ganymed-ssh2连接openssh 8.2

ganymed-ssh2连接openssh 8.2

存在的问题

ganymed-ssh2是一个ssh-2协议实现,因为该项目比较老旧,当sshd服务使用较新的openssh时,一般情况下是无法正常建立ssh连接的。

访问sshd的代码,如下所示:

java 复制代码
public class Main {
    public static void main(String[] args) throws IOException {
        String ipAddress = "127.0.0.1";
        ch.ethz.ssh2.Connection conn = new ch.ethz.ssh2.Connection(ipAddress,22);
        conn.connect();
        boolean isAuthenticated = conn.authenticateWithPassword("username", "password");
        if (isAuthenticated == false)
            throw new IOException("Authentication failed.");
    }
}

当使用如下代码访问sshd时,系统会报如下异常:

解决方法

找到报错代码

下载ganymed-ssh2源码,源码地址为https://www.ganymed.ethz.ch/ssh2/。

找到ch.ethz.ssh2.transport.KexManager文件,搜索异常关键字"Cannot negotiate, proposals do not match."。代码如下所示:

java 复制代码
kxs.np = mergeKexParameters(kxs.localKEX.getKexParameters(), kxs.remoteKEX.getKexParameters());

if (kxs.np == null)
	throw new IOException("Cannot negotiate, proposals do not match.");

从中可知,mergeKexParameters方法返回的kxs.np为空,导致报上述异常。进入mergeKexParameters方法,发现异常原因是因为getFirstMatch方法返回NegotiateException。

打印客户端和服务端协商的算法过程

java 复制代码
private String getFirstMatch(String[] client, String[] server) throws NegotiateException
	{
		if (client == null || server == null)
			throw new IllegalArgumentException();

		if (client.length == 0)
			return null;

		log.log(20, "------------------------------");
		for (int i = 0; i < client.length; i++)
		{
			log.log(20, "client-->" + client[i]);
			for (int j = 0; j < server.length; j++)
			{
				log.log(20, "server-->" + server[i]);
				if (client[i].equals(server[j]))
					return client[i];
			}
		}
		log.log(20, "------------------------------");
		throw new NegotiateException();
	}
shell 复制代码
1750672202863 : ch.ethz.ssh2.transport.TransportConnection: Sent SSH_MSG_KEXINIT 478 bytes payload
1750672202864 : ch.ethz.ssh2.transport.TransportConnection: Received SSH_MSG_KEXINIT 929 bytes payload
1750672202868 : ch.ethz.ssh2.transport.KexManager: ------------------------------
1750672202868 : ch.ethz.ssh2.transport.KexManager: client-->diffie-hellman-group-exchange-sha1
1750672202868 : ch.ethz.ssh2.transport.KexManager: server-->curve25519-sha256
1750672202868 : ch.ethz.ssh2.transport.KexManager: server-->curve25519-sha256
1750672202868 : ch.ethz.ssh2.transport.KexManager: server-->curve25519-sha256
1750672202868 : ch.ethz.ssh2.transport.KexManager: server-->curve25519-sha256
1750672202868 : ch.ethz.ssh2.transport.KexManager: server-->curve25519-sha256
1750672202868 : ch.ethz.ssh2.transport.KexManager: kex_algo=diffie-hellman-group-exchange-sha1
1750672202868 : ch.ethz.ssh2.transport.KexManager: ------------------------------
1750672202868 : ch.ethz.ssh2.transport.KexManager: client-->ssh-rsa
1750672202868 : ch.ethz.ssh2.transport.KexManager: server-->rsa-sha2-512
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->rsa-sha2-512
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->rsa-sha2-512
1750672202869 : ch.ethz.ssh2.transport.KexManager: server_host_key_algo=ssh-rsa
1750672202869 : ch.ethz.ssh2.transport.KexManager: ------------------------------
1750672202869 : ch.ethz.ssh2.transport.KexManager: client-->aes256-ctr
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: ------------------------------
1750672202869 : ch.ethz.ssh2.transport.KexManager: client-->aes256-ctr
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: enc_algo_client_to_server=aes256-ctr
1750672202869 : ch.ethz.ssh2.transport.KexManager: enc_algo_server_to_client=aes256-ctr
1750672202869 : ch.ethz.ssh2.transport.KexManager: ------------------------------
1750672202869 : ch.ethz.ssh2.transport.KexManager: client-->hmac-sha1-96
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-512
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-512
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-512
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-512
1750672202869 : ch.ethz.ssh2.transport.KexManager: client-->hmac-sha1
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-512-etm@openssh.com
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-512-etm@openssh.com
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-512-etm@openssh.com
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-512-etm@openssh.com
1750672202869 : ch.ethz.ssh2.transport.KexManager: client-->hmac-md5-96
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-256
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-256
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-256
1750672202870 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-256
1750672202870 : ch.ethz.ssh2.transport.KexManager: client-->hmac-md5
1750672202870 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-256-etm@openssh.com
1750672202870 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-256-etm@openssh.com
1750672202870 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-256-etm@openssh.com
1750672202870 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-256-etm@openssh.com
1750672202870 : ch.ethz.ssh2.transport.KexManager: ------------------------------
1750672202870 : ch.ethz.ssh2.transport.TransportManager: Receive thread: error in receiveLoop: Cannot negotiate, proposals do not match.
1750672202870 : ch.ethz.ssh2.transport.TransportManager: Receive thread: back from receiveLoop

