Fatal编程技术网
  • java/
  • Java 如果服务器上出现非默认密码提示,sshClient将关闭

Java 如果服务器上出现非默认密码提示,sshClient将关闭

java apache ssh

Java 如果服务器上出现非默认密码提示,sshClient将关闭,java,apache,ssh,Java,Apache,Ssh,我的客户端代码使用apache.sshd.SshClient以ssh方式连接到服务器。如果服务器的默认密码提示为“password:”,则连接成功。如果服务器有任何其他密码提示,比如“Custom password prompt:”,waitFor会立即返回ClientSession.CLOSED。两种情况下的实际用户名和密码相同,只是服务器端的密码提示不同。对于所有提示,服务器的手动ssh都能正常工作 由于安全要求,我无法更改服务器上的密码提示。我只能控制在OSGI上运行的客户端代码。apac

我的客户端代码使用apache.sshd.SshClient以ssh方式连接到服务器。如果服务器的默认密码提示为“password:”,则连接成功。如果服务器有任何其他密码提示,比如“Custom password prompt:”,waitFor会立即返回ClientSession.CLOSED。两种情况下的实际用户名和密码相同,只是服务器端的密码提示不同。对于所有提示,服务器的手动ssh都能正常工作

由于安全要求,我无法更改服务器上的密码提示。我只能控制在OSGI上运行的客户端代码。apachesshd中是否有任何选项,或者是否有任何其他尝试/推荐的ssh库可以处理来自服务器的任何密码提示

谢谢

这就是代码的外观-

import org.apache.sshd.ClientSession;
import org.apache.sshd.SshClient;
import org.apache.sshd.client.future.ConnectFuture;


class MySshClient {

    ClientSession clientSession;
    SshClient sshClient = SshClient.setUpDefaultClient();
    sshClient.start();

     try {
         ConnectFuture connectFuture = sshClient.connect(username, ipAddress, 22);

         boolean isConnected = false;
         try {
             isConnected = connectFuture.await(timeout);
         } catch (InterruptedException e) {
             throw new CustomException("InterruptedException for connect await");
         }
         if (!isConnected) {
             throw new CustomException("isConnected false");
         }

         clientSession = connectFuture.getSession();
         clientSession.addPasswordIdentity(password);
         try {
             clientSession.auth().await(timeout);
         } catch (InterruptedException e) {
             throw new CustomException("InterruptedException for auth await");
         }

         int ret = clientSession.waitFor(ClientSession.CLOSED | ClientSession.AUTHED, timeout);

         if ((ret & ClientSession.CLOSED) != 0) {
             LOG.error("auth waitFor returned {}",ret);
             throw new CustomException("Session CLOSED !!");
         }
    }
}
ssh-vvv的输出

$  ssh -vvv test@10.10.10.15
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.10.10.15 [10.10.10.15] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/username/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/username/.ssh/id_rsa type 1
debug1: identity file /home/username/.ssh/id_rsa-cert type -1
debug1: identity file /home/username/.ssh/id_dsa type -1
debug1: identity file /home/username/.ssh/id_dsa-cert type -1
debug1: identity file /home/username/.ssh/id_ecdsa type -1
debug1: identity file /home/username/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/username/.ssh/id_ed25519 type -1
debug1: identity file /home/username/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: Remote protocol version 1.99, remote software version Vendor-1.25
debug1: no match: Vendor-1.25
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "10.10.10.15" from file "/home/username/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/username/.ssh/known_hosts:90
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: setup hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 2080/4096
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 31:87:7c:12:37:a3:94:06:66:63:35:8c:58:8c:29:c4
debug3: load_hostkeys: loading entries for host "10.10.10.15" from file "/home/username/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/username/.ssh/known_hosts:90
debug3: load_hostkeys: loaded 1 keys
debug1: Host '10.10.10.15' is known and matches the RSA host key.
debug1: Found key in /home/username/.ssh/known_hosts:90
debug2: bits set: 2045/4096
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/username/.ssh/id_rsa (0x7f2fc9581560),
debug2: key: /home/username/.ssh/id_dsa ((nil)),
debug2: key: /home/username/.ssh/id_ecdsa ((nil)),
debug2: key: /home/username/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,keyboard-interactive,password
debug3: start over, passed a different list publickey,keyboard-interactive,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/username/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,keyboard-interactive,password
debug1: Trying private key: /home/username/.ssh/id_dsa
debug3: no such identity: /home/username/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/username/.ssh/id_ecdsa
debug3: no such identity: /home/username/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/username/.ssh/id_ed25519
debug3: no such identity: /home/username/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
ACS 5.5 Password:
debug3: packet_send2: adding 32 (len 17 padlen 15 extra_pad 64)
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to 10.10.10.15 ([10.10.10.15]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env VNCDESKTOP
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env COMP_WORDBREAKS
debug3: Ignored env M2
debug3: Ignored env GLADE_PIXMAP_PATH
debug3: Ignored env TERM
debug3: Ignored env VTE_VERSION
debug3: Ignored env XDG_MENU_PREFIX
debug3: Ignored env SHELL
debug3: Ignored env SSH_CLIENT
debug3: Ignored env WINDOWID
debug3: Ignored env SSH_TTY
debug3: Ignored env USER
debug3: Ignored env http_proxy
debug3: Ignored env XTERM_SHELL
debug3: Ignored env LS_COLORS
debug3: Ignored env GLADE_MODULE_PATH
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env ftp_proxy
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env MAVEN_OPTS
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env PATH
debug3: Ignored env MAIL
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env QT_QPA_PLATFORMTHEME
debug3: Ignored env PWD
debug3: Ignored env JAVA_HOME
debug3: Ignored env socks_proxy
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env NODE_PATH
debug3: Ignored env https_proxy
debug3: Ignored env XTERM_VERSION
debug3: Ignored env XTERM_LOCALE
debug3: Ignored env HOME
debug3: Ignored env M2_HOME
debug3: Ignored env SHLVL
debug3: Ignored env no_proxy
debug3: Ignored env LOGNAME
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env LESSOPEN
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env DISPLAY
debug3: Ignored env GLADE_CATALOG_PATH
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env LESSCLOSE
debug3: Ignored env COLORTERM
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 8192 rmax 4096
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0

