从 PyCharm / JSCH 到 OpenBSD 的基于密钥的身份验证失败

从 PyCharm / JSCH 到 OpenBSD 的基于密钥的身份验证失败

我正在尝试配置 PyCharm(基于 java 的 IDE)以通过 sftp 连接到具有几乎默认设置的新 OpenBSD 5.6 计算机。但是,它不断返回错误“算法协商失败”。我使用基于密钥的身份验证,而不是密码。

这是我的 sshd_config:

#       $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Port 9922
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Ciphers and keying
#RekeyLimit default none

# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel DEBUG3

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile      .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox          # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server

# stopping anyone else from logging on
AllowUsers myuser

这是我在服务器端获得的日志:

debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 325
debug2: parse_server_config: config /etc/ssh/sshd_config len 325
debug3: /etc/ssh/sshd_config:11 setting Port 9922
debug3: /etc/ssh/sshd_config:36 setting SyslogFacility AUTH
debug3: /etc/ssh/sshd_config:37 setting LogLevel DEBUG3
debug3: /etc/ssh/sshd_config:42 setting PermitRootLogin no
debug3: /etc/ssh/sshd_config:52 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:70 setting PasswordAuthentication no
debug3: /etc/ssh/sshd_config:87 setting UsePrivilegeSeparation sandbox
debug3: /etc/ssh/sshd_config:103 setting Subsystem sftp /usr/libexec/sftp-server
debug3: /etc/ssh/sshd_config:113 setting AllowUsers myuser
debug1: sshd version OpenSSH_6.7, LibreSSL 2.0
debug1: private host key: #0 type 1 RSA
debug1: private host key: #1 type 2 DSA
debug1: private host key: #2 type 3 ECDSA
debug1: private host key: #3 type 4 ED25519
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 9922 on 0.0.0.0.
Server listening on 0.0.0.0 port 9922.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 9922 on ::.
Server listening on :: port 9922.
debug1: fd 5 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 325
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from MYIP port 58026 on MYSERVER port 9922
debug1: Client protocol version 2.0; client software version JSCH-0.1.50
debug1: no match: JSCH-0.1.50
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing systrace sandbox
debug2: Network child is on pid 10475
debug3: ssh_sandbox_parent: wait for child 10475
debug3: ssh_sandbox_parent: child 10475 stopped
debug3: ssh_sandbox_parent: systrace attach, fd=9
debug3: ssh_sandbox_parent: policy: enable syscall 1
debug3: ssh_sandbox_parent: policy: enable syscall 3
debug3: ssh_sandbox_parent: policy: enable syscall 4
debug3: ssh_sandbox_parent: policy: enable syscall 5
debug3: ssh_sandbox_parent: policy: enable syscall 6
debug3: ssh_sandbox_parent: policy: enable syscall 7
debug3: ssh_sandbox_parent: policy: enable syscall 20
debug3: ssh_sandbox_parent: policy: enable syscall 48
debug3: ssh_sandbox_parent: policy: enable syscall 67
debug3: ssh_sandbox_parent: policy: enable syscall 71
debug3: ssh_sandbox_parent: policy: enable syscall 73
debug3: ssh_sandbox_parent: policy: enable syscall 74
debug3: ssh_sandbox_parent: policy: enable syscall 75
debug3: ssh_sandbox_parent: policy: enable syscall 83
debug3: ssh_sandbox_parent: policy: enable syscall 87
debug3: ssh_sandbox_parent: policy: enable syscall 134
debug3: ssh_sandbox_parent: policy: enable syscall 197
debug3: ssh_sandbox_parent: policy: enable syscall 252
debug3: ssh_sandbox_parent: policy: enable syscall 286
debug3: ssh_sandbox_parent: start child 10475
debug3: preauth child monitor started
debug3: privsep user:group 27:27 [preauth]
debug1: permanently_set_uid: 27/27 [preauth]
debug3: ssh_sandbox_child: ready [preauth]
debug3: ssh_sandbox_child: started [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 [preauth]
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected] [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected] [preauth]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: kex_parse_kexinit: none,[email protected] [preauth]
debug2: kex_parse_kexinit: none,[email protected] [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
debug2: kex_parse_kexinit: reserved 0  [preauth]
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc [preauth]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: none [preauth]
debug2: kex_parse_kexinit: none [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
debug2: kex_parse_kexinit: reserved 0  [preauth]
debug2: mac_setup: setup hmac-sha1 [preauth]
debug1: kex: client->server aes128-ctr hmac-sha1 none [preauth]
debug2: mac_setup: setup hmac-sha1 [preauth]
debug1: kex: server->client aes128-ctr hmac-sha1 none [preauth]
Unable to negotiate a key exchange method [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: Killing privsep child 10475

