Java | 小牛SSH | 无法协商传输组件 | sha1 md5 | sha2-512 sha2-256

Question

Key sent by customer working fine using SFTP command via Putty. It is working fine through Winscp.

But when i try using Java Code then i get following:

Caused by: com.maverick.ssh.SshException: 
Failed to negotiate a transport component 
  [hmac-sha1,hmac-md5]     [hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256] 
  [Unknown cause]

Code:

else if (authMethod == AUTH_KEY) {
PublicKeyAuthentication pk = new PublicKeyAuthentication();
SshPrivateKeyFile pkfile = SshPrivateKeyFileFactory.parse(new FileInputStream(pass));

com.maverick.ssh.components.SshKeyPair pair;
if (pkfile.isPassphraseProtected())
   pair = pkfile.toKeyPair(keypass);
else
   pair = pkfile.toKeyPair(null);

pk.setPrivateKey(pair.getPrivateKey());
pk.setPublicKey(pair.getPublicKey());
this.session.authenticate(pk);

The above common code is working fine for existing Keys and not for this new server. Not a concrete solution at code level is found.

Any thing more to be added here in code or any type of conversions?

Answer 1

The problem is that your side is offering only HMAC-MD5 and HMAC-SHA-1 as MAC algorithms, and the server side only supports HMAC-SHA-256 and HMAC-SHA-512. The server is doing the right thing here, since MD5 and SHA-1 are considered insecure, and even though their HMAC versions aren't insecure when used in SSH, responsible parties have moved away from any use of MD5 and SHA-1.

Because you and the server can't agree on an algorithm to use, the connection can't continue.

It looks like the latest version of the Maverick SSH client supports the hmac-sha2-256 (HMAC-SHA-256), so you could try upgrading, or you could use a more modern SSH library.