FTP服务器经过迁移以获得更好的安全性(不知道有关它的详细信息) .
但升级后,我们无法从服务器下载/上传文件 . 它在升级之前工作正常 . 错误日志说:
ns0:Client无法连接到FTP Server.http://schemas.cordys.com/ftpconnector/1.1Cordys.FTPConnector.Messages.ftpserverConnectionFailedcom.eibus.applicationconnector.ftp.FTPException:com.eibus.applicationconnector.ftp上的算法协商失败.CordysSFTPClient.connect(CordysSFTPClient.java:78)位于com.eibus.applicationconnector.ftp.FTPCommand.connect(FTPCommand.java:86)的com.eibus.applicationconnector.ftp.FTPTransaction.process(FTPTransaction.java:109)at Com.eibus.soap.SOAPTransaction.handleBodyBlock(SOAPTransaction.java:1340)位于com.eibus.soap.SOAPTransaction . (SOAPTransaction.java:546)com.eibus.soap.SOAPTransaction . (SOAPTransaction.java:195)at com .eibus.soap.Processor.onReceive(Processor.java:1024)at com.eibus.soap.Processor.onReceive(Processor.java:997)at com.eibus.connector.nom.Connector.onReceive(Connector.java:483) )com.eibus.transport.NonTransactionalTerreadBody.doWork(NonTransactionalWorkerThreadBody.java:61)at com.eibus.transport.NonTransactionalWorke r.ehusBody.run(NonTransactionalWorkerThreadBody.java:26)at com.eibus.util.threadpool.WorkerThread.run(WorkerThread.java:67)引起:com.jcraft.jsch.JSchException:com.jcraft.jsch上的算法协商失败 . Session.receive_kexinit(Session.java:520)位于com.jcraft.jsch.Session.connect(Session.java:286)的com.jcraft.jsch.Session.connect(Session.java:150)com.eibus.applicationconnector .ftp.CordysSFTPClient.connectOnce(CordysSFTPClient.java:124)at com.eibus.applicationconnector.ftp.CordysSFTPClient.connect(CordysSFTPClient.java:64)... 11更多
使用的jsch jar版本是:jsch-0.1.41.jar使用的java版本是:1.7.0_40
注意
-
我们不会在那里更改任何设置 .
-
升级Java版本不是一个选项
Trial 1 在google上花了一些时间后,我明白升级jsch jar版本可能有所帮助 . 所以我使用了最新的jsch jar:jsch-0.1.54.jar . 在此之后我开始收到以下错误:
com.eibus.applicationconnector.ftp.FTPException:Session.connect:java.security.InvalidAlgorithmParameterException:Prime大小必须是64的倍数,并且在com.eibus.applicationconnector.ftp.CordysSFTPClient上的范围仅为512到1024(包括) .connect(CordysSFTPClient.java:78)com.com的com.eibus.applicationconnector.ftp.FTPCommand.connect(FTPCommand.java:86)com.eibus.applicationconnector.ftp.FTPTransaction.process(FTPTransaction.java:109) . 位于com.eibus.soap.SOAPTransaction的com.eibus.soap.SOAPTransaction . (SOAPTransaction.java:546)的eibus.soap.SOAPTransaction.handleBodyBlock(SOAPTransaction.java:1340)com.eibus的com.eibus.soap.SOAPTransaction . (SOAPTransaction.java:195) .soap.Processor.onReceive(Processor.java:1024)at com.eibus.soap.Processor.onReceive(Processor.java:997)at com.eibus.connector.nom.Connector.onReceive(Connector.java:483)at at com.eibus.transport.NonTransactionalWorkerThreadBody.doWork(NonTransactionalWorkerThreadBody.java:61)at com.eibus.transport.NonTransactionalWorkerThreadBody.run (NonTransactionalWorkerThreadBody.java:26)at com.eibus.util.threadpool.WorkerThread.run(WorkerThread.java:67)引起:com.jcraft.jsch.JSchException:Session.connect:java.security.InvalidAlgorithmParameterException:Prime size必须是com.jcraft.jsch.Session.connect(Session.java:183)中com.jcraft.jsch.Session.connect(Session.java:565)的64的倍数,范围仅为512到1024(含) . at com.eibus.applicationconnector.ftp.CordysSFTPClient.connectOnce(CordysSFTPClient.java:124)at com.eibus.applicationconnector.ftp.CordysSFTPClient.connect(CordysSFTPClient.java:64)... 11 more
Trial 2 :安装无限强度管辖权政策文件(www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html),这也没用 . 得到了同样的错误
任何指针都会有所帮助 .
这是我用来连接到ftp的一段代码:
private void connectOnce(FTPConfiguration ftpConfiguration) throws JSchException {
JSch jsch = new JSch();
this.session = jsch.getSession(ftpConfiguration.getUsername(), ftpConfiguration.getServer(), ftpConfiguration.getPort());
this.session.setPassword(ftpConfiguration.getPassword());
Properties config = new Properties();
config.put("StrictHostKeyChecking", "no");
this.session.setConfig(config);
if (logger.isDebugEnabled()) {
logger.debug("Opening SFTP connection to " + ftpConfiguration.getServer());
}
this.session.connect();
}
1 回答
我想我找到了解决方案 .
解决方案涉及修改jsch源代码 . (最新版本1.0.54) . 我做了一些研究,最终能够强迫jsch使用“Bouncy Castle”安全提供商 . 这涉及到更改jsch库中以下类的源代码:
com.jcraft.jsch.jce.KeyPairGenDSA
com.jcraft.jsch.jce.KeyPairGenECDSA
com.jcraft.jsch.jce.KeyPairGenRSA
com.jcraft.jsch.jce.DH
每当它尝试使用keyGenerator的geInstance时,我都添加了以下参数 .
从这篇文章中得到一些想法(I've put security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider but it isn't being used during SSL handshake)