这是日志客户端:

Opening connection to sftp://myserver:9922/ 
Connecting to myserver port 9922 
Connection established 
Remote version string: SSH-2.0-OpenSSH_6.7 
Local version string: SSH-2.0-JSCH-0.1.50 
CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 
CheckKexes: diffie-hellman-group14-sha1 
diffie-hellman-group14-sha1 is not available. 
SSH_MSG_KEXINIT sent 
SSH_MSG_KEXINIT received 
kex: server: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 
kex: server: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 
kex: server: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected] 
kex: server: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected] 
kex: server: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 
kex: server: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 
kex: server: none,[email protected] 
kex: server: none,[email protected] 
kex: server:  
kex: server:  
kex: client: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 
kex: client: ssh-rsa,ssh-dss 
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc 
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc 
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96 
kex: client: none 
kex: client: none 
kex: client:  
kex: client:  
Disconnecting from myserver port 9922 
Could not connect to SFTP server at "sftp://myserver:9922/". 
org.apache.commons.vfs2.FileSystemException: Could not connect to SFTP server at "sftp://myserver:9922/".
    at org.apache.commons.vfs2.provider.sftp.SftpFileProvider.doCreateFileSystem(SftpFileProvider.java:108)
    at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.getFileSystem(AbstractOriginatingFileProvider.java:102)
    at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.findFile(AbstractOriginatingFileProvider.java:80)
    at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.findFile(AbstractOriginatingFileProvider.java:64)
    at org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:698)
    at org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:624)
    at com.jetbrains.plugins.webDeployment.connections.RemoteConnectionPool.createConnection(RemoteConnectionPool.java:139)
    at com.jetbrains.plugins.webDeployment.connections.RemoteConnectionManager.openConnection(RemoteConnectionManager.java:103)
    at com.jetbrains.plugins.webDeployment.PublishUtils$1$1.run(PublishUtils.java:115)
    at com.intellij.openapi.application.impl.ApplicationImpl$8.run(ApplicationImpl.java:419)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
    at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
    at java.util.concurrent.FutureTask.run(FutureTask.java:166)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:724)
    at com.intellij.openapi.application.impl.ApplicationImpl$1$1.run(ApplicationImpl.java:149)
Caused by: org.apache.commons.vfs2.FileSystemException: Could not connect to SFTP server at "myserver".
    at org.apache.commons.vfs2.provider.sftp.SftpClientFactory.createConnection(SftpClientFactory.java:276)
    at org.apache.commons.vfs2.provider.sftp.SftpFileProvider.doCreateFileSystem(SftpFileProvider.java:97)
    ... 16 more
Caused by: com.jcraft.jsch.JSchException: Algorithm negotiation fail
    at com.jcraft.jsch.Session.receive_kexinit(Session.java:582)
    at com.jcraft.jsch.Session.connect(Session.java:320)
    at com.jcraft.jsch.Session.connect(Session.java:183)
    at org.apache.commons.vfs2.provider.sftp.SftpClientFactory.createConnection(SftpClientFactory.java:272)
    ... 17 more

我哪里出错了?双方似乎都没有真正拒绝任何事情或错过任何事情......?

答案1

附加这一行对sshd_config我的情况有帮助(通过 Docker 的 PyCharm 和 Ubuntu 14.04):

KexAlgorithms=diffie-hellman-group1-sha1

相关内容