我正在尝试使用 Java 安全通道 (JSCh) 建立 SFTP 连接。我的软件堆栈是 Red Hat Enterprise Server 5.0、JRE 6.0 和 JSch v0.1.44。主要的服务器软件堆栈(我正在尝试连接)是 Windows Server 2008 和最新版本的 GlobalScape。当试图连接到它时,我得到一个
com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:529)
at com.jcraft.jsch.Session.connect(Session.java:291)
启用 JSch 日志记录我得到以下相同的连接:
0000001d SystemErr R INFO: Connecting to xxx.xxx.xxx.157 port 22
0000001d SystemErr R INFO: Connection established
0000001d SystemErr R INFO: Remote version string: SSH-2.0-1.36_sshlib GlobalSCAPE
0000001d SystemErr R INFO: Local version string: SSH-2.0-JSCH-0.1.44
0000001d SystemErr R INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256- cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
0000001d SystemErr R INFO: aes256-ctr is not available.
0000001d SystemErr R INFO: aes192-ctr is not available.
0000001d SystemErr R INFO: aes256-cbc is not available.
0000001d SystemErr R INFO: aes192-cbc is not available.
0000001d SystemErr R INFO: arcfour256 is not available.
0000001d SystemErr R INFO: SSH_MSG_KEXINIT sent
0000001d SystemErr R INFO: SSH_MSG_KEXINIT received
0000001d SystemErr R INFO: Disconnecting from xxx.xxx.xxx.157 port 22
因此,从外观上看,我正在连接到服务器,实际上我可以发送和接收 msg,但是当客户端尝试匹配服务器 msg 提议和客户端 msg 提议时,它会引发异常。
现在将其与使用以前的 GlobalScape 软件和 Windows Server 2003 成功连接到服务器的 JSch 日志进行比较:
0000001e SystemErr R INFO: Connecting to xxx.xxx.xxx.156 port 22
0000001e SystemErr R INFO: Connection established
0000001e SystemErr R INFO: Remote version string: SSH-2.0-1.36 sshlib: GlobalScape
0000001e SystemErr R INFO: Local version string: SSH-2.0-JSCH-0.1.44
0000001e SystemErr R INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
0000001e SystemErr R INFO: aes256-ctr is not available.
0000001e SystemErr R INFO: aes192-ctr is not available.
0000001e SystemErr R INFO: aes256-cbc is not available.
0000001e SystemErr R INFO: aes192-cbc is not available.
0000001e SystemErr R INFO: arcfour256 is not available.
0000001e SystemErr R INFO: SSH_MSG_KEXINIT sent
0000001e SystemErr R INFO: SSH_MSG_KEXINIT received
0000001e SystemErr R INFO: kex: server->client aes128-cbc hmac-md5 none
0000001e SystemErr R INFO: kex: client->server aes128-cbc hmac-md5 none
0000001e SystemErr R INFO: SSH_MSG_KEXDH_INIT sent
0000001e SystemErr R INFO: expecting SSH_MSG_KEXDH_REPLY
0000001e SystemErr R INFO: ssh_dss_verify: signature true
0000001e SystemErr R WARN: Permanently added 'xxx.xxx.xxx.156' (DSA) to the list of known hosts.
0000001e SystemErr R INFO: SSH_MSG_NEWKEYS sent
0000001e SystemErr R INFO: SSH_MSG_NEWKEYS received
0000001e SystemErr R INFO: SSH_MSG_SERVICE_REQUEST sent
0000001e SystemErr R INFO: SSH_MSG_SERVICE_ACCEPT received
0000001e SystemErr R INFO: Authentications that can continue: publickey,keyboard-inteactive,password
0000001e SystemErr R INFO: Next authentication method: publickey
0000001e SystemErr R INFO: Authentications that can continue: password
0000001e SystemErr R INFO: Next authentication method: password
0000001e SystemErr R INFO: Authentication succeeded (password).
所以它再次能够连接并能够交换 SSH_MSG_KEXINIT,但是这里客户端和服务器建议匹配并且没有抛出异常
sftp 安全使用公钥/私钥和用户名/密码。
我可以使用 WinSCP、Filezilla 和 linux 命令行(从 java 应用程序运行的同一台服务器)连接到它。
我与 SFTP 服务器的一位系统管理员交谈,我们尝试使用用户名/密码,我得到了相同的异常和日志。
系统管理员告诉我,两台服务器的区别在于 GlobalScape 版本,现在是 Microsoft 2008 Server。
所以有人对如何解决这个问题有任何想法吗?
提前谢谢了!