2

我想使用 JSch 构建一个远程程序来远程 CISCO 设备。但我现在面临一个问题,无法打开与 session.connect() 的连接。从日志中它说我的 RSA 必须有 512 长。但我不知道怎么做。我在网上找到了很多例子。但我仍然找不到任何参考。有人可以帮我吗?

下面是我的代码

public static boolean registerKeyPair(JSch jSch) {             
    new File("c:\\hehe" + "/.ssh").mkdirs();

    File privateKey = new File("c:\\hehe" + "/.ssh/id_rsa");
    File publicKey = new File("c:\\hehe" + "/.ssh/id_rsa.pub");
    if (!privateKey.exists() || !publicKey.exists()) {          
        try {

            KeyPair keyPair = KeyPair.genKeyPair(jSch, KeyPair.RSA,512);
            //KeyPair.
            keyPair.writePrivateKey(privateKey.getAbsolutePath());
            keyPair.writePublicKey(publicKey.getAbsolutePath(), "hehekey");
            return true;
        } catch (JSchException e) {
            System.out.println("genKeyPair(RSA)");
            e.printStackTrace();
        } catch (FileNotFoundException e) {
            System.out.println("genKeyPair(RSA)");
            e.printStackTrace();
        } catch (IOException e) {
            System.out.println("genKeyPair(RSA)");
            e.printStackTrace();
        }
        return false;           
    }       

    try {
        jSch.addIdentity(privateKey.getAbsolutePath());
        return true;
    } catch (JSchException e) {
        System.out.println("jSch.addIdentity");
        e.printStackTrace();
        return false;           
    }

}
public static void test() {
    JSch jsch = new JSch();
    JSch.setLogger(new Logger() {
        public boolean isEnabled(int i) {
            return true;
        }
        public void log(int i, String s) {
            System.out.println("Log(jsch," + i + "): " + s);
        }});
    registerKeyPair(jsch);
    String privateKey = "c:\\hehe" + "/.ssh/id_rsa";
    @SuppressWarnings("unused")
    String publicKey = "c:\\hehe" + "/.ssh/id_rsa.pub";
    try {

        Session session = jsch.getSession("cisco", "10.20.30.129", 22);

        jsch.addIdentity(privateKey,"cisco");


        java.util.Properties config = new java.util.Properties();
        config.put("StrictHostKeyChecking", "no");
        session.setConfig(config);

        session.connect(30000);

        System.out.println("A4");
        ChannelShell channel = (ChannelShell) session.openChannel("shell");
        System.out.println("A5");


        System.out.println("A6");
        channel.connect();
    } catch (JSchException ex) {
        System.out.println(ex.getMessage() + "\n");
        ex.printStackTrace();
    } catch (Exception e) {

    }
}

控制台输出如下

Log(jsch,1): Connecting to 172.22.96.129 port 22
Log(jsch,1): Connection established
Log(jsch,1): Remote version string: SSH-2.0-Cisco-1.25
Log(jsch,1): Local version string: SSH-2.0-JSCH-0.1.47
Log(jsch,1): CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
Log(jsch,1): aes256-ctr is not available.
Log(jsch,1): aes192-ctr is not available.
Log(jsch,1): aes256-cbc is not available.
Log(jsch,1): aes192-cbc is not available.
Log(jsch,1): arcfour256 is not available.
Log(jsch,1): CheckKexes: diffie-hellman-group14-sha1
Log(jsch,1): diffie-hellman-group14-sha1 is not available.
Log(jsch,1): SSH_MSG_KEXINIT sent
Log(jsch,1): SSH_MSG_KEXINIT received
Log(jsch,1): kex: server: diffie-hellman-group1-sha1
Log(jsch,1): kex: server: ssh-rsa
Log(jsch,1): kex: server: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
Log(jsch,1): kex: server: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
Log(jsch,1): kex: server: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
Log(jsch,1): kex: server: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
Log(jsch,1): kex: server: none
Log(jsch,1): kex: server: none
Log(jsch,1): kex: server: 
Log(jsch,1): kex: server: 
Log(jsch,1): kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
Log(jsch,1): kex: client: ssh-rsa,ssh-dss
Log(jsch,1): kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
Log(jsch,1): kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
Log(jsch,1): kex: client: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
Log(jsch,1): kex: client: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
Log(jsch,1): kex: client: none
Log(jsch,1): kex: client: none
Log(jsch,1): kex: client: 
Log(jsch,1): kex: client: 
Log(jsch,1): kex: server->client aes128-cbc hmac-md5 none
Log(jsch,1): kex: client->server aes128-cbc hmac-md5 none
Log(jsch,1): SSH_MSG_KEXDH_INIT sent
Log(jsch,1): expecting SSH_MSG_KEXDH_REPLY
Log(jsch,1): Disconnecting from 10.20.30.129 port 22
Session.connect: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: RSA keys must be at least 512 bits long

com.jcraft.jsch.JSchException: Session.connect: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: RSA keys must be at least 512 bits long
    at com.jcraft.jsch.Session.connect(Session.java:525)
    at jsch_test.test(jsch_test.java:82)
    at jsch_test.main(jsch_test.java:11)
4

1 回答 1

0

您必须在客户端和 CISCO 端创建大于 512 位的密钥

客户端:

ssh-keygen -b 1024

思科方面:

crypto key generate rsa general-keys label SSH-KEYS exportable modulus 1024
ip ssh rsa keypair-name SSH-KEYS
于 2019-06-06T11:43:51.330 回答