JSch连接SSH问题Exception:Algorithm negotiation fail

自动安装部署工具ideploy,使用ssh连接主机并部署业务 。操作系统SUSE11SP4升级到SUSE12后,出现下列报错: 

JSch连接SSH问题Exception:Algorithm negotiation fail[SSH] Exception:Algorithm negotiation fail 

/app/aideploy/deploy_xx/xml/deploy-stop.xml:135: The following error occurred while executing this line:
/app/aideploy/deploy_xx/xml/deploy-stop.xml:141: com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:582)
at com.jcraft.jsch.Session.connect(Session.java:320)
at com.jcraft.jsch.Session.connect(Session.java:183)
at org.apache.tools.ant.taskdefs.optional.ssh.SSHBase.openSession(SSHBase.java:225)
at org.apache.tools.ant.taskdefs.optional.ssh.SSHExec.execute(SSHExec.java:236)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)


原因分析: 操作系统升级时,sshd版本对应也进行了升级,ssh在6.7版本以后,对一些加密算法不支持,需要手动添加。
OpenSSH和 JSch支持的交换算法不同,需要一方打开另一方支持的交换算法。 

查看ssh版本: ssh -V  

OpenSSH enables only the following key exchange algorithms by default: 
- curve25519-sha256@libssh.org 
- ecdh-sha2-nistp256 
- ecdh-sha2-nistp384 
- ecdh-sha2-nistp521 
- diffie-hellman-group-exchange-sha256 
- diffie-hellman-group14-sha1 

Where as JSch claims to support these algorithms for key exchange: 
- diffie-hellman-group-exchange-sha1 
- diffie-hellman-group1-sha1 
解决办法: 
在SSH的配置文件 
/etc/ssh/sshd_config 
增加以下两行,让SSH支持相应的算法和MACs 


KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com,hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 
完成后重启SSH即可解决问题

上一篇:java – ANTLR:Unicode字符扫描


下一篇:关于Springboot中JSCH使用说明