问题描述
说明:
尝试将请求发送到尝试访问Netopeer2服务器的应用程序,但是出现问题并且密钥交换失败。有一些解决方案,如何在/etc/ssh/sshd_config的服务器端进行配置,但是我们希望它在应用程序中的客户端。
该应用程序使用Apache MINA SSHD建立连接(GitHub)。默认情况下,某些算法是禁用的。我们希望在下面的该Main类中使它们能够与服务器交换rsa-sha2-512,rsa-sha2-256。关于如何使用Apache MINA SSHD做到这一点的任何想法?
完整的错误消息为:
java.lang.IllegalStateException: Unable to negotiate key exchange for server host key algorithms
(client: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss /
server: rsa-sha2-512,rsa-sha2-256)
import org.apache.sshd.client.SshClient;
import org.apache.sshd.client.session.ClientSession;
import java.io.IOException;
public class Main{
public static void main(String[] args) {
SshClient client = SshClient.setUpDefaultClient();
client.start();
try {
ClientSession session = client.connect("root","172.17.0.2",830).verify(10000).getSession();
session.addPasswordIdentity("root");
session.auth().verify(9999);
// error 'Unable to negotiate key exchange for server host key algorithms' is thrown
}
catch (IOException e){
e.printstacktrace();
}
}
}
解决方法
我也没有解决我自己的问题,但我和你在同一个区域。但对我来说,查看 SSHD 日志,我想我看到客户端提供 rsa_sha2_512 并且(一个)服务器拒绝并丢弃连接请求。
这是一个小 Scala 片段,它对我没有任何改变。如果你不设置它,我认为这就是你得到的;每个默认工厂(我找到的)。
import org.apache.sshd.common.kex.{BuiltinDHFactories,KeyExchangeFactory}
val kexList: util.List[KeyExchangeFactory] = {
val kex = List(
BuiltinDHFactories.dhg1,BuiltinDHFactories.dhg14,BuiltinDHFactories.dhgex,BuiltinDHFactories.dhg14_256,BuiltinDHFactories.dhg15_512,BuiltinDHFactories.dhg16_512,BuiltinDHFactories.dhg17_512,BuiltinDHFactories.dhg18_512,BuiltinDHFactories.dhgex256,BuiltinDHFactories.ecdhp256,BuiltinDHFactories.ecdhp384,BuiltinDHFactories.ecdhp521)
val dh2kex = kex.map(k => ClientBuilder.DH2KEX(k))
dh2kex.asJava
}
session.setKeyExchangeFactories(kexList)
或者在 Java 中:
List<KeyExchangeFactory> kexList =
BuiltinDHFactories.VALUES.stream().map(ClientBuilder.DH2KEX).collect(Collectors.toList());
下面应该可以解决问题。
client.setKeyExchangeFactories(NamedFactory.setUpTransformedFactories(
false,BuiltinDHFactories.VALUES,ClientBuilder.DH2KEX
));
client.setSignatureFactories(new ArrayList<>(BuiltinSignatures.VALUES))
用于腻子支撑
https://github.com/apache/mina-sshd/blob/master/docs/files-parsing.md
只需添加以下内容
<dependency>
<groupId>org.apache.sshd</groupId>
<artifactId>sshd-common</artifactId>
<version>...same version as the rest of the artifacts...</version>
</dependency>
<dependency>
<groupId>org.apache.sshd</groupId>
<artifactId>sshd-putty</artifactId>
<version>...same version as the rest of the artifacts...</version>
</dependency>