我目前正在尝试使用Jsch库(v0.1.52)通过java Build 与服务器的SFTP连接 . 作为身份验证我正在使用私钥/公钥对 .

私钥看起来像这样:

PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: rsa-key-test
Public-Lines: 12
...
Private-Lines: 28
...

publickey看起来像这样:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-test"
...
---- END SSH2 PUBLIC KEY ----

我还创建了一个“known_hosts”文件,并通过以下方式设置:

jsch.setKnownHosts(filePath + "known_hosts");

为了测试我设置了Rebex Tiny SFTP服务器,它没有任何问题 . 公钥文件在开头没有.pub-extension,但我必须手动更改,以便Rebex Server识别文件并使用它(实际远程服务器上的密钥文件可能没有扩展名) .

在远程服务器上尝试相同的密钥对时,我收到“无效的私钥”异常:

2018-12-07 15:22:14.900 [main] INFO  sftpdemo.clients.SftpClient - com.jcraft.jsch.JSchException: invalid privatekey: [B@8e0379d

我已经尝试通过puTTYgen将私钥转换为其他格式,如openSSH和.pem - 尽管.ppk应该适用于v0.1.52及更高版本(使用Rebex Server测试) . 这些也可以在Rebex服务器上正常工作,但在与远程服务器一起使用时会产生“连接被拒绝”异常 .

不幸的是我没有直接访问远程服务器来检查那里的一切,但我被告知公钥已经正确部署 .

我会很感激我可能缺少的任何提示,或者仍然可以尝试使其工作 . 我读了一些关于4096位密钥的东西可能有问题,但是如果我无法更改已部署的公钥,还没有找到解决此问题的方法 .

使用的简化代码如下所示:

Jsch jsch = new JSch();
Session session = null;

//add known hosts file for authentication
jsch.setKnownHosts(filePath + "known_hosts");

keyPath = filePath + "privatekey.ppk";
jsch.addIdentity(keyPath);
session = jsch.getSession("test", [SERVER_IP], 22);

session.connect();

并且在“session.connect()”部分中抛出异常 .

提前致谢 :)

编辑:

Stacktraces如下:

.ppk键:

com.jcraft.jsch.JSchException: invalid privatekey: [B@51931956
at com.jcraft.jsch.KeyPair.load(KeyPair.java:747)
at com.jcraft.jsch.KeyPair.load(KeyPair.java:561)
at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:40)
at com.jcraft.jsch.JSch.addIdentity(JSch.java:408)
at com.jcraft.jsch.JSch.addIdentity(JSch.java:368)
at sftpdemo.clients.SftpClient.connectToServer(SftpClient.java:38)
at sftpdemo.clients.SftpClientTest.T01_connectAndDisconnectClient(SftpClientTest.java:20)

.PEM键:

com.jcraft.jsch.JSchException: java.net.ConnectException: Connection refused
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
    at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
    at java.net.Socket.connect(Socket.java:589)
    at java.net.Socket.connect(Socket.java:538)
    at java.net.Socket.<init>(Socket.java:434)
    at java.net.Socket.<init>(Socket.java:211)
    at com.jcraft.jsch.Util.createSocket(Util.java:343)
    at com.jcraft.jsch.Session.connect(Session.java:215)
    at com.jcraft.jsch.Session.connect(Session.java:183)
    at sftpdemo.clients.SftpClient.setupConnection(SftpClient.java:119)
    at sftpdemo.clients.SftpClient.connectToServer(SftpClient.java:141)
    at sftpdemo.clients.SftpClientTest.T01_connectAndDisconnectClient(SftpClientTest.java:27)

(忽略sftpclient / stfpclienttest中的行号,因为在几个注释等之间已经改变了)

rebex连接的jsch.log如下所示:

Connecting to [SERVER_IP] port 22
Connection established
Remote version string: SSH-2.0-RebexSSH_1.0.5.25508
Local version string: SSH-2.0-JSCH-0.1.52
CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
SSH_MSG_KEXINIT sent
SSH_MSG_KEXINIT received
kex: server: diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
kex: server: ssh-dss,rsa-sha2-256,ssh-rsa-sha256@ssh.com,rsa-sha2-512,ssh-rsa
kex: server: aes256-ctr,aes192-ctr,aes128-ctr,3des-ctr,twofish256-ctr,twofish192-ctr,twofish128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,twofish256-cbc,twofish192-cbc,twofish128-cbc,twofish-cbc
kex: server: aes256-ctr,aes192-ctr,aes128-ctr,3des-ctr,twofish256-ctr,twofish192-ctr,twofish128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,twofish256-cbc,twofish192-cbc,twofish128-cbc,twofish-cbc
kex: server: hmac-sha2-256,hmac-sha2-512,hmac-sha1
kex: server: hmac-sha2-256,hmac-sha2-512,hmac-sha1
kex: server: none
kex: server: none
kex: server: 
kex: server: 
kex: client: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
kex: client: none
kex: client: none
kex: client: 
kex: client: 
kex: server->client aes128-ctr hmac-sha1 none
kex: client->server aes128-ctr hmac-sha1 none
SSH_MSG_KEXDH_INIT sent
expecting SSH_MSG_KEXDH_REPLY
ssh_rsa_verify: signature true
Host '[SERVER_IP]' is known and matches the RSA host key
SSH_MSG_NEWKEYS sent
SSH_MSG_NEWKEYS received
SSH_MSG_SERVICE_REQUEST sent
SSH_MSG_SERVICE_ACCEPT received
Authentications that can continue: publickey,keyboard-interactive,password
Next authentication method: publickey
Authentication succeeded (publickey).
Disconnecting from [SERVER_IP] port 22

在远程服务器上创建的日志文件仅显示“正在连接到[REMOTE_SERVER_IP]端口22”