1. 首页
  2. 问答
  3. 获取AuthFail例外与JSch 0.1.48但不是在0.1.49和密码验证的新

获取AuthFail例外与JSch 0.1.48但不是在0.1.49和密码验证的新

2017-04-05 84 views
1

此前JSch 0.1.48工作正常,但最近它已停止工作,并抛出一个异常获取AuthFail例外与JSch 0.1.48但不是在0.1.49和密码验证的新

com.jcraft.jsch.JSchException: Auth fail 
    at com.jcraft.jsch.Session.connect(Session.java:484) 
    at com.jcraft.jsch.Session.connect(Session.java:162) 
    at ftptrial.main.TestTop.main(TestTop.java:52)

当我改变JSch的版本为0.1.49,它工作正常。但我无法弄清楚为什么。

session = jsch.getSession(userName, hostName, portNumber); 
session.setPassword(password); 
session.connect();

日志中JSch 0.1.48:

INFO: Connecting to abc.defg.com port 22 
INFO: Connection established 
INFO: Remote version string: SSH-2.0-1.82_sshlib GlobalSCAPE 
INFO: Local version string: SSH-2.0-JSCH-0.1.48 
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 
INFO: CheckKexes: diffie-hellman-group14-sha1 
INFO: diffie-hellman-group14-sha1 is not available. 
INFO: SSH_MSG_KEXINIT sent 
INFO: SSH_MSG_KEXINIT received 
INFO: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 
INFO: kex: server: ssh-rsa 
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc 
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc 
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96 
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96 
INFO: kex: server: zlib,none 
INFO: kex: server: zlib,none 
INFO: kex: server: 
INFO: kex: server: 
INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 
INFO: kex: client: ssh-rsa,ssh-dss 
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc 
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc 
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 
INFO: kex: client: none 
INFO: kex: client: none 
INFO: kex: client: 
INFO: kex: client: 
INFO: kex: server->client aes128-cbc hmac-md5 none 
INFO: kex: client->server aes128-cbc hmac-md5 none 
INFO: SSH_MSG_KEXDH_INIT sent 
INFO: expecting SSH_MSG_KEXDH_REPLY 
INFO: ssh_rsa_verify: signature true 
WARN: Permanently added 'abc.defg.com' (RSA) to the list of known hosts. 
INFO: SSH_MSG_NEWKEYS sent 
INFO: SSH_MSG_NEWKEYS received 
INFO: SSH_MSG_SERVICE_REQUEST sent 
INFO: SSH_MSG_SERVICE_ACCEPT received 
INFO: Authentications that can continue: publickey,keyboard-interactive,password 
INFO: Next authentication method: publickey 
INFO: Authentications that can continue: keyboard-interactive,password 
INFO: Next authentication method: keyboard-interactive 
INFO: Authentications that can continue: password 
INFO: Next authentication method: password 
INFO: Disconnecting from abc.defg.com port 22 
com.jcraft.jsch.JSchException: Auth fail

日志中JSch 0.1.54

INFO: Connecting to abc.defg.com port 22 
INFO: Connection established 
INFO: Remote version string: SSH-2.0-1.82_sshlib GlobalSCAPE 
INFO: Local version string: SSH-2.0-JSCH-0.1.54 
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 
INFO: diffie-hellman-group14-sha1 is not available. 
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 
INFO: SSH_MSG_KEXINIT sent 
INFO: SSH_MSG_KEXINIT received 
INFO: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 
INFO: kex: server: ssh-rsa 
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc 
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc 
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96 
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96 
INFO: kex: server: zlib,none 
INFO: kex: server: zlib,none 
INFO: kex: server: 
INFO: kex: server: 
INFO: kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 
INFO: kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc 
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc 
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 
INFO: kex: client: none 
INFO: kex: client: none 
INFO: kex: client: 
INFO: kex: client: 
INFO: kex: server->client aes128-cbc hmac-md5 none 
INFO: kex: client->server aes128-cbc hmac-md5 none 
INFO: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent 
INFO: expecting SSH_MSG_KEX_DH_GEX_GROUP 
INFO: SSH_MSG_KEX_DH_GEX_INIT sent 
INFO: expecting SSH_MSG_KEX_DH_GEX_REPLY 
INFO: ssh_rsa_verify: signature true 
WARN: Permanently added 'abc.defg.com' (RSA) to the list of known hosts. 
INFO: SSH_MSG_NEWKEYS sent 
INFO: SSH_MSG_NEWKEYS received 
INFO: SSH_MSG_SERVICE_REQUEST sent 
INFO: SSH_MSG_SERVICE_ACCEPT received 
INFO: Authentications that can continue: publickey,keyboard-interactive,password 
INFO: Next authentication method: publickey 
INFO: Authentications that can continue: keyboard-interactive,password 
INFO: Next authentication method: keyboard-interactive 
INFO: Authentication succeeded (keyboard-interactive). 
Connection success

来源

2017-04-05 Amit Kumar

+0

com.jcraft.jsch.JSchException:验证失败 \t在com.jcraft.jsch.Session.connect(Session.java:484) \t在com.jcraft.jsch.Session.connect(会话.java:162) \t at ftptrial.main.TestTop.main(TestTop.java:52) –

+1

您应该将错误日志放入问题主体而不是评论中。 – rakwaht

+1

如果你真的想得到答案这个问题,我们需要一个JSCH日志文件的两个版本 - 虽然你的问题没有意义。较新版本的作品,所以你想要什么? - 您应该使用最新版本,尤其是与安全相关的库! –

回答

0

两个JSch 0.1.48和0.1.49 JSch是5岁。不要使用它们!

使用最新版本的JSch(截至目前为0.1.54)。

我不能断然解释这一差别没有更多的信息,但实际上0.1.54成功使用键盘交互认证(相比于0.1.48不成功的口令认证),我会在UserAuthKeyboardInteractive.start指责这种变化:

  • 0.1.48:

    prompt[0].toLowerCase().startsWith("password:")){

  • 0.1.49:

    prompt[0].toLowerCase().indexOf("password:") >= 0){

您的代码实际上是试图密码验证。但JSch有一个启发式,如果它获得键盘交互式身份验证提示单个密码,它将使用键盘交互式身份验证,而不是密码身份验证。

我猜提示从你的服务器来就像是

用户密码:

所以0.1.48 startsWith检查没有捕捉到的提示,而0.1.49和更新indexOf检查确实。

如果你不想依赖这种启发式,你应该改变你的代码,以实际使用键盘交互式认证。
http://www.jcraft.com/jsch/examples/UserAuthKI.java.html

来源

2017-04-05 09:37:11

+0

我很想知道根本原因。但我无法找到。 –

+0

好吧,如果你的问题是关于话题的,如果好奇心是唯一的理由,那就值得怀疑了。但无论如何,我们需要一个日志文件和一些代码。否则你的问题是不应答的! –

+0

session = jsch.getSession(userName,hostName,portNumber); session.setPassword(password); 属性config = new Properties(); config.put(“StrictHostKeyChecking”,“no”); session.setConfig(config); session.setConfig(“StrictHostKeyChecking”,“no”); session.connect(); –

相关问题

 相关问题