I am attempting to use the JSch class (Java Secure Channel; jsch-0.1.50.jar) to connect to an SFTP server and send a file from within a ColdFusion (9.0.2) application (which runs atop Java 1.7.0_15). The basic code in question is:
jsch = classLoader.create("com.jcraft.jsch.JSch").init(); // ColdFusion-specific to load the jar
jschSession = jsch.getSession("myusername", "ftp.example.com", 22);
jschSession.setConfig("StrictHostKeyChecking", "no");
jschSession.setTimeout(60000);
jschSession.setPassword("mypassword");
jschSession.connect();
Upon connection to a Serv-U SFTP server it is giving me the following error on the Serv-U side immediately after the connection opens:
SSH Protocol Error: packet size exceeds maximum allowed.
Serv-U then closes the session, at which point JSch throws the exception:
Session.connect: java.io.IOException: End of IO Stream Read
I am new to the JSch class, and it's possible I'm missing something obvious, but I am at a loss as to where the error may lie. Connecting to the same SFTP server from the same origin with WinSCP gives no errors. Any tips on what the code is doing wrong or where to turn next for troubleshooting?
SSH Protocol Error: packet size exceeds maximum allowed
This means that the local client received some data from the remote server which wasn't properly formatted as an SFTP protocol message. The usual reason is that the server sent some kind of plain text message through the SSH connection. There are few things that might be going on:
Your .bashrc, .bash_profile, or similar shell configuration file on the server is set to print some message.
The server is poorly configured, and it's sending some kind of greeting.
The server is sending some kind of error message.
If you have access to the ssh command-line utility, you can use that to see what the server is sending. Run something like this:
$ ssh myusername#ftp.example.com -s sftp
This will open a plain SSH session to the remote server and request the SFTP subsystem, which is the same thing an SFTP client would do. If the server starts SFTP properly, you won't see any output from this command--it'll just wait until you kill it. If you see any text from the remote server, that is the problem. You'll need to figure out why the server is sending that text and prevent it.
Related
I want to run distributed load testing by jmeter, where servers(linux) are in the cloud and I have ability to start test from my local pc.
Is it even possible or client and servers should be in same subnet?
And in case its possible, may you provide me step by step guide how to achive this goal?
I have tired
https://jmeter.apache.org/usermanual/remote-test.html
https://cloud.google.com/community/tutorials/ssh-port-forwarding-set-up-load-testing-on-compute-engine?hl=ja
but I got error after error.
Before I disabled ssl verification, next error appeared:
error during JRMP connection establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
With disabled ssl verification I have next error:
Error in rconfigure() method java.rmi.MarshalException: error marshalling argume
nts; nested exception is:
java.net.SocketException: Connection reset by peer: socket write error
I have feeligs, like I making smth wrong with setting ip, port or firewall, but cant understand what
It is definitely possible to starts load agents (jmeter-server) from your local system. The only condition is that the traffic should not be blocked by firewall.
Based on your error, it looks like jmeter process is not having permission to open a port, port is already open (although there is a specific exception for this)
You can also try allowing all incoming traffic to your slaves (cloud linux boxes) and try running the test again.
According to the manual you mentioned all you need to do is just to take the following steps:
On your local machine set up the SSH tunnel:
ssh -L 24000:127.0.0.1:24000 -R 25000:127.0.0.1:25000 -L 26000:127.0.0.1:26000 username#hostname_of_cloud_machine
On the cloud machine launch the JMeter slave
./jmeter -s -Jserver.rmi.ssl.disable=true -Jserver_port=24000 -Jserver.rmi.localhostname=127.0.0.1 -Jserver.rmi.localport=26000 -j jmeter.log
Again on the local machine launch the JMeter master:
./jmeter -Jserver.rmi.ssl.disable=true -Jremote_hosts=127.0.0.1:24000 -Jclient.rmi.localport=25000 -Jmode=Statistical -n -t test.jmx -l result.jtl
You don't need to configure any firewalls as all the communication is happening over the SSH tunnel
More information:
Remote hosts and RMI configuration
Apache JMeter Properties Customization Guide
When trying to upload file to FTP with java program:
public void upload(String localFile,String remoteFile) throws Exception{
ftp = new FTPClient();
ftp.setControlKeepAliveTimeout(300);
ftp.connect(host,21);
ftp.enterLocalPassiveMode();
ftp.setUseEPSVwithIPv4(false);
ftp.login(user,password);
ftp.setFileType(FTPClient.BINARY_FILE_TYPE);
FileInputStream in = null;
in = new FileInputStream(localFile);
ftp.storeFile(remoteFile,in);
in.close();
ftp.disconnect();
}
I'm getting:
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:381)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:243)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:230)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:377)
at java.net.Socket.connect(Socket.java:539)
at org.apache.commons.net.SocketClient._connect(SocketClient.java:243)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:202)
When I try to upload the same file with command line (from linux), I'm able to do it only when using EPSV:
llnx:~ ftp anonymous#9.20.1.116
Connected to 9.20.1.116.
220 Microsoft FTP Service
331 Anonymous access allowed, send identity (e-mail name) as password.
Password:
230 User logged in.
Remote system type is Windows_NT.
ftp> epsv
EPSV/EPRT on IPv4 off.
ftp> put /tmp/file1.xml /dir_1/file1.xml
local: /tmp/file1.xml remote: /dir_1/file1.xml
227 Entering Passive Mode (10,40,1,149,233,168).
125 Data connection already open; Transfer starting.
100% |*************************************| 117 KB 28.66 MB/s --:-- ETA
226 Transfer complete.
120032 bytes sent in 00:00 (7.96 MB/s)
So, Why does my java code getting Connection refused?
