小贝子编程

JSch 0.1.53 session.connect() 抛出"End of IO Stream Read"



我下载了一个新的JSch 0.1.53库,JSch(sftp)下载任务不再工作。此版本在session.connect()函数上失败,引发错误Session.connect: java.io.IOException: End of IO Stream Read

我的旧jsch.jar(2011-10-06)在同一台主机上运行良好,也许我缺少了一个新的配置道具?

Session session=null;
ChannelSftp channel=null;
try {
    JSch.setLogger(SSHUtil.createJschLogger());
    JSch jsch=new JSch();
    session=jsch.getSession("myuser", "11.22.33.44", 22);
    session.setConfig("StrictHostKeyChecking", "no"); 
    session.setPassword("mypwd");
    session.connect(2000); // <-- FAILS HERE
    channel = (ChannelSftp)session.openChannel("sftp");
    channel.connect(2000);
    ...

这是一个广泛的JSch日志记录,表明发生了什么

INFO : Connecting to 11.22.33.44 port 22
INFO : Connection established
INFO : Remote version string: SSH-2.0-OpenSSH_6.6.1
INFO : Local version string: SSH-2.0-JSCH-0.1.53
INFO : CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO : aes256-ctr is not available.
INFO : aes192-ctr is not available.
INFO : aes256-cbc is not available.
INFO : aes192-cbc is not available.
INFO : CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO : diffie-hellman-group14-sha1 is not available.
INFO : ecdh-sha2-nistp256 is not available.
INFO : ecdh-sha2-nistp384 is not available.
INFO : ecdh-sha2-nistp521 is not available.
INFO : CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO : ecdsa-sha2-nistp256 is not available.
INFO : ecdsa-sha2-nistp384 is not available.
INFO : ecdsa-sha2-nistp521 is not available.
INFO : SSH_MSG_KEXINIT sent
INFO : SSH_MSG_KEXINIT received
INFO : kex: server: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
INFO : kex: server: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
INFO : kex: server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
INFO : kex: server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
INFO : kex: server: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
INFO : kex: server: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
INFO : kex: server: none,zlib@openssh.com
INFO : kex: server: none,zlib@openssh.com
INFO : kex: server:
INFO : kex: server:
INFO : kex: client: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO : kex: client: ssh-rsa,ssh-dss
INFO : kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO : kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO : kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO : kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO : kex: client: none
INFO : kex: client: none
INFO : kex: client:
INFO : kex: client:
INFO : kex: server->client aes128-ctr hmac-md5 none
INFO : kex: client->server aes128-ctr hmac-md5 none
INFO : SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent
INFO : expecting SSH_MSG_KEX_DH_GEX_GROUP
INFO : Disconnecting from 11.22.33.44 port 22
Exception in thread "main" com.jcraft.jsch.JSchException: Session.connect: java.io.IOException: End of IO Stream Read
        at com.jcraft.jsch.Session.connect(Session.java:558)
        at com.jcraft.jsch.Session.connect(Session.java:183)
        at my.test.DownloadSFTP.main(DownloadSFTP.java:37)
Caused by: java.io.IOException: End of IO Stream Read
        at com.jcraft.jsch.IO.getByte(IO.java:84)
        at com.jcraft.jsch.Session.read(Session.java:918)
        at com.jcraft.jsch.Session.connect(Session.java:323)

我还有一个非常旧的Jsch.jar(2011-10-06),下载任务运行良好,这是一个日志。我想升级的原因是传输文件的速度非常慢。新版本应该会让我读到的东西变得更好。

INFO : Connecting to 11.22.33.44 port 22
INFO : Connection established
INFO : Remote version string: SSH-2.0-OpenSSH_6.6.1
INFO : Local version string: SSH-2.0-JSCH-0.1.44
INFO : CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO : aes256-ctr is not available.
INFO : aes192-ctr is not available.
INFO : aes256-cbc is not available.
INFO : aes192-cbc is not available.
INFO : arcfour256 is not available.
INFO : SSH_MSG_KEXINIT sent
INFO : SSH_MSG_KEXINIT received
INFO : kex: server->client aes128-ctr hmac-md5 none
INFO : kex: client->server aes128-ctr hmac-md5 none
INFO : SSH_MSG_KEXDH_INIT sent
INFO : expecting SSH_MSG_KEXDH_REPLY
INFO : ssh_rsa_verify: signature true
WARN : Permanently added '11.22.33.44' (RSA) to the list of known hosts.
INFO : SSH_MSG_NEWKEYS sent
INFO : SSH_MSG_NEWKEYS received
INFO : SSH_MSG_SERVICE_REQUEST sent
INFO : SSH_MSG_SERVICE_ACCEPT received
INFO : Authentications that can continue: publickey,keyboard-interactive,password
INFO : Next authentication method: publickey
INFO : Authentications that can continue: keyboard-interactive,password
INFO : Next authentication method: keyboard-interactive
INFO : Authentication succeeded (keyboard-interactive).
INFO : Disconnecting from 11.22.33.44 port 22
INFO : Caught an exception, leaving main loop due to socket closed

