Search code examples
javasshopensslsftpjsch

org.apache.commons.vfs2.FileSystemException: Could not connect to SFTP server

I'm trying to connect to a SFTP host using vfs2 connector, which internally uses jsch. However, when I try to connect, I get the following exception:

12:50:31.747  INFO  o.a.c.v.p.sftp.SftpClientFactory - Connecting to <host> port <port>
12:50:32.074  INFO  o.a.c.v.p.sftp.SftpClientFactory - Connection established
12:50:32.376  INFO  o.a.c.v.p.sftp.SftpClientFactory - Remote version string: SSH-2.0-OpenSSH_7.4
12:50:32.376  INFO  o.a.c.v.p.sftp.SftpClientFactory - Local version string: SSH-2.0-JSCH-0.1.54
12:50:32.376  INFO  o.a.c.v.p.sftp.SftpClientFactory - CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
12:50:33.489  INFO  o.a.c.v.p.sftp.SftpClientFactory - CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
12:50:34.192  INFO  o.a.c.v.p.sftp.SftpClientFactory - CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
12:50:34.203  INFO  o.a.c.v.p.sftp.SftpClientFactory - SSH_MSG_KEXINIT sent
12:50:34.203  INFO  o.a.c.v.p.sftp.SftpClientFactory - SSH_MSG_KEXINIT received
12:50:34.203  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: server: [email protected],diffie-hellman-group-exchange-sha256
12:50:34.203  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: server: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-ed25519
12:50:34.203  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: server: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
12:50:34.203  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: server: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
12:50:34.203  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: server: [email protected],[email protected],[email protected]
12:50:34.203  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: server: [email protected],[email protected],[email protected]
12:50:34.203  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: server: none,[email protected]
12:50:34.204  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: server: none,[email protected]
12:50:34.204  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: server: 
12:50:34.204  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: server: 
12:50:34.204  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
12:50:34.204  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
12:50:34.204  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
12:50:34.204  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
12:50:34.204  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
12:50:34.204  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
12:50:34.204  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: client: none
12:50:34.204  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: client: none
12:50:34.204  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: client: 
12:50:34.204  INFO  o.a.c.v.p.sftp.SftpClientFactory - kex: client: 
12:50:34.205  INFO  o.a.c.v.p.sftp.SftpClientFactory - Disconnecting from <host> port <port>
12:50:34.243  ERROR c.s.saw.export.SFTPUploader - IO SFTP Error: 
org.apache.commons.vfs2.FileSystemException: Could not connect to SFTP server at "sftp://<user>@<host>:<port>/".
    at org.apache.commons.vfs2.provider.sftp.SftpFileProvider.createSession(SftpFileProvider.java:72)
    at org.apache.commons.vfs2.provider.sftp.SftpFileProvider.doCreateFileSystem(SftpFileProvider.java:93)
    at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.getFileSystem(AbstractOriginatingFileProvider.java:93)
    at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.findFile(AbstractOriginatingFileProvider.java:72)
    at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.findFile(AbstractOriginatingFileProvider.java:56)
    at org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:717)
    at org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:654)
    at com.synchronoss.saw.export.SFTPUploader.uploadFile(SFTPUploader.java:99)
    at com.synchronoss.saw.export.SFTPUploader.main(SFTPUploader.java:134)
Caused by: org.apache.commons.vfs2.FileSystemException: Could not connect to SFTP server at "<host>".
    at org.apache.commons.vfs2.provider.sftp.SftpClientFactory.createConnection(SftpClientFactory.java:163)
    at org.apache.commons.vfs2.provider.sftp.SftpFileProvider.createSession(SftpFileProvider.java:65)
    ... 8 common frames omitted
Caused by: com.jcraft.jsch.JSchException: Algorithm negotiation fail
    at com.jcraft.jsch.Session.receive_kexinit(Session.java:590)
    at com.jcraft.jsch.Session.connect(Session.java:320)
    at com.jcraft.jsch.Session.connect(Session.java:183)
    at org.apache.commons.vfs2.provider.sftp.SftpClientFactory.createConnection(SftpClientFactory.java:161)
    ... 9 common frames omitted

I referred to a few blogs and stackoverflow links and tried multiple things. Still I'm not getting any successful result. Also, tried multiple versions of vfs2 and jsch with no avail.

Here are some of the links I referred:

JSchException: Algorithm negotiation fail

JSch Algorithm negotiation fail

https://dzone.com/articles/install-java-cryptography-extension-jce-unlimited

The cipher 'aes256-cbc' is required, but it is not available

Can someone please help me with this?

Solution

  • Your server supports only these MACs:

    [email protected],[email protected],[email protected]

    Those are not supported by JSch.

    If you need to connect with JSch, you will have to configure your server to allow some MACs that JSch does support:

    hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96

    Use the MACs directive in sshd_config.

    Though hmac-sha2-*[email protected] and hmac-sha2-* are possibly just aliases. So configuring JSch appropriately may help too:

    config.put("[email protected]", "com.jcraft.jsch.jce.HMACSHA256");

    But I'm not sure, if vfs2 interface allows such configuration.