ganymed-ssh2连接openssh 8.2

ganymed-ssh2连接openssh 8.2

存在的问题

ganymed-ssh2是一个ssh-2协议实现,因为该项目比较老旧,当sshd服务使用较新的openssh时,一般情况下是无法正常建立ssh连接的。

访问sshd的代码,如下所示:

java 复制代码
public class Main {
    public static void main(String[] args) throws IOException {
        String ipAddress = "127.0.0.1";
        ch.ethz.ssh2.Connection conn = new ch.ethz.ssh2.Connection(ipAddress,22);
        conn.connect();
        boolean isAuthenticated = conn.authenticateWithPassword("username", "password");
        if (isAuthenticated == false)
            throw new IOException("Authentication failed.");
    }
}

当使用如下代码访问sshd时,系统会报如下异常:

解决方法

找到报错代码

下载ganymed-ssh2源码,源码地址为https://www.ganymed.ethz.ch/ssh2/。

找到ch.ethz.ssh2.transport.KexManager文件,搜索异常关键字"Cannot negotiate, proposals do not match."。代码如下所示:

java 复制代码
kxs.np = mergeKexParameters(kxs.localKEX.getKexParameters(), kxs.remoteKEX.getKexParameters());

if (kxs.np == null)
	throw new IOException("Cannot negotiate, proposals do not match.");

从中可知,mergeKexParameters方法返回的kxs.np为空,导致报上述异常。进入mergeKexParameters方法,发现异常原因是因为getFirstMatch方法返回NegotiateException。

打印客户端和服务端协商的算法过程

java 复制代码
private String getFirstMatch(String[] client, String[] server) throws NegotiateException
	{
		if (client == null || server == null)
			throw new IllegalArgumentException();

		if (client.length == 0)
			return null;

		log.log(20, "------------------------------");
		for (int i = 0; i < client.length; i++)
		{
			log.log(20, "client-->" + client[i]);
			for (int j = 0; j < server.length; j++)
			{
				log.log(20, "server-->" + server[i]);
				if (client[i].equals(server[j]))
					return client[i];
			}
		}
		log.log(20, "------------------------------");
		throw new NegotiateException();
	}
shell 复制代码
1750672202863 : ch.ethz.ssh2.transport.TransportConnection: Sent SSH_MSG_KEXINIT 478 bytes payload
1750672202864 : ch.ethz.ssh2.transport.TransportConnection: Received SSH_MSG_KEXINIT 929 bytes payload
1750672202868 : ch.ethz.ssh2.transport.KexManager: ------------------------------
1750672202868 : ch.ethz.ssh2.transport.KexManager: client-->diffie-hellman-group-exchange-sha1
1750672202868 : ch.ethz.ssh2.transport.KexManager: server-->curve25519-sha256
1750672202868 : ch.ethz.ssh2.transport.KexManager: server-->curve25519-sha256
1750672202868 : ch.ethz.ssh2.transport.KexManager: server-->curve25519-sha256
1750672202868 : ch.ethz.ssh2.transport.KexManager: server-->curve25519-sha256
1750672202868 : ch.ethz.ssh2.transport.KexManager: server-->curve25519-sha256
1750672202868 : ch.ethz.ssh2.transport.KexManager: kex_algo=diffie-hellman-group-exchange-sha1
1750672202868 : ch.ethz.ssh2.transport.KexManager: ------------------------------
1750672202868 : ch.ethz.ssh2.transport.KexManager: client-->ssh-rsa
1750672202868 : ch.ethz.ssh2.transport.KexManager: server-->rsa-sha2-512
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->rsa-sha2-512
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->rsa-sha2-512
1750672202869 : ch.ethz.ssh2.transport.KexManager: server_host_key_algo=ssh-rsa
1750672202869 : ch.ethz.ssh2.transport.KexManager: ------------------------------
1750672202869 : ch.ethz.ssh2.transport.KexManager: client-->aes256-ctr
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: ------------------------------
1750672202869 : ch.ethz.ssh2.transport.KexManager: client-->aes256-ctr
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->3des-cbc
1750672202869 : ch.ethz.ssh2.transport.KexManager: enc_algo_client_to_server=aes256-ctr
1750672202869 : ch.ethz.ssh2.transport.KexManager: enc_algo_server_to_client=aes256-ctr
1750672202869 : ch.ethz.ssh2.transport.KexManager: ------------------------------
1750672202869 : ch.ethz.ssh2.transport.KexManager: client-->hmac-sha1-96
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-512
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-512
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-512
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-512
1750672202869 : ch.ethz.ssh2.transport.KexManager: client-->hmac-sha1
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-512-etm@openssh.com
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-512-etm@openssh.com
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-512-etm@openssh.com
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-512-etm@openssh.com
1750672202869 : ch.ethz.ssh2.transport.KexManager: client-->hmac-md5-96
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-256
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-256
1750672202869 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-256
1750672202870 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-256
1750672202870 : ch.ethz.ssh2.transport.KexManager: client-->hmac-md5
1750672202870 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-256-etm@openssh.com
1750672202870 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-256-etm@openssh.com
1750672202870 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-256-etm@openssh.com
1750672202870 : ch.ethz.ssh2.transport.KexManager: server-->hmac-sha2-256-etm@openssh.com
1750672202870 : ch.ethz.ssh2.transport.KexManager: ------------------------------
1750672202870 : ch.ethz.ssh2.transport.TransportManager: Receive thread: error in receiveLoop: Cannot negotiate, proposals do not match.
1750672202870 : ch.ethz.ssh2.transport.TransportManager: Receive thread: back from receiveLoop

