Question

I having a strange issue with sshj (am using sshj v0.6.0) for which I would need some help from someone. Authentication with public key works fine on some machines but doesnt work fine on other machines and I see the below error.

我可以说明的唯一区别是,在所涉的UNIX ID viz coonradt, 似乎在“~/.ssh/config”下建立了以下清单组合,但只是在触发以下错误的盒子上设置。

Host *
    Protocol 1,2
    FallBackToRsh no
    ForwardAgent yes
    ForwardX11 yes
    PasswordAuthentication yes
    RhostsAuthentication no
    RhostsRSAAuthentication no
    RSAAuthentication yes
    NoHostAuthenticationForLocalhost yes
    StrictHostKeyChecking no
  KeepAlive yes

从上述案件卷宗中,我得知,有关身份证应使用1 2号议定书,我怀疑这可能与我的失败有关(我不相信这一点,但这只是一nch)。

对于所有从事这项工作的UNIX IDs,I dont拥有任何此类专案。

PS: 我不能改变UNIX ID“coonradt”的拼凑,因为中央群子服务器正在使用该信。

如果有人能帮助我就这里可能有错的话?

以下是我看到的错误:

Oct 24, 2011 2:30:37 AM net.schmizz.sshj.DefaultConfig initCipherFactories
WARNING: Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.TransportImpl init
INFO: Client identity string: SSH-2.0-SSHJ_0_6_0
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.TransportImpl init
INFO: Server identity string: SSH-1.99-OpenSSH_4.3
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.KeyExchanger sendKexInit
INFO: Sending SSH_MSG_KEXINIT
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.KeyExchanger handle
INFO: Received SSH_MSG_KEXINIT
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.kex.AbstractDHG init
INFO: Sending SSH_MSG_KEXDH_INIT
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.KeyExchanger handle
INFO: Received kex followup data
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.kex.AbstractDHG next
INFO: Received SSH_MSG_KEXDH_REPLY
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.TransportImpl die
SEVERE: Dying because - net.schmizz.sshj.transport.TransportException: [HOST_KEY_NOT_VERIFIABLE] Could not verify `ssh-rsa` host key with fingerprint `ca:0b:b3:7f:53:5a:e3:bc:bf:44:63:d8:2d:26:c0:41` for `mymachine.domain.com` on port 22
Oct 24, 2011 2:30:38 AM net.schmizz.concurrent.Promise tryRetrieve
SEVERE: <<kex done>> woke to: net.schmizz.sshj.transport.TransportException: [HOST_KEY_NOT_VERIFIABLE] Could not verify `ssh-rsa` host key with fingerprint `ca:0b:b3:7f:53:5a:e3:bc:bf:44:63:d8:2d:26:c0:41` for `mymachine.domain.com` on port 22
Oct 24, 2011 2:30:38 AM net.schmizz.sshj.transport.TransportImpl setService
INFO: Setting active service to null-service
Oct 24, 2011 2:30:38 AM com.test.jaws.execution.ssh.impl.SSHJClientImpl$ExceptionHandler handleSevereCondition
SEVERE: mymachine.domain.com is not added to your /x/home/coonradt/.ssh/known_hosts file. 
Throwable occurred: net.schmizz.sshj.transport.TransportException: [HOST_KEY_NOT_VERIFIABLE] Could not verify `ssh-rsa` host key with fingerprint `ca:0b:b3:7f:53:5a:e3:bc:bf:44:63:d8:2d:26:c0:41` for `mymachine.domain.com` on port 22
    at net.schmizz.sshj.transport.KeyExchanger.verifyHost(KeyExchanger.java:222)
    at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:373)
    at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:477)
    at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:127)
    at net.schmizz.sshj.transport.Decoder.received(Decoder.java:195)
    at net.schmizz.sshj.transport.Reader.run(Reader.java:72)

Answer 1

您可以让SSH客户接受所有关键人物,而不作任何核查(接受主要核查)。

SSHClient sshClient = new SSHClient();
sshClient.addHostKeyVerifier(new PromiscuousVerifier());
...

Answer 2

如何为这台机器添加一台主机?

sshClient.addHostKeyVerifier("ca:0b:b3:7f:53:5a:e3:bc:bf:44:63:d8:2d:26:c0:41");

这样做的必然原因是,已知的“影子”档案为t_$(用户.home)/.ssh/ known_hosts。你还可以明确把已知的东道方从某个特定地点装上。

sshClient.loadKnownHosts(new File("path_to_known_hosts"));

Answer 3

try {
    ssh.connect(envConf.getIp(), port);
} catch (TransportException e) {
    if (e.getDisconnectReason() == DisconnectReason.HOST_KEY_NOT_VERIFIABLE) {
        String msg = e.getMessage();
        String[] split = msg.split("`");
        String vc = split[3];
        ssh = new SSHClient();
        ssh.addHostKeyVerifier(vc);
        ssh.connect(envConf.getIp(), port);
    } else {
        throw e;
    }
}
ssh.authPassword(envConf.getName(), envConf.getPw());
ssh.newSCPFileTransfer().download(envConf.getHomePath() + FilePath, toPath);

Answer 4

另一种答案是,确保你试图连接的东道国名在你所知的“东道方”档案中完全吻合。我正在尝试把全程的URL码<>bob.insidenetwork.pvt连接起来,但我所知的东道方档案仅以bob作为条目,因为当I ssh时。手工操作的Im far太高,无法打上整个URL......

Answer 5

如果服务器接受主要的机面互动核查,你也可以这样做,至少最近版本的SSHJ:

client.addHostKeyVerifier(new ConsoleKnownHostsVerifier(new File(userKnownHostsFile), System.console()) {
    @Override
    protected boolean hostKeyUnverifiableAction(String hostname, PublicKey key) {
        try {
            entries().add(new HostEntry(null, hostname, KeyType.fromKey(key), key));
            write();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
        return true;
    }
});

This overrides the "Are you sure you want to continue connecting (yes/no)? " prompt that the user is supposed to reply to, so that you don t need to provide any input into a console to continue, while satisfying the keyboard-interactive authentication when a host is unknown and avoiding using a PromiscuousVerifier.

当然,你可以把压倒一切的方法推到你的心脏中,以添加伐木,如果你想这样做的话,那么你就只能使用一个简单的<条码>。

如果服务器不接受关键的机面互动认证,而且你仍然不希望使用传票,那么你可以做与以上内容类似的工作。开放式SSHKnownHosts 例如:

HostKeyVerifier hkv = new OpenSSHKnownHosts(new File("~/.ssh/known_hosts") {
    @Override
    protected boolean hostKeyUnverifiableAction(String hostname, PublicKey key) {
        return true;
    }
};
client.addHostKeyVerifier(hkv);

在<条码>OpenSSHKnownHosts中,所有<条码>东道Key UnverifiableAction(......)<条码>方法都是假的,因此改动是好的。

友情链接