6

我正在尝试通过我的 Java 代码建立 SSH 连接,但遇到异常。我通过 Putty/Winscp 工具测试了我的连接,它工作正常。问题出在我的 Java 代码上...

SEVERE: The Transport Protocol thread failed
java.io.IOException: The socket is EOF
    at com.sshtools.j2ssh.transport.TransportProtocolInputStream.readBufferedData(Unknown Source)
    at com.sshtools.j2ssh.transport.TransportProtocolInputStream.readMessage(Unknown Source)
    at com.sshtools.j2ssh.transport.TransportProtocolCommon.readMessage(Unknown Source)
    at com.sshtools.j2ssh.transport.kex.DhGroup1Sha1.performClientExchange(Unknown Source)
    at com.sshtools.j2ssh.transport.TransportProtocolClient.performKeyExchange(Unknown Source)
    at com.sshtools.j2ssh.transport.TransportProtocolCommon.beginKeyExchange(Unknown Source)
    at com.sshtools.j2ssh.transport.TransportProtocolCommon.onMsgKexInit(Unknown Source)
    at com.sshtools.j2ssh.transport.TransportProtocolCommon.startBinaryPacketProtocol(Unknown Source)
    at com.sshtools.j2ssh.transport.TransportProtocolCommon.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

下面是我建立连接的一段Java代码

public class MySSHClient {

  static SshClient ssh = null;
  static SshConnectionProperties properties = null;
  SessionChannelClient session = null;

  private static void MySSHClient(String hostName, String userName, String passwd )
  {

    try
    {
      // Make a client connection
      ssh = new SshClient();
      properties = new SshConnectionProperties();
      properties.setHost("192.168.1.175");

      // Connect to the host
      ssh.connect(properties, new IgnoreHostKeyVerification());

      // Create a password authentication instance
      PasswordAuthenticationClient pwd = new PasswordAuthenticationClient();

      pwd.setUsername("root");
      pwd.setPassword("123456");

      // Try the authentication
      int result = ssh.authenticate(pwd);

      // Evaluate the result
      if (result==AuthenticationProtocolState.COMPLETE) {

        System.out.println("Connection Authenticated");
      }
    }
    catch(Exception e)
    {
      System.out.println("Exception : " + e.getMessage());
    }

  }//end of method.


  public String execCmd(String cmd)
  {
    String theOutput = "";
    try
    {
      // The connection is authenticated we can now do some real work!
      session = ssh.openSessionChannel();

      if ( session.executeCommand(cmd) )
      {
        IOStreamConnector output = new IOStreamConnector();
        java.io.ByteArrayOutputStream bos =  new
        java.io.ByteArrayOutputStream();
        output.connect(session.getInputStream(), bos );
        session.getState().waitForState(ChannelState.CHANNEL_CLOSED);
        theOutput = bos.toString();
      }
      //else
      //throw Exception("Failed to execute command : " + cmd);
      //System.out.println("Failed to execute command : " + cmd);
    }
    catch(Exception e)
    {
      System.out.println("Exception : " + e.getMessage());
    }

    return theOutput;
  }

  public static void main(String[] args){
      MySSHClient(null, null, null);
    }
4

4 回答 4

14

动机

我在调查有问题的错误时偶然发现了这个问题和答案java.io.IOException: The socket is EOF。因为在我的情况下无法立即更改代码以使用其他一些 SSH Java 库,并且@a3.14_Infinity 的说明对我来说不够详细,所以我想补充一下我的看法。

java.io.IOException:套接字是 EOF - 为什么?

因为这个异常不是很有帮助,所以我首先尝试了Wireshark以查看网络上发生了什么,但无济于事。所以我将sshd_config(OpenSSH 6.9)配置为登录级别,并在我的测试机器DEBUG3的文件中得到了答案。/var/log/auth.log它在尝试与 SSH 客户端(Java SSH 库)协商密钥交换算法时出现致命错误。

由于 SSH 服务器和客户端无法就相互密钥交换算法达成一致,OpenSSH 服务器终止与客户端的连接。因此,Java SSH 库代码会引发异常。

但为什么会发生呢?

( sshtools.j2sshsshtools : j2ssh-core : 0.2.9 ) 库代码非常陈旧并且已停产。从OpenSSH 6.7(2014 年 10 月发布)开始,默认密码和 MAC 已更改,以删除包含blowfish-cbc密码的不安全算法。OpenSSH 6.9 (2015年6 月发布)diffie-hellman-group1-sha1默认禁用1024 位密钥交换支持。

当您仍然使用史前 SSH 工具j2ssh库(上帝保佑)连接到较新的 OpenSSH 服务器时,您将收到所描述的错误。库代码仅向diffie-hellman-group1-sha1OpenSSH 服务器提供默认不支持的密钥交换算法。因此,无法建立安全连接。

无法更改代码?

