代码之家  ›  专栏  ›  技术社区  ›  Michael Lindner

在chrooted系统上用JSch打开SFTP通道失败,出现“发送通道请求失败”,但WinSCP工作正常

chroot jsch sftp ssh java
  •  2
  • Michael Lindner  · 技术社区  · 7 年前

    为SFTP连接运行具有以下设置的SSHD: 

    Match User service
  ForeCommand internal-sftp
  ChrootDirectory /media
  X11Forwarding no
  AllowTcpForwarding no

    现在,使用JSch连接到sshd并连接“sftp”通道,我将得到以下异常:

    com。jcraft公司。jsch公司。JSchException:无法发送通道请求

    这是我的Java代码(非常类似于表单JSch网站) 

    Session sshSession = JSSH.getSession(<USER>, <HOST>, 22);
sshSession.setConfig("StrictHostKeyChecking", "no");
sshSession.setConfig("HashKnownHosts", "no");
sshSession.setPassword(<PASSWORD>);
sshSession.connect(5000);

Channel channel = sshSession.openChannel("sftp");
channel.connect(); // <-- here exception is raised
ChannelSftp channelSftp = (ChannelSftp) channel;
channelSftp.put(...);

    如果我禁用 ChrootDirectory -行在sshd配置中,一切正常。但我不能在以后的生产中更改这条生产线(现在有)。

    但使用WinSCP,我可以成功连接到同一个SFTP服务器,即使 ChrootDirectory目录 日期: 

    . 2018-03-09 15:46:23.745 --------------------------------------------------------------------------
. 2018-03-09 15:46:23.745 WinSCP Version 5.11 (Build 7715) (OS 6.1.7601 Service Pack 1 - Windows 7 Enterprise)
. 2018-03-09 15:46:23.745 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2018-03-09 15:46:23.745 Log level: Normal
. 2018-03-09 15:46:23.745 Local account: MichaelLindner
. 2018-03-09 15:46:23.745 Working directory: C:\Program Files (x86)\SDE\WinSCP
. 2018-03-09 15:46:23.745 Process ID: 668
. 2018-03-09 15:46:23.745 Command-line: "C:\Program Files (x86)\SDE\WinSCP\WinSCP.exe" 
. 2018-03-09 15:46:23.745 Time zone: Current: GMT+1, Standard: GMT+1 (Mitteleuropäische Zeit), DST: GMT+2 (Mitteleuropäische Sommerzeit), DST Start: 25.03.2018, DST End: 28.10.2018
. 2018-03-09 15:46:23.745 Login time: Freitag, 9. März 2018 15:46:23
. 2018-03-09 15:46:23.745 --------------------------------------------------------------------------
. 2018-03-09 15:46:23.745 Session name: service@world (dev) (Modified site)
. 2018-03-09 15:46:23.745 Host name: world.local (Port: 22)
. 2018-03-09 15:46:23.745 User name: service (Password: Yes, Key file: No, Passphrase: No)
. 2018-03-09 15:46:23.745 Tunnel: No
. 2018-03-09 15:46:23.745 Transfer Protocol: SFTP
. 2018-03-09 15:46:23.745 Ping type: Off, Ping interval: 30 sec; Timeout: 15 sec
. 2018-03-09 15:46:23.745 Disable Nagle: No
. 2018-03-09 15:46:23.745 Proxy: None
. 2018-03-09 15:46:23.745 Send buffer: 262144
. 2018-03-09 15:46:23.745 SSH protocol version: 2; Compression: No
. 2018-03-09 15:46:23.745 Bypass authentication: No
. 2018-03-09 15:46:23.745 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: Yes
. 2018-03-09 15:46:23.745 GSSAPI: Forwarding: No
. 2018-03-09 15:46:23.745 Ciphers: aes,chacha20,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2018-03-09 15:46:23.745 KEX: ecdh,dh-gex-sha1,dh-group14-sha1,rsa,WARN,dh-group1-sha1
. 2018-03-09 15:46:23.745 SSH Bugs: Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto
. 2018-03-09 15:46:23.745 Simple channel: Yes
. 2018-03-09 15:46:23.745 Return code variable: Autodetect; Lookup user groups: Auto
. 2018-03-09 15:46:23.745 Shell: /bin/bash
. 2018-03-09 15:46:23.745 EOL: LF, UTF: Auto
. 2018-03-09 15:46:23.745 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes; Follow directory symlinks: No
. 2018-03-09 15:46:23.745 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2018-03-09 15:46:23.745 SFTP Bugs: Auto,Auto
. 2018-03-09 15:46:23.745 SFTP Server: default
. 2018-03-09 15:46:23.745 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2018-03-09 15:46:23.745 Cache directory changes: Yes, Permanent: Yes
. 2018-03-09 15:46:23.745 Recycle bin: Delete to: No, Overwritten to: No, Bin path: 
. 2018-03-09 15:46:23.745 DST mode: Unix
. 2018-03-09 15:46:23.745 --------------------------------------------------------------------------
. 2018-03-09 15:46:23.776 Looking up host "world.local" for SSH connection
. 2018-03-09 15:46:24.795 Connecting to 192.168.0.1 port 22
. 2018-03-09 15:46:24.795 We claim version: SSH-2.0-WinSCP_release_5.11
. 2018-03-09 15:46:24.904 Server version: SSH-2.0-OpenSSH_5.1
. 2018-03-09 15:46:24.904 We believe remote version has SSH-2 channel request bug
. 2018-03-09 15:46:24.904 Using SSH protocol version 2
. 2018-03-09 15:46:24.904 Have a known host key of type rsa2
. 2018-03-09 15:46:24.920 Doing Diffie-Hellman group exchange
. 2018-03-09 15:46:24.920 Doing Diffie-Hellman key exchange with hash SHA-256
. 2018-03-09 15:46:25.699 Server also has ssh-dss host key, but we don't know it
. 2018-03-09 15:46:25.699 Host key fingerprint is:
. 2018-03-09 15:46:25.699 ssh-rsa 1024 a8:d9:a6:9b:4e:2b:79:e4:bb:95:44:c3:30:19:67:f1
. 2018-03-09 15:46:25.699 Verifying host key rsa2 0x23,0xca9a71a71ca07257 1e6ec7719211f02a 601cdebf1220f2cb 8d7bdd62175fb970 02331d38e4ad39be 09b3144f9033fd22 a94f9580d1626cba c2800b02a0775292 e532e9526ffb1d31 b9de89698278bf4d 8fdbde939db8715a 288df183bb145f5d 6490c0ef62a5142d e2b9c41b05d5caf7 e52ec1c0f8a3842e b14ce962b28ecda5  with fingerprint ssh-rsa 1024 a8:d9:a6:9b:4e:2b:79:e4:bb:95:44:c3:30:19:67:f1
. 2018-03-09 15:46:25.745 Host key matches cached key
. 2018-03-09 15:46:25.745 Initialised AES-256 SDCTR client->server encryption
. 2018-03-09 15:46:25.745 Initialised HMAC-SHA1 client->server MAC algorithm
. 2018-03-09 15:46:25.745 Initialised AES-256 SDCTR server->client encryption
. 2018-03-09 15:46:25.745 Initialised HMAC-SHA1 server->client MAC algorithm
! 2018-03-09 15:46:25.745 Using username "service".
. 2018-03-09 15:46:25.761 Server offered these authentication methods: publickey,keyboard-interactive
. 2018-03-09 15:46:25.761 Attempting keyboard-interactive authentication
. 2018-03-09 15:46:25.777 Prompt (keyboard interactive, "SSH server authentication", "Using keyboard-interactive authentication.", "Password: ")
. 2018-03-09 15:46:25.777 Using stored password.
. 2018-03-09 15:46:25.808 Prompt (keyboard interactive, "SSH server authentication", <no instructions>, <no prompt>)
. 2018-03-09 15:46:25.808 Ignoring empty SSH server authentication request
. 2018-03-09 15:46:25.808 Access granted
. 2018-03-09 15:46:25.808 Opening session as main channel
. 2018-03-09 15:46:25.808 Opened main channel
. 2018-03-09 15:46:25.855 Primary command failed; attempting fallback
. 2018-03-09 15:46:25.855 Started a shell/command
. 2018-03-09 15:46:25.886 --------------------------------------------------------------------------
. 2018-03-09 15:46:25.886 Using SFTP protocol.
    1 回复  |  直到 7 年前
        1
  •  0
  •   Martin Prikryl    7 年前

