“no matching host key type found” - Apache MINA SFTP server

问题:

I’m hoping to set up a SFTP server in Java using Apache MINA.

It seems to start OK, but when I try to connect to it with an OpenSSH client, I get:

$ ssh localhost -p 2222 Unable to negotiate with ::1: no matching host key type found. Their offer: ssh-dss $ ssh -V OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015 

The Java app logs:

! java.lang.IllegalStateException: Unable to negotiate key exchange for server host key algorithms (client: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa / server: ssh-dss) ! at org.apache.sshd.common.session.AbstractSession.negotiate(AbstractSession.java:1279) ~[sshd-core-1.0.0.jar:1.0.0] 

My Maven dependencies are:

<dependency>     <groupId>org.apache.sshd</groupId>     <artifactId>sshd-sftp</artifactId>     <version>0.11.0</version> </dependency>  <dependency>     <groupId>org.apache.sshd</groupId>     <artifactId>sshd-core</artifactId>     <version>1.0.0</version> </dependency> 

My app startup code looks like (copied from https://stackoverflow.com/a/8974515/8261 )

import org.apache.sshd.common.NamedFactory; import org.apache.sshd.server.Command; import org.apache.sshd.server.SshServer; import org.apache.sshd.server.auth.UserAuth; import org.apache.sshd.server.auth.UserAuthNoneFactory; import org.apache.sshd.server.command.ScpCommandFactory; import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider; import org.apache.sshd.sftp.subsystem.SftpSubsystem;  private void startSftpServer() throws IOException {     SshServer sshd = SshServer.setUpDefaultServer();     sshd.setPort(2222);     sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider(             new File("hostkey.ser")));      List<NamedFactory<UserAuth>> userAuthFactories = new ArrayList<NamedFactory<UserAuth>>();     userAuthFactories.add(new UserAuthNoneFactory());     sshd.setUserAuthFactories(userAuthFactories);      sshd.setCommandFactory(new ScpCommandFactory());      List<NamedFactory<Command>> namedFactoryList = new ArrayList<NamedFactory<Command>>();     namedFactoryList.add(new SftpSubsystem.Factory());     sshd.setSubsystemFactories(namedFactoryList);      sshd.start(); } 

How do I add more modern host key algorithms to the server?

回答1:

This works for me:

Change Maven pom.xml to remove "sshd-sftp", which is now part of "sshd-core":

<dependency>     <groupId>org.apache.sshd</groupId>     <artifactId>sshd-core</artifactId>     <version>1.0.0</version> </dependency> 

Add to "startSftpServer":

    AbstractGeneratorHostKeyProvider hostKeyProvider =             new SimpleGeneratorHostKeyProvider(SERVER_KEY_FILE.toPath());      hostKeyProvider.setAlgorithm("RSA");     sshd.setKeyPairProvider(hostKeyProvider); 

... there seems to be a lot of guesswork involved in using this library, which seems shady for a "security" lib.

文章来源: “no matching host key type found” - Apache MINA SFTP server