当前位置:   article > 正文

java 本地验证失败,“验证失败"在Java 1.4.2的jsch-0.1.42中

因为jsch库不太可能支持java 1.4

I have this simple Java program that uses Jsch to connect to an SFTP server.

The connection fails with an "Auth fail" exception on Java 1.4.2, but it connects flawlessly on Java 1.7.

try {

JSch jsch = new JSch();

jsch.setKnownHosts(KNOWN_HOSTS_PATH);

jsch.addIdentity(PRIVATE_KEY_PATH, PASSPHRASE);

Session session = jsch.getSession(USERNAME, HOSTNAME, 22);

session.connect(2500);

Channel channel = session.openChannel("shell");

channel.setInputStream(System. in );

channel.setOutputStream(System.out);

channel.connect();

} catch (Exception e) {

e.printStackTrace(System.err);

}

The key I'm using is an ssh-rsa 4096 bit key. The .pub key file exists in the same directory as the private key.

When connecting a logger, I see the following messages before the exception (which occurs on channel.connect();):

INFO: Connecting to port 22

INFO: Connection established

INFO: Remote version string: SSH-2.0-OpenSSH_5.1p1 Debian-5

INFO: Local version string: SSH-2.0-JSCH-0.1.42

INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256

INFO: arcfour is not available.

INFO: arcfour128 is not available.

INFO: arcfour256 is not available.

INFO: SSH_MSG_KEXINIT sent

INFO: SSH_MSG_KEXINIT received

INFO: kex: server->client aes128-ctr hmac-md5 none

INFO: kex: client->server aes128-ctr hmac-md5 none

INFO: SSH_MSG_KEXDH_INIT sent

INFO: expecting SSH_MSG_KEXDH_REPLY

INFO: ssh_rsa_verify: signature true

INFO: Host '' is known and mathces the RSA host key

INFO: SSH_MSG_NEWKEYS sent

INFO: SSH_MSG_NEWKEYS received

INFO: SSH_MSG_SERVICE_REQUEST sent

INFO: SSH_MSG_SERVICE_ACCEPT received

INFO: Authentications that can continue: publickey,keyboard-interactive,password

INFO: Next authentication method: publickey

INFO: Authentications that can continue: password

INFO: Next authentication method: password

INFO: Disconnecting from port 22

com.jcraft.jsch.JSchException: Auth fail

at com.jcraft.jsch.Session.connect(Session.java:452)

at TestJsch.main(TestJsch.java:19)

When I run the same program with Java 1.7, it says

INFO: Connecting to port 22

INFO: Connection established

INFO: Remote version string: SSH-2.0-OpenSSH_5.1p1 Debian-5

INFO: Local version string: SSH-2.0-JSCH-0.1.42

INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256

INFO: SSH_MSG_KEXINIT sent

INFO: SSH_MSG_KEXINIT received

INFO: kex: server->client aes128-ctr hmac-md5 none

INFO: kex: client->server aes128-ctr hmac-md5 none

INFO: SSH_MSG_KEXDH_INIT sent

INFO: expecting SSH_MSG_KEXDH_REPLY

INFO: ssh_rsa_verify: signature true

INFO: Host '' is known and mathces the RSA host key

INFO: SSH_MSG_NEWKEYS sent

INFO: SSH_MSG_NEWKEYS received

INFO: SSH_MSG_SERVICE_REQUEST sent

INFO: SSH_MSG_SERVICE_ACCEPT receivedINFO: Authentications that can continue: publickey,keyboard-interactive,password

INFO: Next authentication method: publickey

INFO: Authentication succeeded (publickey).

Linux 2.6.26-2-amd64 #1 SMP Mon Jun 13 16:29:33 UTC 2011 x86_64

I have installed the Java Cryptography Extensions (JCE) for the 1.4 VM.

What could be the source of that problem?

解决方案

Java has a limitation for using strong crypto algorithm. Check content of $JRE_HOME/lib/security/US_Export_policy.jar and $JRE_HOME/lib/security/local_policy.jar. If you find something like this:

// File: default_local.policy

// Some countries have import limits on crypto strength.

// This policy file is worldwide importable.

grant {

permission javax.crypto.CryptoPermission "DES", 64;

permission javax.crypto.CryptoPermission "DESede", *;

permission javax.crypto.CryptoPermission "RC2", 128,

"javax.crypto.spec.RC2ParameterSpec", 128;

permission javax.crypto.CryptoPermission "RC4", 128;

permission javax.crypto.CryptoPermission "RC5", 128,

"javax.crypto.spec.RC5ParameterSpec", *, 12, *;

permission javax.crypto.CryptoPermission "RSA", 2048;

permission javax.crypto.CryptoPermission *, 128;

};

Decision is to download and install JCE Unlimited Strength Jurisdiction Policy. Previously, it was located on Sun's site, now I don't know where it can be found.

You can read more in this article

EDIT:

After some research, I found my answer was incorrect.

Java 1.4 does not support RSA keys more than 2048 byte length BUG 4524097

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/羊村懒王/article/detail/643296
推荐阅读
相关标签
  

闽ICP备14008679号