问题
I know this has been asked a few times but I have tried many of the accepted solutions already given.
I am creating a simple SSH tunnel using JSch. and I keep getting this error along with this in the logs:
INFO: diffie-hellman-group14-sha1 is not available.
I have already added the Java unlimited policy files to the correct folder and I have added this algorithm to the KexAlgorithms section in the sshd_config file. Below is the full log breakdown.
INFO: Connecting to xx.xx.xxx.xxx port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-OpenSSH_6.8
INFO: Local version string: SSH-2.0-JSCH-0.1.50
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192- cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1
INFO: diffie-hellman-group14-sha1 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
INFO: kex: server: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
INFO: kex: server: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
INFO: kex: server: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
INFO: kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
INFO: kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
INFO: kex: server: none,zlib@openssh.com
INFO: kex: server: none,zlib@openssh.com
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
INFO: kex: client: ssh-rsa,ssh-dss
INFO: kex: client: aes256-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
INFO: kex: client: hmac-sha2-256
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: Disconnecting from xx.xx.xxx.xxx port 22
com.jcraft.jsch.JSchException: Algorithm negotiation fail
回答1:
Your client and server do not share a common KEX algorithm:
INFO: kex: server: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
As you can see, none of the algorithms supported by either are found in the other's list. You can add support for additional KEX algorithms to your client in one of two ways:
- Upgrade JSch to the latest release (0.1.52) to automatically enable support for sha256.
If you're stuck with 0.1.51, you can programatically enable sha256:
JSch shell = new JSch(); Properties config = new Properties(); config.put("kex", "diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256"); config.put("StrictHostKeyChecking", "no");Then create your session and set the configuration with:
Session session = ... session.setConfig(config);
回答2:
To make this key exchange algorithm available you have to add a security provider which supports it. The unrestricted policy files you mentioned are also required.
Provider installation for Bouncycastle:
import org.bouncycastle.jce.provider.BouncyCastleProvider;
...
Security.addProvider(new BouncyCastleProvider());
Make sure that the necessary jar files are included on your Java CLASSPATH.
回答3:
We also faced same issue, but i found the root cause of this issue.
Its working fine when i am executing from plain java program
When i am executing from application (Which Deployed in weblogic) its failing.
Reason: Weblogic application is using Default Jrockit API 1.6.0.29, out side its using JDK 1.6.0.41.
Changed the Weblogic JAVA version then its working fine.
来源:https://stackoverflow.com/questions/30077327/jschexception-algorithm-negotiation-fail-diffie-hellman-group14-sha1