以前 JSch 0.1.48 工作正常,但最近它停止工作并抛出异常
com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:484)
at com.jcraft.jsch.Session.connect(Session.java:162)
at ftptrial.main.TestTop.main(TestTop.java:52)
当我将 JSch 版本更改为 0.1.49 时,它工作正常。但我无法找出原因。
session = jsch.getSession(userName, hostName, portNumber);
session.setPassword(password);
session.connect();
JSch 0.1.48 的日志:
INFO: Connecting to abc.defg.com port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-1.82_sshlib GlobalSCAPE
INFO: Local version string: SSH-2.0-JSCH-0.1.48
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1
INFO: diffie-hellman-group14-sha1 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: server: ssh-rsa
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
INFO: kex: server: zlib,none
INFO: kex: server: zlib,none
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
INFO: kex: client: ssh-rsa,ssh-dss
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: kex: server->client aes128-cbc hmac-md5 none
INFO: kex: client->server aes128-cbc hmac-md5 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: ssh_rsa_verify: signature true
WARN: Permanently added 'abc.defg.com' (RSA) to the list of known hosts.
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: SSH_MSG_SERVICE_ACCEPT received
INFO: Authentications that can continue: publickey,keyboard-interactive,password
INFO: Next authentication method: publickey
INFO: Authentications that can continue: keyboard-interactive,password
INFO: Next authentication method: keyboard-interactive
INFO: Authentications that can continue: password
INFO: Next authentication method: password
INFO: Disconnecting from abc.defg.com port 22
com.jcraft.jsch.JSchException: Auth fail
JSch 0.1.54 日志
INFO: Connecting to abc.defg.com port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-1.82_sshlib GlobalSCAPE
INFO: Local version string: SSH-2.0-JSCH-0.1.54
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO: diffie-hellman-group14-sha1 is not available.
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: server: ssh-rsa
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
INFO: kex: server: zlib,none
INFO: kex: server: zlib,none
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: kex: server->client aes128-cbc hmac-md5 none
INFO: kex: client->server aes128-cbc hmac-md5 none
INFO: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent
INFO: expecting SSH_MSG_KEX_DH_GEX_GROUP
INFO: SSH_MSG_KEX_DH_GEX_INIT sent
INFO: expecting SSH_MSG_KEX_DH_GEX_REPLY
INFO: ssh_rsa_verify: signature true
WARN: Permanently added 'abc.defg.com' (RSA) to the list of known hosts.
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: SSH_MSG_SERVICE_ACCEPT received
INFO: Authentications that can continue: publickey,keyboard-interactive,password
INFO: Next authentication method: publickey
INFO: Authentications that can continue: keyboard-interactive,password
INFO: Next authentication method: keyboard-interactive
INFO: Authentication succeeded (keyboard-interactive).
Connection success
最佳答案
JSch 0.1.48 和 JSch 0.1.49 都有 5 岁了。不要使用它们!
使用最新版本的 JSch(目前为 0.1.55)。
<小时/>如果没有更多信息,我无法最终解释差异,但由于 0.1.54 实际上成功使用了键盘交互式身份验证(与 0.1.48 中不成功的密码身份验证相比),我将归咎于 UserAuthKeyboardInteractive.start 中的此更改:
0.1.48:
prompt[0].toLowerCase().startsWith("password:")){0.1.49:
prompt[0].toLowerCase().indexOf("password:") >= 0){
您的代码实际上正在尝试密码身份验证。但 JSch 有一个启发式方法,如果它收到输入单个密码的键盘交互式身份验证提示,它将使用键盘交互式身份验证,而不是密码身份验证。
我猜你的服务器发出的提示是这样的
user password:
因此 0.1.48 startsWith 检查不会捕获提示,而 0.1.49 和更新的 indexOf 检查会捕获提示。
如果您不想依赖这种启发式方法,则应该更改代码以实际使用键盘交互式身份验证。
请参阅http://www.jcraft.com/jsch/examples/UserAuthKI.java.html
关于java - 使用 JSch 0.1.48 时出现 AuthFail 异常,但在 0.1.49 及更高版本中使用密码身份验证时不会出现异常,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43226587/