我支持遗留Web应用程序,一个功能是使用JSCH来SFTP附加到另一个服务器 . 我们的服务器操作团队最近在DSA密钥之上添加了一个新的RSA密钥到目标服务器,现在我们收到了com.jcraft.jsch.JSchException:Auth fail错误消息 . 这是代码:
public final static void sftpFileToRemoteDirectory(
String clientConnect,
int clientPort,
String clientLogin,
String encryptedPassword,
String path,
String remoteFile,
byte[] file)
throws Exception
{
JSch jsch = new JSch();
Session session = null;
ByteArrayInputStream baInputStream = null;
try {
//using port 24
session = jsch.getSession(clientLogin, clientConnect, clientPort);
session.setConfig("StrictHostKeyChecking", "no");
// Decrypt password string and set password
String saPwd = new EncryptionHelper().decryptString(encryptedPassword);
session.setPassword(saPwd);
session.connect();
Channel channel = session.openChannel("sftp");
channel.connect();
ChannelSftp sftpChannel = (ChannelSftp) channel;
sftpChannel = (ChannelSftp)channel;
System.out.println("Changing to FTP remote dir: " +
path);
sftpChannel.cd(path);
//get ByteArrayInputStream for file
byte b[] = file;
baInputStream = new ByteArrayInputStream(b);
//Put file on server
System.out.println("Moving " + remoteFile + " to " + path);
sftpChannel.put(baInputStream, remoteFile);
sftpChannel.exit();
} finally {
try {
baInputStream.close();
if (session != null) {
session.disconnect();
}
} catch (Exception e) {
// Don't throw exception caused by closing stream
e.printStackTrace();
}
}
}
我找到了this post that seemed related . 我们仔细检查并确保目标服务器位于已知主机列表中 . 这仅包括服务器名称,FQDN和FQDN加上端口号,但没有运气 . 我可以对代码进行任何更改?
错误消息:
20:40:37,639 ERROR [stderr](ajp - 127.0.0.1-8009-20)引起:com.jcraft.jsch.JSchException:Auth fail 20:40:37,639 ERROR [stderr](ajp - 127.0 . 0.1-8009-20)在com.jcraft.jsch.Session.connect(Session.java:461)20:40:37,639错误[stderr](ajp - 127.0.0.1-8009-20)at com.jcraft.jsch .Session.connect(Session.java:154)20:40:37,639 ERROR [stderr](ajp - 127.0.0.1-8009-20)at com.lmig.requestit.utils.RequestITFileManagementUtils.sftpFileToRemoteDirectory(RequestITFileManagementUtils.java:54 )20:40:37,639 ERROR [stderr](ajp - 127.0.0.1-8009-20)at com.lmig.requestit.modules.desktop.automation.Form2039Automation.automateOutlookPhotoMoveFileToPhoto(Form2039Automation.java:109)20:40:37,640错误[stderr](ajp - 127.0.0.1-8009-20)......还有27个
以下是来自JSCH的日志:
13:41:10,184 INFO [stdout](ajp - 127.0.0.1-8009-7)信息:连接到“服务器”端口24 13:41:10,188 INFO [stdout](ajp - 127.0.0.1-8009- 7)INFO: Build 连接13:41:10,190 INFO [stdout](ajp - 127.0.0.1-8009-7)信息:远程版本字符串:SSH-2.0-1.07 FlowSsh:WinSSHD 5.20 13:41:10,190 INFO [stdout ](ajp - 127.0.0.1-8009-7)INFO:本地版本字符串:SSH-2.0-JSCH-0.1.44 13:41:10,190 INFO [stdout](ajp - 127.0.0.1-8009-7)INFO :CheckCiphers:aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 13:41:10,231 INFO [stdout](ajp - 127.0 .0.1-8009-7)INFO:aes256-ctr不可用 . 13:41:10,231 INFO [stdout](ajp - 127.0.0.1-8009-7)信息:aes192-ctr不可用 . 13:41:10,232 INFO [stdout](ajp - 127.0.0.1-8009-7)信息:aes256-cbc不可用 . 13:41:10,232 INFO [stdout](ajp - 127.0.0.1-8009-7)信息:aes192-cbc不可用 . 13:41:10,232 INFO [stdout](ajp - 127.0.0.1-8009-7)信息:arcfour256不可用 . 13:41:10,232 INFO [stdout](ajp - 127.0.0.1-8009-7)信息:SSH_MSG_KEXINIT已发送13:41:10,233 INFO [stdout](ajp - 127.0.0.1-8009-7)INFO:SSH_MSG_KEXINIT已收到13:41:10,235 INFO [stdout](ajp - 127.0.0.1-8009-7)信息:kex:server-> client aes128-ctr hmac-md5 none 13:41:10,235 INFO [stdout](ajp - 127.0 .0.1-8009-7)INFO:kex:client-> server aes128-ctr hmac-md5 none 13:41:10,261 INFO [stdout](ajp - 127.0.0.1-8009-7)INFO:SSH_MSG_KEXDH_INIT发送13:41 :10,262 INFO [stdout](ajp - 127.0.0.1-8009-7)信息:期待SSH_MSG_KEXDH_REPLY 13:41:10,285 INFO [stdout](ajp - 127.0.0.1-8009-7)INFO:ssh_rsa_verify:signature true 13 :41:10,299 INFO [stdout](ajp - 127.0.0.1-8009-7)警告:永久性地将“服务器”(RSA)添加到已知主机列表中 . 13:41:10,299 INFO [stdout](ajp - 127.0.0.1-8009-7)信息:SSH_MSG_NEWKEYS发送13:41:10,299 INFO [stdout](ajp - 127.0.0.1-8009-7)INFO:SSH_MSG_NEWKEYS收到13:41:10,312 INFO [stdout](ajp - 127.0.0.1-8009-7)信息:SSH_MSG_SERVICE_REQUEST已发送13:41:10,312 INFO [stdout](ajp - 127.0.0.1-8009-7)INFO:SSH_MSG_SERVICE_ACCEPT已收到13:41:10,314 INFO [stdout](ajp - 127.0.0.1-8009-7)信息:可以继续的身份验证:gssapi-with-mic,publickey,keyboard-interactive,password 13:41:10,314 INFO [stdout] (ajp - 127.0.0.1-8009-7)信息:下一个身份验证方法:gssapi-with-mic 13:41:10,330 INFO [stdout](ajp - 127.0.0.1-8009-7)信息:可以继续的身份验证:publickey,keyboard-interactive,密码13:41:10,330 INFO [stdout](ajp - 127.0.0.1-8009-7)信息:下一个身份验证方法:publickey 13:41:10,333 INFO [stdout](ajp - 127.0 .0.1-8009-7)INFO:可以继续的身份验证:密码13:41:10,333 INFO [stdout](ajp - 127.0.0.1-8009-7)信息:下一个身份验证方法:pas剑13:41:13,345 INFO [stdout](ajp - 127.0.0.1-8009-7)信息:断开与“服务器”端口24的连接