从日志可知,客户端支持的算法有:hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5四种;服务端支持的算法有:hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com四种。客户端和服务端没有共同的算法。

查看服务器/etc/ssh/sshd_config文件,可知,hmac算法配置在MACs项中。 修改sshd_config,新增算法hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5,然后重启sshd服务。

测试ssh连接

idea编译ganymed-ssh2

解压下载的源码

复制代码
unzip ganymed-ssh2-build210.zip -d ganymed

添加pom.xml配置

ganymed-ssh2是一个普通的java工程,不方便编译和打包测试,将其转换为maven项目。

复制代码
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>ch.ethz.ssh2</groupId>
    <artifactId>test-ganymed</artifactId>
    <version>1.0</version>

    <properties>
        <maven.compiler.source>8</maven.compiler.source>
        <maven.compiler.target>8</maven.compiler.target>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    </properties>

    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-shade-plugin</artifactId>
                <version>3.2.4</version>
                <executions>
                    <execution>
                        <phase>package</phase>
                        <goals>
                            <goal>shade</goal>
                        </goals>
                        <configuration>
                            <transformers>
                                <transformer
                                        implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
                                    <mainClass>ch.ethz.ssh2.Main</mainClass>
                                </transformer>
                            </transformers>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
</project>

导入idea

在idea中鼠标右键选中pom.xml, 点击"Add as Maven Project"。此时,ganymed项目可以在idea下,通过maven插件进行编译和打包。

相关推荐
YuTaoShao2 小时前
【LeetCode 热题 100】131. 分割回文串——回溯
java·算法·leetcode·深度优先
源码_V_saaskw3 小时前
JAVA图文短视频交友+自营商城系统源码支持小程序+Android+IOS+H5
java·微信小程序·小程序·uni-app·音视频·交友
超浪的晨3 小时前
Java UDP 通信详解:从基础到实战,彻底掌握无连接网络编程
java·开发语言·后端·学习·个人开发
双力臂4043 小时前
Spring Boot 单元测试进阶:JUnit5 + Mock测试与切片测试实战及覆盖率报告生成
java·spring boot·后端·单元测试
Edingbrugh.南空4 小时前
Aerospike与Redis深度对比:从架构到性能的全方位解析
java·开发语言·spring
QQ_4376643144 小时前
C++11 右值引用 Lambda 表达式
java·开发语言·c++
永卿0014 小时前
设计模式-迭代器模式
java·设计模式·迭代器模式
誰能久伴不乏4 小时前
Linux如何执行系统调用及高效执行系统调用:深入浅出的解析
java·服务器·前端
慕y2745 小时前
Java学习第七十二部分——Zookeeper
java·学习·java-zookeeper
midsummer_woo5 小时前
基于spring boot的医院挂号就诊系统(源码+论文)
java·spring boot·后端