$ssh-vvvtest@10.10.10.15
OpenSSH_6.6.1、OpenSSL 1.0.1f 2014年1月6日
debug1:读取配置数据/etc/ssh/ssh\u config
debug1:/etc/ssh/ssh\u配置第19行:应用*
debug2:ssh\u connect:needpriv 0
debug1:连接到10.10.10.15[10.10.10.15]端口22。
debug1:已建立连接。
debug3:错误的RSA1标识符
debug3:无法将“/home/username/.ssh/id_rsa”作为RSA1公钥加载
debug1:identity file/home/username/.ssh/id\u rsa类型1
debug1:identity file/home/username/.ssh/id\u rsa-cert类型-1
debug1:identity file/home/username/.ssh/id_dsa type-1
debug1:identity file/home/username/.ssh/id_dsa-cert type-1
debug1:identity file/home/username/.ssh/id_ecdsa type-1
debug1:identity file/home/username/.ssh/id_ecdsa-cert type-1
debug1:identity file/home/username/.ssh/id_ed25519 type-1
debug1:identity file/home/username/.ssh/id_ed25519-cert type-1
debug1:启用协议2.0的兼容模式
debug1:本地版本字符串SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1:远程协议版本1.99,远程软件版本供应商-1.25
debug1:不匹配:供应商-1.25
调试2:fd 3设置O_非块
debug3:加载主机密钥:从文件“/home/username/.ssh/known\u hosts”加载主机“10.10.10.15”的条目
debug3:load_hostkeys:在文件/home/username/.ssh/known_hosts:90中找到密钥类型RSA
debug3:加载主机密钥:加载1个密钥
debug3:order\u hostkeyalgs:preference hostkeyalgs:ssh rsa证书-v01@openssh.com,ssh rsa证书-v00@openssh.com,ssh-rsa
debug1:SSH2\u MSG\u KEXINIT已发送
debug1:SSH2\u MSG\u KEXINIT已收到
debug2:kex_parse_kexinit:curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2:kex_parse_kexinit:ssh rsa证书-v01@openssh.com,ssh rsa证书-v00@openssh.com,ssh rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss证书-v01@openssh.com,ssh-dss证书-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh dss
debug2:kex_parse_kexinit:aes128 ctr、aes192 ctr、aes256 ctr、arcfour256、arcfour128、aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com、aes128 cbc、3des cbc、河豚cbc、cast128 cbc、aes192 cbc、aes256 cbc、arcfour、rijndael-cbc@lysator.liu.se
debug2:kex_parse_kexinit:aes128 ctr、aes192 ctr、aes256 ctr、arcfour256、arcfour128、aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com、aes128 cbc、3des cbc、河豚cbc、cast128 cbc、aes192 cbc、aes256 cbc、arcfour、rijndael-cbc@lysator.liu.se
debug2:kex_parse_kexinit:hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2:kex_parse_kexinit:hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2:kex_parse_kexinit:none,zlib@openssh.com,zlib
debug2:kex_parse_kexinit:none,zlib@openssh.com,zlib
debug2:kex_parse_kexinit:
debug2:kex_parse_kexinit:
debug2:kex_parse_kexinit:first_kex_跟随0
debug2:kex_parse_kexinit:保留0
debug2:kex_parse_kexinit:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
debug2:kex_parse_kexinit:ssh rsa
调试2:kex_parse_kexinit:aes128 ctr、aes192 ctr、aes256 ctr、aes128 cbc、3des cbc、aes192 cbc、aes256 cbc
调试2:kex_parse_kexinit:aes128 ctr、aes192 ctr、aes256 ctr、aes128 cbc、3des cbc、aes192 cbc、aes256 cbc
debug2:kex_parse_kexinit:hmac-sha1,hmac-sha1-96
debug2:kex_parse_kexinit:hmac-sha1,hmac-sha1-96
debug2:kex_parse_kexinit:none
debug2:kex_parse_kexinit:none
debug2:kex_parse_kexinit:
debug2:kex_parse_kexinit:
debug2:kex_parse_kexinit:first_kex_跟随0
debug2:kex_parse_kexinit:保留0
调试2:mac_设置:设置hmac-sha1
debug1:kex:server->client aes128 ctr hmac-sha1无
调试2:mac_设置:设置hmac-sha1
debug1:kex:客户端->服务器aes128 ctr hmac-sha1无

debug1:SSH2_MSG_KEX_DH_GEX_请求(1024是否可以对服务器运行“ssh-vvv”并登录,然后将您的问题包括输出?这将显示客户端和服务器如何执行身份验证。使用Jsch而不是sshd修复了该问题