Maybe I'm not using the enterLocalPassiveMode() or setUseEPSVwithIPv4() method the right way?
*** I think the answer is how to run the EPSV command from Java program.
Thank you all.
Eithan.
This is purely a guess but java.net.ConnectException: Connection refused normally happens when there is nothing listening on the target host/port. You don't specify a port in the CLI example so maybe that is the problem. Try changing ftp.connect(host,21); to ftp.connect(host); to use the default. Also confirm the the hostnames are exactly the same.
This assumes that the error is on the call to connect(). You haven't provided a big enough stack trace to indicate either way.
Connection refused means that your TCP connection request has reached the remote server (or more correctly >>a<< remote server) but the server is not expecting / listening for an incoming connection. So it "refuses" it.
Here are the things to check:
Check that you have the correct remote hostname or IP address for the FTP server.
Check that you are using the correct port for the FTP server. Port 21 is the default, but it is possible that the server is on a non-standard port.
Check that the FTP server is actually running.
It is also possible that the problem is due to a firewall doing something deliberately confusing. But that is unlikely for a publicly routable FTP server.
Maybe I'm not using the enterLocalPassiveMode() or setUseEPSVwithIPv4() method the right way?
That can't be the problem. The stacktrace shows that your application failed while trying to establish the initial connection to the server. You haven't gotten to the point where the you can make those calls.
I am using jsch-0.1.51.jar for sftp connection in my program and it was working fine for last 1 year but suddenly program started throwing error :
Algorithm negotiation fail. Below code:
=========================================
jsch.addIdentity(sftpIdentityFilePath);
logger.info("*****************Getting SFTP Connection******************");
session = jsch.getSession(sftpUser, sftpHost, 2222);
System.out.println("crossed seesion initialize");
session.setConfig("StrictHostKeyChecking", "no");
System.out.println("crossed seesion config");
session.connect();
System.out.println("crossed seesion connect");
channel= session.openChannel("sftp");
System.out.println("sftp server connected");
logger.info("SFTP server connected");
channel.connect();
logger.info("*****************SFTP Connected******************");
==============================================================
After finding the issue I have used a updated jar to jsch-0.1.54.jar. But it's throwing a different exception
2018-04-28 18:17:51 ERROR FileCopyMain:978 -
Session.connect: java.io.IOException: End of IO Stream Read
Also in both this cases when I am trying to run this program from Eclipse IDE then it's working fine. But when I am creating the jar file of this Java code then I am getting these issue.
Context of this SFTP connection code: I am connecting a server using private key to download files to my local
Can some body please help me out with this?
Algorithm negotiation fail.
This means that the client and server side could not agree on the encryption algorithm to be used to keep the SSH connection secure. When that happens, the server side will close the connection, leading to the IOException that you see.
The most likely explanation is that either the client side SSH implementation is out of date, or the server-side SSH implementation is out of date. There should be some clues in the jcsh "DEBUG" logging; see JSch logger - where can I configure the level. If that fails, look at the logs on the server side.
The solution will depend on what you find.
I am trying to use apache commons to send manual FTP commands as I have to send non-standard FTP commands to a specific server (that accepts them)
Before I try to send these non-standard commands I want to get FTP working manually with commons.net.ftp. Unfortunately I seem to be missing something.
This works fine (i.e. it retrieves the list of files)
FTPClient ftp = new FTPClient();
FTPClientConfig config = new FTPClientConfig();
ftp.configure(config);
ftp.connect("ftp.mozilla.org");
ftp.login("anonymous", "");
ftp.enterLocalPassiveMode();
FTPFile[] fileList = ftp.listFiles("/");
This doesn't
FTPClient ftp = new FTPClient();
FTPClientConfig config = new FTPClientConfig();
ftp.configure(config);
ftp.connect("ftp.mozilla.org");
ftp.login("anonymous", "");
ftp.sendCommand("PASV");
ftp.sendCommand("NLST");
I get the appropriate response for ftp.sendCommand("PASV"); but it times out on ftp.sendCommand("NLST"); finally giving me
425 Failed to establish connection.
I have tried to research the topic but most advice on this error is for people setting up servers (and it's usually a firewall problem).
Why does it work when net.ftp does it, but not when I send the commands manually?
Sending the PASV command manually is not enough, the client has to open the data connection to the port specified by the server in response to the PASV command. This is performed by calling the enterLocalPassiveMode() method. Since sending PASV manually doesn't initialize the data connection you get an error shortly after.
See http://slacksite.com/other/ftp.html#passive for more details on the FTP protocol.
i have written a program to connect to ssh server using JSCH lib, the program runs well.
in the catch block i have used
catch(JSchException ee)
{
....
}
when error occurs i get these messages,
com.jcraft.jsch.JSchException: java.net.NoRouteToHostException: No route to host
com.jcraft.jsch.JSchException: Auth fail
com.jcraft.jsch.JSchException: timeout: socket is not established
now i need to display the error message in a dialog box. for each type of error i have to display different output. plz guide me how to process these exceptions and to differentiate them..
Your server seems to be unreachable: "No route to host" so your client cannot connect to it "Auth fail" and the socket reaches its timeout.
Try to ping the server to see its response. Make sure you give the same ip address you use in the program. If you directly provide the server name, check your host file /etc/hosts on Linux or %SystemRoot%\system32\drivers\etc\hosts.
ADD below nuget packages to your solution
DiffieHellman
Org.Mentalis.Security