Hi JSch Users,
I apologize if this was sent twice, I didn't see it updated in the mailing
list archives.
I'm trying to investigate an issue in an application that uses the JSch
library to connect to remote SSH servers.
Using the default configuration on OpenSSH, everything works great. By
modifying the /etc/ssh/sshd_config file (adding "Ciphers
aes192-ctr,aes256-ctr") and restarting the ssh service, JSch no longer is
able to connect, throwing an "Algorithm negotiation fail" exception.
Connecting via the SSH client in Ubuntu, I'm still able to connect
successfully, so I do not believe this to be an issue with the OpenSSH
server configuration.
My testing of this issue has been using the Logger.java example
<http://www.jcraft.com/jsch/examples/Logger.java.html> on the JSch
website. In looking at the output, it appears that the aes192-ctr and
aes256-ctr ciphers are not listed. These ciphers appear to be supported
according to the JSch website.
Are there additional configuration settings needed in order to enable these
Cipher options?
Server:
Virtualbox 4.3.18
Ubuntu 14.04.2
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014
Client:
Windows 7
Java 7u76 with JCE Unlimited Encryption
JSCH 0.1.51
Thank you,
Unlimited Encryption Strength? true
INFO: Connecting to 10.100.21.18 port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
INFO: Local version string: SSH-2.0-JSCH-0.1.51
INFO: CheckCiphers:
aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1
INFO: diffie-hellman-group14-sha1 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server:
curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
INFO: kex: server: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
INFO: kex: server: aes192-ctr,aes256-ctr
INFO: kex: server: aes192-ctr,aes256-ctr
INFO: kex: server:
hmac-md5-...@openssh.com,hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
INFO: kex: server:
hmac-md5-...@openssh.com,hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
INFO: kex: server: none,z...@openssh.com
INFO: kex: server: none,z...@openssh.com
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
INFO: kex: client: ssh-rsa,ssh-dss
INFO: kex: client:
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
INFO: kex: client:
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: Disconnecting from 10.100.21.18 port 22
com.jcraft.jsch.JSchException: Algorithm negotiation fail
Unlimited Encryption Strength? true
INFO: Connecting to 10.100.21.18 port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
INFO: Local version string: SSH-2.0-JSCH-0.1.51
INFO: CheckCiphers:
aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1
INFO: diffie-hellman-group14-sha1 is not available.
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server:
curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
INFO: kex: server: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
INFO: kex: server:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se
INFO: kex: server:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se
INFO: kex: server:
hmac-md5-...@openssh.com,hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
INFO: kex: server:
hmac-md5-...@openssh.com,hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
INFO: kex: server: none,z...@openssh.com
INFO: kex: server: none,z...@openssh.com
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
INFO: kex: client: ssh-rsa,ssh-dss
INFO: kex: client:
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
INFO: kex: client:
aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: kex: server->client aes128-ctr hmac-md5 none
INFO: kex: client->server aes128-ctr hmac-md5 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: ssh_rsa_verify: signature true
WARN: Permanently added '10.100.21.18' (RSA) to the list of known hosts.
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: SSH_MSG_SERVICE_ACCEPT received
INFO: Authentications that can continue: publickey,keyboard-interactive,password
INFO: Next authentication method: publickey
INFO: Authentications that can continue: password
INFO: Next authentication method: password
INFO: Authentication succeeded (password).
Welcome to Ubuntu 14.04.2 LTS (GNU/Linux 3.13.0-45-generic x86_64)
* Documentation: https://help.ubuntu.com/
Last login: Thu Feb 19 10:38:39 2015 from 10.100.21.154
pentaho@pentaho-VirtualBox:~$ exit
exit
logout
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users
