问题
I am trying to do ssh into other machine using SSHJ. PFA code below (excluded try/catch/finally blocks).
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
final SSHClient sshClient = new SSHClient();
sshClient.addHostKeyVerifier(new PromiscuousVerifier());
sshClient.connect("test-hostname");
sshClient.authPublickey("test-user", private_key_path);
Session session = sshClient.startSession();
Session.Command cmd = session.exec(TEST_SSH_COMMAND);
cmd.join(5, TimeUnit.SECONDS);
if(cmd.getExitStatus() == 0) {
System.out.println("Success");
}
When I try to execute the above program I am getting following error
[reader] n.s.sshj.transport.TransportImpl - Dying because -net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [] and [aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se]
2014-07-01 20:45:09,021 INFO [reader] n.s.sshj.transport.TransportImpl - Disconnected - UNKNOWN
2014-07-01 20:45:09,023 ERROR [pool-3-thread-1] net.schmizz.concurrent.Promise - <<kex done>> woke to: net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [] and [aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, aes192-cbc, aes256-cbc, arcfour, rijndael-cbc@lysator.liu.se]
2014-07-01 20:45:09,024 INFO [pool-3-thread-1] n.s.sshj.transport.TransportImpl - Disconnected - BY_APPLICATION
Can someone help me to debug the issue.
Thanks.
回答1:
I was not able to find any solution to this problem. Instead I started using JSch and it is working fine now.
java.util.Properties config = new java.util.Properties();
config.put("StrictHostKeyChecking", "no");
Session session = null;
ChannelExec channel = null;
try {
JSch jSch = new JSch();
jSch.addIdentity("/tmp/privatekey");
session = jSch.getSession("testuser", address, 22);
session.setConfig(config);
session.connect();
channel = (ChannelExec) session.openChannel("exec");
BufferedReader in = new BufferedReader(new InputStreamReader(channel.getInputStream()));
channel.setCommand(command);
channel.connect();
if (channel.getExitStatus() == 0 || channel.isClosed() || channel.isEOF()) {
logger.info("SSH connection is successful!");
}
in.close();
} catch (JSchException jsche) {
logger.error("Trying to SSH to host: {} but got exception {}", address, jsche);
} finally {
if (channel != null) channel.disconnect();
if (session != null) session.disconnect();
}
回答2:
I had the same problem and it was a class-loading issue here. Another library (winzipaes) had a dependency to another version auf Bouncycastle (bcprov-jdk16) that seemed to have a conflict with the jdk15 version referenced by SSHJ.
Explicitly excluding the jdk16 version helped for me (however I haven't tested the code that uses winzipaes yet).
回答3:
I have faced the very same issue in deploying a Cloudera cluster. Make sure that the client and server sets of supported MACs have a nonempty intersection.
For example I got:
net.schmizz.sshj.transport.TransportImpl: Dying because - net.schmizz.sshj.transport.TransportException: Unable to reach a settlement: [hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96] and [hmac-sha2-512-etm@openssh.com, hmac-sha2-256-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-512, hmac-sha2-256, hmac-ripemd160]
The fix is to add at least one of the client MACs to those supported by the server. On Ubuntu 14.04.2 LTS with SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 just edit MACs in /etc/ssh/sshd_config.
Not really sure about the security implications here, ie some methods might be discouraged as weak, but you get the idea, client and server need to settle on one. Also notice that it is the client to make the choice, the server will adapt.
Don't forget to restart the server (Ubuntu as above): service ssh restart.
来源:https://stackoverflow.com/questions/24519462/net-schmizz-sshj-transport-transportexception-unable-to-reach-a-settlement