如果不能立即迁移到另一个 Java SSH 库(我的情况),那么您可以在 OpenSSH 的服务器配置文件中重新启用禁用的diffie-hellman-group1-sha1密钥交换算法sshd_config。比如像这样。

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,blowfish-cbc

KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1

但让我明确一点。diffie-hellman-group1-sha1密钥交换算法和密码blowfish-cbc默认关闭,因为它们不安全。重新启用它们应该只是一种临时措施,直到您可以替换这个过时的 Java SSH 库。

最后,我想指出,其他答案中建议的Java Secure Channel (JSch)库已停止使用。因此,您可能需要考虑sshj甚至ssh2j-maverick

编辑:我错了Java 安全通道JSch库还活着(JSCH 0.1.54 于 2016 年9 月 3 日在 MavenCentral 上发布),当然值得您考虑。或者,您可能还想考虑sshjssh2j-maverick

附录:迁移

为了尽量减少sshtools.j2ssh( sshtools : j2ssh-core : 0.2.9 ) 库的迁移工作,我查看了来自SSHTOOLS(版本 1.7.1)的商业遗留 SSH 客户端库。这允许保留现有的库集成代码,只需对库 API 和异常处理进行少量更改。因此,如果您不想从头开始重新启动,那么硬着头皮坚持使用 SSHTOOLS 可能是您的最佳选择。最后,为了衡量迁移工作,我首先用 SSHTOOLS 的开源库ssh2j-maverick替换了该库,该库几乎具有与其最新商业版本(版本 1.7.1)相同的 API。

于 2016-04-25T21:21:07.290 回答
1
于 2016-02-10T05:24:45.273 回答
1

以下示例代码可能会对您有所帮助,

import java.io.InputStream;
import org.apache.commons.io.IOUtils;


import com.jcraft.jsch.Channel;
import com.jcraft.jsch.ChannelExec;
import com.jcraft.jsch.JSch;
import com.jcraft.jsch.Session;


public class SSHClient {

    /**
     * Constant EXCUTE_CHANNEL
     */
    public static final String EXCUTE_CHANNEL = "exec";

    /**
     * Constant STRICT_KEY_CHECKING
     */
    public static final String STRICT_KEY_CHECKING = "StrictHostKeyChecking";


    /** Name/ip of the remote machine/device **/ 
    private String host;
    private String userName;
    private String password;

    /**
     * This method used to initilze user and host
     * 
     * @param userName
     * @param password
     * @param host
     */
    public SSHClient(String userName,String password, String host) {
        super();
        this.userName = userName;
        this.password = password;
        this.host = host;
    }

    /**
     * This method used to execute commands remotly by using SSHV2
     * 
     * @param host
     * @param username
     * @param password
     * @param command
     * @return
     */
    public String executeCommand(String command) { 
        StringBuilder log = new StringBuilder();
        String response = null;
        Channel channel = null;
        Session session = null;

        try {
            JSch jsch = new JSch();
            JSch.setConfig(STRICT_KEY_CHECKING, Constants.NO);

            session = jsch.getSession(userName, host, 22);


            // If two machines have SSH passwordless logins setup, the following
            // line is not needed:
            session.setPassword(password);
            session.connect();

            channel = session.openChannel(EXCUTE_CHANNEL);
            ((ChannelExec) channel).setCommand(command);

            // channel.setInputStream(System.in);
            channel.setInputStream(null);

            ((ChannelExec) channel).setErrStream(System.err);

            InputStream in = channel.getInputStream();

            channel.connect();

            response = IOUtils.toString(in);

        } catch (Exception ex) {
                //handle exception
        } finally {
            try {
                if (session != null) {
                    session.disconnect();
                }
            } catch (Exception ex) {
                //handle exception
            }
            try {
                if (channel != null) {
                    channel.disconnect();
                }
            } catch (Exception ex) {
                //handle exception
            }

        }
        System.ou.println( "Response received :"+  response));
        return response;
    }
}
于 2016-02-10T05:36:25.430 回答
0

这是从一些谷歌来源重用的工作代码 -

import ch.ethz.ssh2.Connection;
import ch.ethz.ssh2.StreamGobbler;

Connection conn = new Connection(server);
conn.connect();
boolean isAuthenticated = conn.authenticateWithPassword(user_id, password);

System.out.println("Is server - " + server + " Authenticated? " + isAuthenticated);

if (isAuthenticated == false)
    throw new IOException("Authentication failed.");

ch.ethz.ssh2.Session sess = conn.openSession();
String new_commands = "";

for (int i = 0; i < commands.size(); i++) {
    new_commands = new_commands + commands.get(i) + "\n";
}

System.out.println("The command executed is: " + new_commands);

sess.requestDumbPTY();
sess.execCommand(new_commands);
InputStream stdout = new StreamGobbler(sess.getStdout());
BufferedReader br = new BufferedReader(new InputStreamReader(stdout));
InputStream errStrm = new StreamGobbler(sess.getStderr());
BufferedReader stderrRdr = new BufferedReader(new InputStreamReader(errStrm));
sess.getStdin().write("EXIT\n".getBytes());

System.out.println("the output of the command is");

while (true) {
    String line_out = br.readLine();
    if (line_out == null) {
        break;
    } else {
        System.out.println(line_out);
        output_logs.add(line_out);
    }
}

while (true) {
    String line_error = stderrRdr.readLine();
    if (line_error == null) {
        break;
    } else {
        System.out.println(line_error);
        output_logs.add(line_error);
    }
}

output_logs.add("Exit Code:" + sess.getExitStatus());
System.out.println("ExitCode: " + sess.getExitSignal());

sess.close();
conn.close();
于 2019-11-04T19:33:53.617 回答