1. 首頁
  2. 問答
  3. 獲取AuthFail例外與JSch 0.1.48但不是在0.1.49和密碼驗證的新

獲取AuthFail例外與JSch 0.1.48但不是在0.1.49和密碼驗證的新

2017-04-05 80 views
1

此前JSch 0.1.48工作正常,但最近它已停止工作,並拋出一個異常獲取AuthFail例外與JSch 0.1.48但不是在0.1.49和密碼驗證的新

com.jcraft.jsch.JSchException: Auth fail 
    at com.jcraft.jsch.Session.connect(Session.java:484) 
    at com.jcraft.jsch.Session.connect(Session.java:162) 
    at ftptrial.main.TestTop.main(TestTop.java:52)

當我改變JSch的版本爲0.1.49,它工作正常。但我無法弄清楚爲什麼。

session = jsch.getSession(userName, hostName, portNumber); 
session.setPassword(password); 
session.connect();

日誌中JSch 0.1.48:

INFO: Connecting to abc.defg.com port 22 
INFO: Connection established 
INFO: Remote version string: SSH-2.0-1.82_sshlib GlobalSCAPE 
INFO: Local version string: SSH-2.0-JSCH-0.1.48 
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 
INFO: CheckKexes: diffie-hellman-group14-sha1 
INFO: diffie-hellman-group14-sha1 is not available. 
INFO: SSH_MSG_KEXINIT sent 
INFO: SSH_MSG_KEXINIT received 
INFO: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 
INFO: kex: server: ssh-rsa 
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc 
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc 
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96 
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96 
INFO: kex: server: zlib,none 
INFO: kex: server: zlib,none 
INFO: kex: server: 
INFO: kex: server: 
INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 
INFO: kex: client: ssh-rsa,ssh-dss 
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc 
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc 
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 
INFO: kex: client: none 
INFO: kex: client: none 
INFO: kex: client: 
INFO: kex: client: 
INFO: kex: server->client aes128-cbc hmac-md5 none 
INFO: kex: client->server aes128-cbc hmac-md5 none 
INFO: SSH_MSG_KEXDH_INIT sent 
INFO: expecting SSH_MSG_KEXDH_REPLY 
INFO: ssh_rsa_verify: signature true 
WARN: Permanently added 'abc.defg.com' (RSA) to the list of known hosts. 
INFO: SSH_MSG_NEWKEYS sent 
INFO: SSH_MSG_NEWKEYS received 
INFO: SSH_MSG_SERVICE_REQUEST sent 
INFO: SSH_MSG_SERVICE_ACCEPT received 
INFO: Authentications that can continue: publickey,keyboard-interactive,password 
INFO: Next authentication method: publickey 
INFO: Authentications that can continue: keyboard-interactive,password 
INFO: Next authentication method: keyboard-interactive 
INFO: Authentications that can continue: password 
INFO: Next authentication method: password 
INFO: Disconnecting from abc.defg.com port 22 
com.jcraft.jsch.JSchException: Auth fail

日誌中JSch 0.1.54

INFO: Connecting to abc.defg.com port 22 
INFO: Connection established 
INFO: Remote version string: SSH-2.0-1.82_sshlib GlobalSCAPE 
INFO: Local version string: SSH-2.0-JSCH-0.1.54 
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 
INFO: diffie-hellman-group14-sha1 is not available. 
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 
INFO: SSH_MSG_KEXINIT sent 
INFO: SSH_MSG_KEXINIT received 
INFO: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 
INFO: kex: server: ssh-rsa 
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc 
INFO: kex: server: twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc,aes256-cbc,aes128-cbc 
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96 
INFO: kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96 
INFO: kex: server: zlib,none 
INFO: kex: server: zlib,none 
INFO: kex: server: 
INFO: kex: server: 
INFO: kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 
INFO: kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc 
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc 
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 
INFO: kex: client: none 
INFO: kex: client: none 
INFO: kex: client: 
INFO: kex: client: 
INFO: kex: server->client aes128-cbc hmac-md5 none 
INFO: kex: client->server aes128-cbc hmac-md5 none 
INFO: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent 
INFO: expecting SSH_MSG_KEX_DH_GEX_GROUP 
INFO: SSH_MSG_KEX_DH_GEX_INIT sent 
INFO: expecting SSH_MSG_KEX_DH_GEX_REPLY 
INFO: ssh_rsa_verify: signature true 
WARN: Permanently added 'abc.defg.com' (RSA) to the list of known hosts. 
INFO: SSH_MSG_NEWKEYS sent 
INFO: SSH_MSG_NEWKEYS received 
INFO: SSH_MSG_SERVICE_REQUEST sent 
INFO: SSH_MSG_SERVICE_ACCEPT received 
INFO: Authentications that can continue: publickey,keyboard-interactive,password 
INFO: Next authentication method: publickey 
INFO: Authentications that can continue: keyboard-interactive,password 
INFO: Next authentication method: keyboard-interactive 
INFO: Authentication succeeded (keyboard-interactive). 
Connection success

來源

2017-04-05 Amit Kumar

+0

com.jcraft.jsch.JSchException:驗證失敗 \t在com.jcraft.jsch.Session.connect(Session.java:484) \t在com.jcraft.jsch.Session.connect(會話.java:162) \t at ftptrial.main.TestTop.main(TestTop.java:52) –

+1

您應該將錯誤日誌放入問題主體而不是評論中。 – rakwaht

+1

如果你真的想得到答案這個問題,我們需要一個JSCH日誌文件的兩個版本 - 雖然你的問題沒有意義。較新版本的作品,所以你想要什麼? - 您應該使用最新版本,尤其是與安全相關的庫! –

回答

0

兩個JSch 0.1.48和0.1.49 JSch是5歲。不要使用它們!

使用最新版本的JSch(截至目前爲0.1.54)。

我不能斷然解釋這一差別沒有更多的信息,但實際上0.1.54成功使用鍵盤交互認證(相比於0.1.48不成功的口令認證),我會在UserAuthKeyboardInteractive.start指責這種變化:

  • 0.1.48:

    prompt[0].toLowerCase().startsWith("password:")){

  • 0.1.49:

    prompt[0].toLowerCase().indexOf("password:") >= 0){

您的代碼實際上是試圖密碼驗證。但JSch有一個啓發式,如果它獲得鍵盤交互式身份驗證提示單個密碼,它將使用鍵盤交互式身份驗證,而不是密碼身份驗證。

我猜提示從你的服務器來就像是

用戶密碼:

所以0.1.48 startsWith檢查沒有捕捉到的提示,而0.1.49和更新indexOf檢查確實。

如果你不想依賴這種啓發式,你應該改變你的代碼,以實際使用鍵盤交互式認證。
http://www.jcraft.com/jsch/examples/UserAuthKI.java.html

來源

2017-04-05 09:37:11

+0

我很想知道根本原因。但我無法找到。 –

+0

好吧,如果你的問題是關於話題的,如果好奇心是唯一的理由,那就值得懷疑了。但無論如何,我們需要一個日誌文件和一些代碼。否則你的問題是不應答的! –

+0

session = jsch.getSession(userName,hostName,portNumber); session.setPassword(password); 屬性config = new Properties(); config.put(「StrictHostKeyChecking」,「no」); session.setConfig(config); session.setConfig(「StrictHostKeyChecking」,「no」); session.connect(); –

相關問題

 相關問題