自动安装部署工具ideploy,使用ssh连接主机并部署业务 。操作系统SUSE11SP4升级到SUSE12后,出现下列报错:
JSch连接SSH问题Exception:Algorithm negotiation fail[SSH] Exception:Algorithm negotiation fail
/app/aideploy/deploy_xx/xml/deploy-stop.xml:135: The following error occurred while executing this line:
/app/aideploy/deploy_xx/xml/deploy-stop.xml:141: com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:582)
at com.jcraft.jsch.Session.connect(Session.java:320)
at com.jcraft.jsch.Session.connect(Session.java:183)
at org.apache.tools.ant.taskdefs.optional.ssh.SSHBase.openSession(SSHBase.java:225)
at org.apache.tools.ant.taskdefs.optional.ssh.SSHExec.execute(SSHExec.java:236)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
原因分析: 操作系统升级时,sshd版本对应也进行了升级,ssh在6.7版本以后,对一些加密算法不支持,需要手动添加。
OpenSSH和 JSch支持的交换算法不同,需要一方打开另一方支持的交换算法。
查看ssh版本: ssh -V
OpenSSH enables only the following key exchange algorithms by default:
- curve25519-sha256@libssh.org
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
- diffie-hellman-group-exchange-sha256
- diffie-hellman-group14-sha1
Where as JSch claims to support these algorithms for key exchange:
- diffie-hellman-group-exchange-sha1
- diffie-hellman-group1-sha1
解决办法:
在SSH的配置文件
/etc/ssh/sshd_config
增加以下两行,让SSH支持相应的算法和MACs
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com,hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
完成后重启SSH即可解决问题