在JSch中使用2048位素数

我试图尝试从我的Java应用程序到客户端的外部服务器的SSH连接 . 客户端增强了安全性，他们不接受1024位素数，但我的JSch只发送1024位素数 .

请在下面的应用程序中找到详细的错误输出：

INFO  |: Launching [sftp] handler
INFO  |: Creating SFTP session to host [server1] with logger for JSch
INFO  |: Connecting via public/private key.
INFO  |: Session created.
INFO  |: Connecting to server1 port 22
INFO  |: Connection established
INFO  |: Remote version string: SSH-2.0-VShell_4_1_1_862 VShell
INFO  |: Local version string: SSH-2.0-JSCH-0.1.53
INFO  |: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO  |: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO  |: SSH_MSG_KEXINIT sent
INFO  |: SSH_MSG_KEXINIT received
INFO  |: kex: server: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
INFO  |: kex: server: ecdsa-sha2-nistp256,ssh-dss,ssh-rsa
INFO  |: kex: server: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
INFO  |: kex: server: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
INFO  |: kex: server: hmac-sha2-512,hmac-sha2-256,hmac-sha1
INFO  |: kex: server: hmac-sha2-512,hmac-sha2-256,hmac-sha1
INFO  |: kex: server: zlib@openssh.com,zlib,none
INFO  |: kex: server: zlib@openssh.com,zlib,none
INFO  |: kex: client: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO  |: kex: client: ssh-rsa,ssh-dss
INFO  |: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO  |: kex: client: aes128-cbc,3des-cbc
INFO  |: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO  |: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO  |: kex: server->client aes128-cbc hmac-sha1 none
INFO  |: kex: client->server aes128-ctr hmac-sha1 none
INFO  |: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent
INFO  |: expecting SSH_MSG_KEX_DH_GEX_GROUP
INFO  |: Disconnecting from server1 port 22
ERROR |: Unable to connect to SFTP server. com.jcraft.jsch.JSchException: SSH_MSG_DISCONNECT: 11 No appropriate prime between 1024 and 1024 is available.  en
INFO  |: -----------------------------------------------------------------------------------------------

很少有其他博客建议升级到JSch版本0.1.53将解决问题，但我已经在我的应用程序中使用0.1.53版本 .

当我尝试使用详细选项从命令行连接时，我能够连接：

$ sftp -v username@server1
Connecting to server1...
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to server1 [10.XX.XXX.XXX] port 22.
debug1: Connection established.
debug1: identity file /.ssh/id_rsa type 1
debug1: identity file /.ssh/id_rsa-cert type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_dsa-cert type -1
debug1: identity file /.ssh/id_ecdsa type -1
debug1: identity file /.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version VShell_4_1_1_862 VShell
debug1: no match: VShell_4_1_1_862 VShell
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server1' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:155
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_GB
debug1: Sending subsystem: sftp
sftp>

注意：我使用SSH-2 RSA 2048位密钥进行连接，使用我的应用程序和命令行 . 我使用我的应用程序和命令行可以看到的唯一区别是：

我的应用程序在连接时发送以下信息：

INFO  |: SSH_MSG_KEX_DH_GEX_REQUEST(1024<1024<1024) sent

而连接时命令行连接正在发送以下信息：

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent

有关如何更改我的应用程序以发送SSH2_MSG_KEX_DH_GEX_REQUEST（1024 <2048 <8192）的任何建议都会有所帮助 .