    WinSCP日志中的此消息意味着,即使WinSCP也无法启动“sftp”通道:

    。2018-03-09 15:46:25.855主命令失败;正在尝试回退
    。2018-03-09 15:46:25.855启动shell/命令

    当“sftp”通道出现故障时,WinSCP有一种回退机制。而是显式尝试运行 sftp-server 二进制在一些常见位置。但这或多或少是一种黑客行为,您不应该尝试在Java中复制这种行为。

    主要问题仍然是SSH/SFTP配置被破坏。

    这不是一个编程问题。你最好在 Super User

    如果您真的需要复制WinSCP hack,那么需要修改JSch ChannelSftp 制作 start 方法do RequestExec('/path/to/sftp-server') 而不是 RequestSftp (或修改 请求SFTP 类似)。

    推荐文章
    projun14  ·  使用JSch LS方法列出带问号的目录
    7 年前
    Michael Lindner  ·  在chrooted系统上用JSch打开SFTP通道失败,出现“发送通道请求失败”,但WinSCP工作正常
    7 年前
    LoranceChen  ·  如何将InputStream自定义到JSch通道。setInputStream方法?
    7 年前
    Omid1989  ·  如何在Android中读取jsch命令的输出?
    7 年前
    user3742125  ·  使用JSch库的上载重试机制
    7 年前
    Omid1989  ·  使用android应用程序发送SSH命令[重复]
    7 年前
    plz_do_the_needful  ·  SFTP路径格式与本地路径格式
    8 年前
    Karthi  ·  SFTP Java-管道闭合Jsch异常
    8 年前
    StefanPG  ·  JSch-session.connect()的问题
    8 年前
    BIndu_Madhav  ·  将文件从SFTP直接下载到HTTP响应,而不使用中间文件
    8 年前
    关于   移动版
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号