I'm trying to establish a SFTP connection using Java secure chanel (JSCh). My software stack is Red Hat Enterprise Server 5.0, JRE 6.0 and JSch v0.1.44. The primarily server software stack (to which I'm trying to connect) is Windows Server 2008 and the latest version of GlobalScape. When trying to connect to it I get a
开发者_运维知识库com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:529)
at com.jcraft.jsch.Session.connect(Session.java:291)
Enabling JSch logging I get the following for this same connection:
0000001d SystemErr R INFO: Connecting to xxx.xxx.xxx.157 port 22
0000001d SystemErr R INFO: Connection established
0000001d SystemErr R INFO: Remote version string: SSH-2.0-1.36_sshlib GlobalSCAPE
0000001d SystemErr R INFO: Local version string: SSH-2.0-JSCH-0.1.44
0000001d SystemErr R INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256- cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
0000001d SystemErr R INFO: aes256-ctr is not available.
0000001d SystemErr R INFO: aes192-ctr is not available.
0000001d SystemErr R INFO: aes256-cbc is not available.
0000001d SystemErr R INFO: aes192-cbc is not available.
0000001d SystemErr R INFO: arcfour256 is not available.
0000001d SystemErr R INFO: SSH_MSG_KEXINIT sent
0000001d SystemErr R INFO: SSH_MSG_KEXINIT received
0000001d SystemErr R INFO: Disconnecting from xxx.xxx.xxx.157 port 22
So from the looks of it I'm connecting to the server and I actually can send and receive a msg, but when the client tries to match the server msg proposal and the client msg proposal it throws an exception.
Now comparing it with the JSch logs of a successful connection to a Server with a previous GlobalScape software and Windows Server 2003:
0000001e SystemErr R INFO: Connecting to xxx.xxx.xxx.156 port 22
0000001e SystemErr R INFO: Connection established
0000001e SystemErr R INFO: Remote version string: SSH-2.0-1.36 sshlib: GlobalScape
0000001e SystemErr R INFO: Local version string: SSH-2.0-JSCH-0.1.44
0000001e SystemErr R INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
0000001e SystemErr R INFO: aes256-ctr is not available.
0000001e SystemErr R INFO: aes192-ctr is not available.
0000001e SystemErr R INFO: aes256-cbc is not available.
0000001e SystemErr R INFO: aes192-cbc is not available.
0000001e SystemErr R INFO: arcfour256 is not available.
0000001e SystemErr R INFO: SSH_MSG_KEXINIT sent
0000001e SystemErr R INFO: SSH_MSG_KEXINIT received
0000001e SystemErr R INFO: kex: server->client aes128-cbc hmac-md5 none
0000001e SystemErr R INFO: kex: client->server aes128-cbc hmac-md5 none
0000001e SystemErr R INFO: SSH_MSG_KEXDH_INIT sent
0000001e SystemErr R INFO: expecting SSH_MSG_KEXDH_REPLY
0000001e SystemErr R INFO: ssh_dss_verify: signature true
0000001e SystemErr R WARN: Permanently added 'xxx.xxx.xxx.156' (DSA) to the list of known hosts.
0000001e SystemErr R INFO: SSH_MSG_NEWKEYS sent
0000001e SystemErr R INFO: SSH_MSG_NEWKEYS received
0000001e SystemErr R INFO: SSH_MSG_SERVICE_REQUEST sent
0000001e SystemErr R INFO: SSH_MSG_SERVICE_ACCEPT received
0000001e SystemErr R INFO: Authentications that can continue: publickey,keyboard-inteactive,password
0000001e SystemErr R INFO: Next authentication method: publickey
0000001e SystemErr R INFO: Authentications that can continue: password
0000001e SystemErr R INFO: Next authentication method: password
0000001e SystemErr R INFO: Authentication succeeded (password).
So once again it's able to connect and able to exchange SSH_MSG_KEXINIT, but here the client and server proposals match and no exception is thrown
The sftp security is using a public/private key and username/password.
I can connect to it using WinSCP, Filezilla and linux command line (from the same server the java application runs).
I spoke with one system administrator of the SFTP server and we tried using username/password and I get the same exception and logs.
The system administrator told me that the difference between both servers is the GlobalScape version and now being a Microsoft 2008 Server.
So anyone has any ideas on how to tackle this one?
Many thanks in advance!
The problem you are having is nothing to do with globalscape its all about all enabled cipher algorithms SFTP server. Every sftp server has some cipher algorithms that they agree over so if you don't have those encodings and algorithms for cipher it doesnot work cipher algorithms All other SFTP softwares have inbuilt cipher algorithms which they use according to sftp server configuration chnage to latest 256 bit cipher algorithm and you are all set
https://enterprisedt.com/products/edtftpjssl/doc/manual/html/howtousesftpchoosingalgorithms.html
Public key algorithms
Either DSA or RSA or both can be set for the preferred public key algorithms for server authentication. If, for example, RSA is set, the server will present an RSA public key to the client (if the server supports RSA keys of course - some servers do not). The code below illustrates how to set RSA only. It first disables all keypair algorithms, then enables RSA:
ftp.disableAllAlgorithms(SSHFTPAlgorithm.KEY_PAIR); ftp.setAlgorithmEnabled(SSHFTPAlgorithm.KEY_RSA, true);
The default is both DSA and RSA enabled.
Cipher algorithms
The cipher algorithms are the symmetric algorithms used to perform the encryption of the SFTP data and commands. The code below illustrates how to set triple DES as the cipher algorithm (disabling all others):
ftp.disableAllAlgorithms(SSHFTPAlgorithm.CIPHER); ftp.setAlgorithmEnabled(SSHFTPAlgorithm.CIPHER_3DES_CBC, true);
The default is all cipher algorithms enabled.
精彩评论