- 1aliyun ubuntu pstack无法使用的问题解决 crawl: Input/output error_pstack read target failed
- 2Uniapp X getStorageSync取值出来后无法转换成自定义Type_uni.getstoragesync('')赋给变量为undefined
- 3学习笔记:C语言的32个关键字
- 4【华为GAUSS数据库】IDEA连接GAUSS数据库方法_idea中添加数据源com.huawei.opengauss
- 5怎样建立产品体系?(二)- 战略
- 6分享(转载)跟大家分享一下牛人常用的资源类,供大家参考、学习。_樱桃bt
- 7idea中使用git合并代码_idea git diff 按行合并
- 801_Qt线程-初识QThread_qthread workthead
- 9Hadoop之——Hadoop目录结构说明_hdfs目录结构
- 1020200324_W_Seismic risk assessment of complex transportation networks_(b) parameters of the utility function may be esti
java 本地验证失败,“验证失败"在Java 1.4.2的jsch-0.1.42中
赞
踩
I have this simple Java program that uses Jsch to connect to an SFTP server.
The connection fails with an "Auth fail" exception on Java 1.4.2, but it connects flawlessly on Java 1.7.
try {
JSch jsch = new JSch();
jsch.setKnownHosts(KNOWN_HOSTS_PATH);
jsch.addIdentity(PRIVATE_KEY_PATH, PASSPHRASE);
Session session = jsch.getSession(USERNAME, HOSTNAME, 22);
session.connect(2500);
Channel channel = session.openChannel("shell");
channel.setInputStream(System. in );
channel.setOutputStream(System.out);
channel.connect();
} catch (Exception e) {
e.printStackTrace(System.err);
}
The key I'm using is an ssh-rsa 4096 bit key. The .pub key file exists in the same directory as the private key.
When connecting a logger, I see the following messages before the exception (which occurs on channel.connect();):
INFO: Connecting to port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-OpenSSH_5.1p1 Debian-5
INFO: Local version string: SSH-2.0-JSCH-0.1.42
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: arcfour is not available.
INFO: arcfour128 is not available.
INFO: arcfour256 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server->client aes128-ctr hmac-md5 none
INFO: kex: client->server aes128-ctr hmac-md5 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: ssh_rsa_verify: signature true
INFO: Host '' is known and mathces the RSA host key
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: SSH_MSG_SERVICE_ACCEPT received
INFO: Authentications that can continue: publickey,keyboard-interactive,password
INFO: Next authentication method: publickey
INFO: Authentications that can continue: password
INFO: Next authentication method: password
INFO: Disconnecting from port 22
com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:452)
at TestJsch.main(TestJsch.java:19)
When I run the same program with Java 1.7, it says
INFO: Connecting to port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-OpenSSH_5.1p1 Debian-5
INFO: Local version string: SSH-2.0-JSCH-0.1.42
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server->client aes128-ctr hmac-md5 none
INFO: kex: client->server aes128-ctr hmac-md5 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: ssh_rsa_verify: signature true
INFO: Host '' is known and mathces the RSA host key
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: SSH_MSG_SERVICE_ACCEPT receivedINFO: Authentications that can continue: publickey,keyboard-interactive,password
INFO: Next authentication method: publickey
INFO: Authentication succeeded (publickey).
Linux 2.6.26-2-amd64 #1 SMP Mon Jun 13 16:29:33 UTC 2011 x86_64
I have installed the Java Cryptography Extensions (JCE) for the 1.4 VM.
What could be the source of that problem?
解决方案
Java has a limitation for using strong crypto algorithm. Check content of $JRE_HOME/lib/security/US_Export_policy.jar and $JRE_HOME/lib/security/local_policy.jar. If you find something like this:
// File: default_local.policy
// Some countries have import limits on crypto strength.
// This policy file is worldwide importable.
grant {
permission javax.crypto.CryptoPermission "DES", 64;
permission javax.crypto.CryptoPermission "DESede", *;
permission javax.crypto.CryptoPermission "RC2", 128,
"javax.crypto.spec.RC2ParameterSpec", 128;
permission javax.crypto.CryptoPermission "RC4", 128;
permission javax.crypto.CryptoPermission "RC5", 128,
"javax.crypto.spec.RC5ParameterSpec", *, 12, *;
permission javax.crypto.CryptoPermission "RSA", 2048;
permission javax.crypto.CryptoPermission *, 128;
};
Decision is to download and install JCE Unlimited Strength Jurisdiction Policy. Previously, it was located on Sun's site, now I don't know where it can be found.
You can read more in this article
EDIT:
After some research, I found my answer was incorrect.
Java 1.4 does not support RSA keys more than 2048 byte length BUG 4524097
