JSchException: Algorithm negotiation fail

问题:

I am trying to connect to remote sftp server over ssh with JSch (0.1.44-1) but during "session.connect();" I am getting this exception:

com.jcraft.jsch.JSchException: Algorithm negotiation fail at  com.jcraft.jsch.Session.receive_kexinit(Session.java:529) at  com.jcraft.jsch.Session.connect(Session.java:291) at com.jcraft.jsch.Session.connect(Session.java:154) ...  

Logs from JSch:

INFO: Connecting to xx.xx.xx.xxport 22  INFO: Connection established  INFO: Remote version string: SSH-2.0-WeOnlyDo 2.0.6  INFO: Local version string: SSH-2.0-JSCH-0.1.44  INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 INFO: aes256-ctr is not available.  INFO: aes192-ctr is not available. INFO: aes256-cbc is not available.  INFO: aes192-cbc is not available. INFO: arcfour256 is not available.  INFO: SSH_MSG_KEXINIT sent INFO: SSH_MSG_KEXINIT received  INFO: Disconnecting from xx.xx.xx.xx port 22  

I am able to log in to remote server with linux sftp command. I was trying to find any kind of clue in the internet but I failed.

Debug output from linux sftp command:

OpenSSH_5.5p1-DAM_1.2, OpenSSL 0.9.8r 8 Feb 201  debug1: Reading configuration data /etc/DAM/ssh/ssh_config debug1: Applying options for * debug1: Applying options for *.* debug1: Connecting to xx.xx.xx.xx [xx.xx.xx.xx] port 22. debug1: Connection established. debug1: identity file /**/spv_id_rsa.key type -1 debug1: identity file /**/spv_id_rsa.key-cert type -1 debug1: Remote protocol version 2.0, remote software version WeOnlyDo 2.0.6 debug1: no match: WeOnlyDo 2.0.6 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.5p1-DAM_1.2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes256-cbc hmac-md5 none debug1: kex: client->server aes256-cbc hmac-md5 none debug1: sending SSH2_MSG_KEXDH_INIT debug1: expecting SSH2_MSG_KEXDH_REPLY debug1: Host 'xx.xx.xx.xx' is known and matches the RSA host key. debug1: Found key in ~/.ssh/known_hosts:8 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /**/spv_id_rsa.key debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending subsystem: sftp Connected to xx.xx.xx.xx. sftp> 

回答1:

There are a couple of places that SSH clients and servers try and agree on a common implementation. Two I know of are encryption and compression. The server and client produce a list of available options and then the best available option in both lists is chosen.

If there is no acceptable option in the lists then it fails with the error you got. I'm guessing from the debug output here but it looks like the only server options for encryption are "aes256-cbc hmac-md5 none".

JSch doesn't do hmac-md5 and aes256-cbc is disabled because of your Java policy files. Two things you could try are...

1. To increase the available encryption libraries on the server, install unrestricted policy files on your client, enabling aes256-cbc (make sure the message saying it is disabled goes away, those policy files are notoriously easy to install on the wrong JVM) from the Sun Java 6 download site,
2. or try and disable encryption.

The first is ideal if you have access to the server (trust me aes128-cbc is plenty of encryption), but the second is easy enough to quickly test out the theory.

回答2:

Finally a solution that works without having to make any changes to the server:

1. Download the latest jsch.jar as Yvan suggests: http://sourceforge.net/projects/jsch/files/jsch.jar/ jsch-0.1.52.jar works fine

2. Place the downloaded file in your "...\JetBrains\PhpStorm 8.0.1\lib", and remove the existing jsch-file (for PHPStorm 8 it's jsch-0.1.50.jar)

3. Restart PHPStorm and it should work

Use the same solution for Webstorm

回答3:

FWIW, I had this same error message under JSch 0.1.50. Upgrading to 0.1.52 solved the problem.

回答4:

I had the same issue, running Netbeans 8.0 on Windows, and JRE 1.7.

I just installed JRE 1.8 from https://www.java.com/fr/download/ (note that it's called Version 8 but it's version 1.8 when you install it), and it fixed it.

回答5:

The issue is with the Version of JSCH jar you are using.

Update it to latest jar.

I was also getting the same error and this solution worked.

You can download latest jar from

http://www.jcraft.com/jsch/

回答6:

add to your sshd_config on the server.

This worked, but make sure you restart sshd: sudo service sshd restart

回答7:

The complete steps to add the algorithms to the RECEIVING server (the one you are connecting to). I'm assuming this is a Linux server.

sudo /etc/ssh/sshd_config 

Add this to the file (it can be at the end):

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 

Then restart the SSH server:

sudo service sshd restart 

回答8:

Make sure that you're using the latest version of JSch. I had this exact same problem when using JSch 0.1.31 and trying to connect to a RedHat 5 server. Updating to the latest version solved the problem.

文章来源: JSchException: Algorithm negotiation fail