JSchException: Algorithm negotiation fail diffie-hellman-group14-sha1

问题:

I know this has been asked a few times but I have tried many of the accepted solutions already given.

I am creating a simple SSH tunnel using JSch. and I keep getting this error along with this in the logs:

INFO: diffie-hellman-group14-sha1 is not available. 

I have already added the Java unlimited policy files to the correct folder and I have added this algorithm to the KexAlgorithms section in the sshd_config file. Below is the full log breakdown.

INFO: Connecting to xx.xx.xxx.xxx port 22 INFO: Connection established INFO: Remote version string: SSH-2.0-OpenSSH_6.8 INFO: Local version string: SSH-2.0-JSCH-0.1.50 INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-     cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 INFO: CheckKexes: diffie-hellman-group14-sha1 INFO: diffie-hellman-group14-sha1 is not available. INFO: SSH_MSG_KEXINIT sent INFO: SSH_MSG_KEXINIT received INFO: kex: server: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 INFO: kex: server: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 INFO: kex: server: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com INFO: kex: server: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com INFO: kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 INFO: kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 INFO: kex: server: none,zlib@openssh.com INFO: kex: server: none,zlib@openssh.com INFO: kex: server:  INFO: kex: server:  INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 INFO: kex: client: ssh-rsa,ssh-dss INFO: kex: client: aes256-cbc INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc INFO: kex: client: hmac-sha2-256 INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 INFO: kex: client: none INFO: kex: client: none INFO: kex: client:  INFO: kex: client:  INFO: Disconnecting from xx.xx.xxx.xxx port 22 com.jcraft.jsch.JSchException: Algorithm negotiation fail 

回答1:

Your client and server do not share a common KEX algorithm:

INFO: kex: server: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1

INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1

As you can see, none of the algorithms supported by either are found in the other's list. You can add support for additional KEX algorithms to your client in one of two ways:

1. Upgrade JSch to the latest release (0.1.52) to automatically enable support for sha256.

2. If you're stuck with 0.1.51, you can programatically enable sha256:

   JSch shell = new JSch(); Properties config = new Properties(); config.put("kex", "diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256"); config.put("StrictHostKeyChecking", "no"); 

   Then create your session and set the configuration with:

   Session session = ... session.setConfig(config); 

回答2:

To make this key exchange algorithm available you have to add a security provider which supports it. The unrestricted policy files you mentioned are also required.

Provider installation for Bouncycastle:

import org.bouncycastle.jce.provider.BouncyCastleProvider; ... Security.addProvider(new BouncyCastleProvider()); 

Make sure that the necessary jar files are included on your Java CLASSPATH.

文章来源: JSchException: Algorithm negotiation fail diffie-hellman-group14-sha1