从日志可知,客户端支持的算法有:hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5四种;服务端支持的算法有:hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com四种。客户端和服务端没有共同的算法。

查看服务器/etc/ssh/sshd_config文件,可知,hmac算法配置在MACs项中。 修改sshd_config,新增算法hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5,然后重启sshd服务。

测试ssh连接

idea编译ganymed-ssh2

解压下载的源码

复制代码
unzip ganymed-ssh2-build210.zip -d ganymed

添加pom.xml配置

ganymed-ssh2是一个普通的java工程,不方便编译和打包测试,将其转换为maven项目。

复制代码
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>ch.ethz.ssh2</groupId>
    <artifactId>test-ganymed</artifactId>
    <version>1.0</version>

    <properties>
        <maven.compiler.source>8</maven.compiler.source>
        <maven.compiler.target>8</maven.compiler.target>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    </properties>

    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-shade-plugin</artifactId>
                <version>3.2.4</version>
                <executions>
                    <execution>
                        <phase>package</phase>
                        <goals>
                            <goal>shade</goal>
                        </goals>
                        <configuration>
                            <transformers>
                                <transformer
                                        implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
                                    <mainClass>ch.ethz.ssh2.Main</mainClass>
                                </transformer>
                            </transformers>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
</project>

导入idea

在idea中鼠标右键选中pom.xml, 点击"Add as Maven Project"。此时,ganymed项目可以在idea下,通过maven插件进行编译和打包。

相关推荐
Fireworkitte4 小时前
Apache POI 详解 - Java 操作 Excel/Word/PPT
java·apache·excel
weixin-a153003083164 小时前
【playwright篇】教程(十七)[html元素知识]
java·前端·html
DCTANT5 小时前
【原创】国产化适配-全量迁移MySQL数据到OpenGauss数据库
java·数据库·spring boot·mysql·opengauss
Touper.5 小时前
SpringBoot -- 自动配置原理
java·spring boot·后端
黄雪超5 小时前
JVM——函数式语法糖:如何使用Function、Stream来编写函数式程序?
java·开发语言·jvm
ThetaarSofVenice5 小时前
对象的finalization机制Test
java·开发语言·jvm
望获linux6 小时前
【实时Linux实战系列】CPU 隔离与屏蔽技术
java·linux·运维·服务器·操作系统·开源软件·嵌入式软件
JosieBook6 小时前
【Java编程动手学】使用IDEA创建第一个HelloJava程序
java·开发语言·intellij-idea
Thomas_YXQ7 小时前
Unity3D DOTS场景流式加载技术
java·开发语言·unity
summer夏1237 小时前
2025.07 做什么
java·android studio