编辑我有一个想法,在Maven存储库中对发布进行后台处理,但实际上这是一个非常新的版本,无法正常工作。以前的jsch-0.1.52.jar版本运行良好。我尝试联系库开发人员。

这是一个0.1.52版本的日志。

INFO : Connecting to 11.22.33.44 port 22
INFO : Connection established
INFO : Remote version string: SSH-2.0-OpenSSH_6.6.1
INFO : Local version string: SSH-2.0-JSCH-0.1.52
INFO : CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO : aes256-ctr is not available.
INFO : aes192-ctr is not available.
INFO : aes256-cbc is not available.
INFO : aes192-cbc is not available.
INFO : CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO : diffie-hellman-group14-sha1 is not available.
INFO : ecdh-sha2-nistp256 is not available.
INFO : ecdh-sha2-nistp384 is not available.
INFO : ecdh-sha2-nistp521 is not available.
INFO : CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO : ecdsa-sha2-nistp256 is not available.
INFO : ecdsa-sha2-nistp384 is not available.
INFO : ecdsa-sha2-nistp521 is not available.
INFO : SSH_MSG_KEXINIT sent
INFO : SSH_MSG_KEXINIT received
INFO : kex: server: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
INFO : kex: server: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
INFO : kex: server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
INFO : kex: server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
INFO : kex: server: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
INFO : kex: server: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
INFO : kex: server: none,zlib@openssh.com
INFO : kex: server: none,zlib@openssh.com
INFO : kex: server:
INFO : kex: server:
INFO : kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256
INFO : kex: client: ssh-rsa,ssh-dss
INFO : kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO : kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO : kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO : kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO : kex: client: none
INFO : kex: client: none
INFO : kex: client:
INFO : kex: client:
INFO : kex: server->client aes128-ctr hmac-md5 none
INFO : kex: client->server aes128-ctr hmac-md5 none
INFO : SSH_MSG_KEXDH_INIT sent
INFO : expecting SSH_MSG_KEXDH_REPLY
INFO : ssh_rsa_verify: signature true
WARN : Permanently added '11.22.33.44' (RSA) to the list of known hosts.
INFO : SSH_MSG_NEWKEYS sent
INFO : SSH_MSG_NEWKEYS received
INFO : SSH_MSG_SERVICE_REQUEST sent
INFO : SSH_MSG_SERVICE_ACCEPT received
INFO : Authentications that can continue: publickey,keyboard-interactive,password
INFO : Next authentication method: publickey
INFO : Authentications that can continue: keyboard-interactive,password
INFO : Next authentication method: keyboard-interactive
INFO : Authentication succeeded (keyboard-interactive).

JSch 0.1.53支持(并且更喜欢)diffie-hellman-group-exchange-sha256 KEX,服务器声称也支持,所以JSch尝试使用它。

出于某种原因,服务器随后会断开您的连接。

要解决此问题,请强制JSch使用diffie-hellman-group1-sha1 KEX,这是JSch 0.1.52更喜欢的:

session.setConfig("kex", "diffie-hellman-group1-sha1");

我遇到了同样的问题,我刚刚将jsch版本更改为0.1.54,并解决了

将其添加到您的pom.xml

<dependency>
   <groupId>com.jcraft</groupId>
   <artifactId>jsch</artifactId>
   <version>0.1.54</version>
</dependency>

在尝试了许多解决方案后,下面解决了我的问题

  • 在文本编辑器中打开ssh服务器的sshd_config,并添加以下内容文件末尾的行:

    KexAlgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

  • 编辑文件后,请确保重新启动ssh服务

信息:SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024)发送

表示您的最大密钥长度为1024因为它在https://github.com/is/jsch/blob/addb8e3a0ebd71cbbf51cf6ba746e8e128df713c/src/main/java/com/jcraft/jsch/DHGEX.java#L240

服务器预计密钥长度可能为2048或更大。因此断开连接。

1) 将服务器上的最小密钥长度减少到1024或

2) 禁用diffie-hellman-group-export-sha1https://github.com/is/jsch/blob/addb8e3a0ebd71cbbf51cf6ba746e8e128df713c/src/main/java/com/jcraft/jsch/JSch.java#L60

3) 尝试:https://search.maven.org/artifact/com.github.mwiede/jsch

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium