码农志因项目中需要连接SFTP,使用了jsch的工具包,但是在使用SFTP功能的时候发现后台日志打印出如下报错:
ERROR 2017-05-10 10:36:41.936 [http-bio-8088-exec-1593] com.tvzr.ftp.client.SFTPClient[line:107] - com.tvzr.ftp.client.SFTPClient@7741c1f0
com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:532) ~[jsch-0.1.45.jar:na]
at com.jcraft.jsch.Session.connect(Session.java:295) ~[jsch-0.1.45.jar:na]
at com.jcraft.jsch.Session.connect(Session.java:158) ~[jsch-0.1.45.jar:na]
at com.tvzr.ftp.client.SFTPClient.connectFTPServer(SFTPClient.java:98) ~[classes/:na]
at com.tvzr.etl.source.service.EtlSrcDataService.checkFTP(EtlSrcDataService.java:490) [classes/:na]
at com.tvzr.etl.source.service.EtlSrcDataService$$FastClassByCGLIB$$468c1388.invoke(<generated>) [cglib-nodep-2.2.jar:na]
查询了原因,在jsch的ChangeLog中发现:
Changes since version 0.1.52: - bugfix: the rekey initiated by the remote may crash the session. - change: Logjam: use ecdh-sha2-nistp* if available, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 - change: Logjam: diffie-hellman-group-exchange-sha256 and diffie-hellman-group-exchange-sha1 will use 2048-bit key on Java8's SunJCE, thanks to JDK-6521495 and JDK-7044060. - change: key words for OpenSSH's config file should be case-insensitive. - change: there should be the host name in "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED" message.
应该是项目中用到的工具包太旧导致的,项目中用到的的是0.1.45。升级到最新版本就正常使用,旧版本的jsch的一个bug导致算法协商失败,两台机器的OPENSSH版本不一样,导致两台机器的默认算法列表不一致,通过下面的命令:
ssh -vvv destip
可以查看不同版本OpenSSH默认的算法列表。
