我们的 FTP 服务器经过了迁移以获得更好的安全性(不太了解它的细节)。
但是升级后,我们无法从服务器下载/上传文件。升级之前一直运行良好。错误日志显示:
ns0:ClientCould not connect to FTP Server.http://schemas.cordys.com/ftpconnector/1.1Cordys.FTPConnector.Messages.ftpserverConnectionFailedcom.eibus.applicationconnector.ftp.FTPException: Algorithm negotiation fail
at com.eibus.applicationconnector.ftp.CordysSFTPClient.connect(CordysSFTPClient.java:78) at com.eibus.applicationconnector.ftp.FTPCommand.connect(FTPCommand.java:86) at com.eibus.applicationconnector.ftp.FTPTransaction.process(FTPTransaction.java:109) at com.eibus.soap.SOAPTransaction.handleBodyBlock(SOAPTransaction.java:1340) at com.eibus.soap.SOAPTransaction.(SOAPTransaction.java:546) at com.eibus.soap.SOAPTransaction.(SOAPTransaction.java:195) at com.eibus.soap.Processor.onReceive(Processor.java:1024) at com.eibus.soap.Processor.onReceive(Processor.java:997) at com.eibus.connector.nom.Connector.onReceive(Connector.java:483) at com.eibus.transport.NonTransactionalWorkerThreadBody.doWork(NonTransactionalWorkerThreadBody.java:61) at com.eibus.transport.NonTransactionalWorkerThreadBody.run(NonTransactionalWorkerThreadBody.java:26) at com.eibus.util.threadpool.WorkerThread.run(WorkerThread.java:67) Caused by: com.jcraft.jsch.JSchException: Algorithm negotiation fail at com.jcraft.jsch.Session.receive_kexinit(Session.java:520) at com.jcraft.jsch.Session.connect(Session.java:286) at com.jcraft.jsch.Session.connect(Session.java:150) at com.eibus.applicationconnector.ftp.CordysSFTPClient.connectOnce(CordysSFTPClient.java:124) at com.eibus.applicationconnector.ftp.CordysSFTPClient.connect(CordysSFTPClient.java:64) ... 11 more
使用的jsch jar版本是:jsch-0.1.41.jar 使用的java版本是:1.7.0_40
请注意
- 我们不拥有 FTP 服务器,因此无法更改其中的任何设置。
- 无法升级 Java 版本
试验 1 在谷歌上花了一些时间后,我了解到升级 jsch jar 版本可能会有所帮助。所以我使用了最新的jsch jar,即:jsch-0.1.54.jar。之后我开始收到以下错误:
com.eibus.applicationconnector.ftp.FTPException: Session.connect: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive) at com.eibus.applicationconnector.ftp.CordysSFTPClient.connect(CordysSFTPClient.java:78) at com.eibus.applicationconnector.ftp.FTPCommand.connect(FTPCommand.java:86) at com.eibus.applicationconnector.ftp.FTPTransaction.process(FTPTransaction.java:109) at com.eibus.soap.SOAPTransaction.handleBodyBlock(SOAPTransaction.java:1340) at com.eibus.soap.SOAPTransaction.(SOAPTransaction.java:546) at com.eibus.soap.SOAPTransaction.(SOAPTransaction.java:195) at com.eibus.soap.Processor.onReceive(Processor.java:1024) at com.eibus.soap.Processor.onReceive(Processor.java:997) at com.eibus.connector.nom.Connector.onReceive(Connector.java:483) at com.eibus.transport.NonTransactionalWorkerThreadBody.doWork(NonTransactionalWorkerThreadBody.java:61) at com.eibus.transport.NonTransactionalWorkerThreadBody.run(NonTransactionalWorkerThreadBody.java:26) at com.eibus.util.threadpool.WorkerThread.run(WorkerThread.java:67) Caused by: com.jcraft.jsch.JSchException: Session.connect: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive) at com.jcraft.jsch.Session.connect(Session.java:565) at com.jcraft.jsch.Session.connect(Session.java:183) at com.eibus.applicationconnector.ftp.CordysSFTPClient.connectOnce(CordysSFTPClient.java:124) at com.eibus.applicationconnector.ftp.CordysSFTPClient.connect(CordysSFTPClient.java:64) ... 11 more
试用2:安装了无限强度管辖策略文件(www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html),这也是没有的使用。遇到同样的错误
任何指示都会有帮助。
这是我用来连接 ftp 的代码:
private void connectOnce(FTPConfiguration ftpConfiguration) throws JSchException {
JSch jsch = new JSch();
this.session = jsch.getSession(ftpConfiguration.getUsername(), ftpConfiguration.getServer(), ftpConfiguration.getPort());
this.session.setPassword(ftpConfiguration.getPassword());
Properties config = new Properties();
config.put("StrictHostKeyChecking", "no");
this.session.setConfig(config);
if (logger.isDebugEnabled()) {
logger.debug("Opening SFTP connection to " + ftpConfiguration.getServer());
}
this.session.connect();
}
最佳答案
我想我已经找到了解决方案。
解决方案涉及修改 jsch 源代码。 (最新版本1.0.54)。我做了一些研究,终于能够强制 jsch 使用“Bouncy CaSTLe”安全提供程序。这涉及更改 jsch 库中以下类的源代码:
- com.jcraft.jsch.jce.KeyPairGenDSA
- com.jcraft.jsch.jce.KeyPairGenECDSA
- com.jcraft.jsch.jce.KeyPairGenRSA
- com.jcraft.jsch.jce.DH
每当它尝试获取 keyGenerator 的 geInstance 时,我都添加了以下参数。
KeyPairGenerator.getInstance("DSA","BC");
从这篇文章中得到了一些想法(I've put security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider but it isn't being used during SSL handshake)
关于java - 无法连接到 sftp : com. jcraft.jsch.JSchException:算法协商失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47828805/