Thanks for the quick reply Ryan Can you please share the link, it is missed in the mail
Thanks Vikram From: Ryan Goulding [mailto:ryandgould...@gmail.com] Sent: 22 November 2016 20:30 To: Vikram Darsi <vda...@advaoptical.com> Cc: controller-dev@lists.opendaylight.org; netconf-...@lists.opendaylight.org Subject: Re: [controller-dev] InvalidAlgorithmParameterException during SSH key exchange Hi Vikram, I have run into this too before. You need to make sure you are using bouncy castle JCE, which is described here [0]. Basically, even though the default JCE + Unlimited Strength Policy + JDK8 "allows" for 2K DHE keys, they do not work in Ubuntu.. no idea why. They do work in CentOS. I tried copying over some of the settings to the Ubuntu from the CentOS config, but still never got it to cough up a 2K key. However, after enabling bouncy castle all is well again :). Hope this helps. Regards, Ryan Goulding On Tue, Nov 22, 2016 at 9:25 AM, Vikram Darsi <vda...@advaoptical.com<mailto:vda...@advaoptical.com>> wrote: Hi Team We are using ODL Boron and facing below exception while SSH Key exchange is happening between Netconf Client (SSH Client) and Netconf based device (SSH Server) 1. SSH Server is a NETCONF based device (SSH-2.0-OpenSSH_6.4) 2. SSH Client is based on Apache Mina SSHD 0.14.0 & Mina Core 2.0.9 running on JAVA (1.8.0_45) (SSH handshake failed with below exception) 3. In beryllium, SSH Client is based on Apache Mina SSHD 0.12.0 & Mina Core 2.0.7running on JAVA (1.8.0_45) (SSH handshake is successful) java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 2048 (inclusive) at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenerator.java:120)[sunjce_provider.jar:1.8.0_51] at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:674)[:1.8.0_45] at java.security.KeyPairGenerator.initialize(KeyPairGenerator.java:411)[:1.8.0_45] at org.apache.sshd.common.kex.DH.getE(DH.java:65)[31:org.apache.sshd.core:0.14.0] at org.apache.sshd.client.kex.DHGEX.next(DHGEX.java:118)[31:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:425)[31:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:326)[31:org.apache.sshd.core:0.14.0] at org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:306)[31:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:780)[31:org.apache.sshd.core:0.14.0] at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:308)[31:org.apache.sshd.core:0.14.0] at com.adva.ensemble.controller.callhome.impl.ReversedAsyncSshHandler$MyAsyncSshHandlerReader.operationComplete(ReversedAsyncSshHandler.java:138)[286:com.adva.ensemble.controller.callhome-config-dispatcher:17.1.1.1] at com.adva.ensemble.controller.callhome.impl.ReversedAsyncSshHandler$MyAsyncSshHandlerReader.operationComplete(ReversedAsyncSshHandler.java:111)[286:com.adva.ensemble.controller.callhome-config-dispatcher:17.1.1.1] at org.apache.mina.core.future.DefaultIoFuture.notifyListener(DefaultIoFuture.java:375)[30:org.apache.mina.core:2.0.9] at org.apache.mina.core.future.DefaultIoFuture.notifyListeners(DefaultIoFuture.java:360)[30:org.apache.mina.core:2.0.9] at org.apache.mina.core.future.DefaultIoFuture.setValue(DefaultIoFuture.java:288)[30:org.apache.mina.core:2.0.9] at org.apache.mina.core.future.DefaultReadFuture.setRead(DefaultReadFuture.java:102)[30:org.apache.mina.core:2.0.9] at org.apache.mina.core.session.AbstractIoSession.offerReadFuture(AbstractIoSession.java:372)[30:org.apache.mina.core:2.0.9] at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:857)[30:org.apache.mina.core:2.0.9] at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)[30:org.apache.mina.core:2.0.9] at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48)[30:org.apache.mina.core:2.0.9] at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:943)[30:org.apache.mina.core:2.0.9] at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109)[30:org.apache.mina.core:2.0.9] at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)[30:org.apache.mina.core:2.0.9] at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:535)[30:org.apache.mina.core:2.0.9] at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:714)[30:org.apache.mina.core:2.0.9] at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668)[30:org.apache.mina.core:2.0.9] at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657)[30:org.apache.mina.core:2.0.9] at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:67)[30:org.apache.mina.core:2.0.9] at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1121)[30:org.apache.mina.core:2.0.9] at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)[30:org.apache.mina.core:2.0.9] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[:1.8.0_45] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[:1.8.0_45] at java.lang.Thread.run(Thread.java:745)[:1.8.0_45] Do we need to configure any other JCE provider? Do we need to configure anything else in ODL? Please provide us some pointers on how to debug the issue Thanks Vikram _______________________________________________ controller-dev mailing list controller-dev@lists.opendaylight.org<mailto:controller-dev@lists.opendaylight.org> https://lists.opendaylight.org/mailman/listinfo/controller-dev
_______________________________________________ controller-dev mailing list controller-dev@lists.opendaylight.org https://lists.opendaylight.org/mailman/listinfo/controller-dev
