我正在开发一个自定义SFTP客户端。客户端接收已知主机记录作为所需的服务器密钥。我的代码在使用ssh-rsa时工作得很好,但是在使用ssh-dss的情况下,Mina抛出了一个带有Unable to negotiate key exchange for server host key algorithms (client: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa / server: ssh-dss)消息的异常。官方文档(https://github.com/apache/mina-sshd)说Mina确实支持ssh-dss。
你会推荐一种方法如何使SshClient使用ssh-dss(类似于ssh配置中的PubkeyAcceptedKeyTypes=+ssh-dss)?
谢谢。
在NetconfSSHClient.java中,在调用SshClient.setUpDefaultClient()后添加以下内容
// add DSS
List<NamedFactory<Signature>> signatureFactories = client.getSignatureFactories();
List<BuiltinSignatures> signatures = new ArrayList<>();
signatures.add(BuiltinSignatures.dsa);
signatureFactories.addAll(NamedFactory.setUpBuiltinFactories(false, signatures));
client.setSignatureFactories(signatureFactories);
您还需要将匹配的include添加到文件的顶部:
import java.util.List;
import java.util.ArrayList;
import org.apache.sshd.common.signature.Signature;
import org.apache.sshd.common.signature.BuiltinSignatures;
可能有更简单的方法,但这是Mina-SSHD邮件列表告诉我的方法。
如果您还需要弃用的KEX或密码,则密码的处理过程类似,但KEX的处理过程略有不同:
// Get the current default list of key exchange factories
List<KeyExchangeFactory> keyExchangeFactories = client.getKeyExchangeFactories();
// Add the Diffie-Hellman-group1-sha1 key exchange factory
keyExchangeFactories.addAll(NamedFactory.setUpTransformedFactories(
false,
List.of(BuiltinDHFactories.dhg1),
ClientBuilder.DH2KEX
));
// Update the key exchange factories
client.setKeyExchangeFactories(keyExchangeFactories);