from the same server the java application runs).
I spoke with one system administrator of the SFTP server and we tried using username/password and I get the same exception and logs.
The system administrator told me that the difference between both servers is the GlobalScape version and now being a Microsoft 2008 Server.
So anyone has any ideas on how to tackle this one?
Many thanks in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您遇到的问题与 globalscape 无关,它与所有启用的密码算法 SFTP 服务器有关。
每个 sftp 服务器都有一些他们同意的密码算法,因此如果您没有这些密码编码和算法,它就无法工作
密码算法
所有其他 SFTP 软件都有内置的密码算法,它们根据 sftp 服务器配置更改为最新的 256 位密码算法使用,并且您已全部设置
https://enterpriset.com/products/edtftpjssl/doc/manual/html/howtousesftpchoosingalgorithms.html
公钥算法
可以为 DSA 或 RSA 或两者设置用于服务器身份验证的首选公钥算法。例如,如果设置了 RSA,服务器将向客户端提供 RSA 公钥(当然,如果服务器支持 RSA 密钥 - 有些服务器不支持)。下面的代码说明了如何仅设置 RSA。它首先禁用所有密钥对算法,然后启用 RSA:
ftp.disableAllAlgorithms(SSHFTPAlgorithm.KEY_PAIR);
ftp.setAlgorithmEnabled(SSHFTPAlgorithm.KEY_RSA, true);
默认同时启用 DSA 和 RSA。
密码算法
密码算法是用于执行 SFTP 数据和命令加密的对称算法。下面的代码说明了如何将三重 DES 设置为密码算法(禁用所有其他算法):
ftp.disableAllAlgorithms(SSHFTPAlgorithm.CIPHER);
ftp.setAlgorithmEnabled(SSHFTPAlgorithm.CIPHER_3DES_CBC, true);
默认情况下启用所有密码算法。
The problem you are having is nothing to do with globalscape its all about all enabled cipher algorithms SFTP server.
Every sftp server has some cipher algorithms that they agree over so if you don't have those encodings and algorithms for cipher it doesnot work
cipher algorithms
All other SFTP softwares have inbuilt cipher algorithms which they use according to sftp server configuration chnage to latest 256 bit cipher algorithm and you are all set
https://enterprisedt.com/products/edtftpjssl/doc/manual/html/howtousesftpchoosingalgorithms.html
Public key algorithms
Either DSA or RSA or both can be set for the preferred public key algorithms for server authentication. If, for example, RSA is set, the server will present an RSA public key to the client (if the server supports RSA keys of course - some servers do not). The code below illustrates how to set RSA only. It first disables all keypair algorithms, then enables RSA:
ftp.disableAllAlgorithms(SSHFTPAlgorithm.KEY_PAIR);
ftp.setAlgorithmEnabled(SSHFTPAlgorithm.KEY_RSA, true);
The default is both DSA and RSA enabled.
Cipher algorithms
The cipher algorithms are the symmetric algorithms used to perform the encryption of the SFTP data and commands. The code below illustrates how to set triple DES as the cipher algorithm (disabling all others):
ftp.disableAllAlgorithms(SSHFTPAlgorithm.CIPHER);
ftp.setAlgorithmEnabled(SSHFTPAlgorithm.CIPHER_3DES_CBC, true);
The default is all cipher algorithms enabled.