[
https://issues.apache.org/jira/browse/NIFI-7168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17039865#comment-17039865
]
Raymond van den Bedum commented on NIFI-7168:
---------------------------------------------
Issue can be resolved by installing Bouncy Castle which is a highly recommended
dependency SSHJ.
[https://github.com/wultra/powerauth-server/wiki/Installing-Bouncy-Castle]
# Copying
[{{bcprov-jdk15on.jar}}|https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on]
to your {{${JDK_HOME}/jre/lib/ext}} folder.
# Adding a following record to your
{{${JDK_HOME}/jre/lib/security/java.security}}:
... where {{N}} should be replaced according to your file content. Usually,
there are multiple {{security.provider.X}} records in the file, you should
chose the next in order number as {{N}}, for example:
{code:java}
#
# List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=sun.security.ec.SunEC
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
security.provider.10=apple.security.AppleProvider
security.provider.11=org.bouncycastle.jce.provider.BouncyCastleProvider
{code}
___Warning: Configuring Bouncy Castle as the first provider
(security.provider.1) may cause JVM errors._
> List/Fetch SFTP parameter object not a ECParameterSpec
> ------------------------------------------------------
>
> Key: NIFI-7168
> URL: https://issues.apache.org/jira/browse/NIFI-7168
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.10.0, 1.11.1
> Reporter: Raymond van den Bedum
> Priority: Minor
> Labels: fetchsftp, listsftp
> Attachments: Screenshot 2020-02-19 at 09.53.06.png
>
>
> While fetching data from a sftp site an error occurs.
>
> ListSFTP[id=0159101f-586d-11a7-03ab-a8b0637edcc7] Failed to perform listing
> on remote host due to parameter object not a ECParameterSpec:
> net.schmizz.sshj.transport.TransportException: [KEY_EXCHANGE_FAILED]
> parameter object not a ECParameterSpec
>
>
> Auto-refresh
> [KEY_EXCHANGE_FAILED], msg=[parameter object not a ECParameterSpec]
> debug output:
> {code:java}
> 2020-02-19 09:40:23,963 INFO [Timer-Driven Process Thread-4]
> n.s.s.t.random.BouncyCastleRandom Generating random seed from SecureRandom.
> 2020-02-19 09:40:23,963 DEBUG [Timer-Driven Process Thread-4]
> n.s.s.t.random.BouncyCastleRandom Creating random seed took 0 ms
> 2020-02-19 09:40:24,291 INFO [Timer-Driven Process Thread-4]
> net.schmizz.sshj.transport.TransportImpl Client identity string:
> SSH-2.0-SSHJ_0.27.0
> 2020-02-19 09:40:24,557 INFO [Timer-Driven Process Thread-4]
> net.schmizz.sshj.transport.TransportImpl Server identity string:
> SSH-2.0-Serv-U_15.1.7.238
> 2020-02-19 09:40:24,557 DEBUG [Timer-Driven Process Thread-4]
> net.schmizz.sshj.transport.KeyExchanger Sending SSH_MSG_KEXINIT
> 2020-02-19 09:40:24,635 DEBUG [reader]
> net.schmizz.sshj.transport.KeyExchanger Received SSH_MSG_KEXINIT
> 2020-02-19 09:40:24,635 DEBUG [reader]
> net.schmizz.sshj.transport.KeyExchanger Negotiated algorithms: [
> kex=ecdh-sha2-nistp521; sig=ssh-dss; c2sCipher=aes256-cbc;
> s2cCipher=aes256-cbc; c2sMAC=hmac-sha2-256; s2cMAC=hmac-sha2-256;
> c2sComp=none; s2cComp=none ]
> 2020-02-19 09:40:24,666 ERROR [reader]
> net.schmizz.sshj.transport.TransportImpl Dying because - parameter object not
> a ECParameterSpec
> net.schmizz.sshj.transport.TransportException: parameter object not a
> ECParameterSpec
> at
> net.schmizz.sshj.transport.KeyExchanger.gotKexInit(KeyExchanger.java:240)
> at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:356)
> at
> net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:503)
> at net.schmizz.sshj.transport.Decoder.decodeMte(Decoder.java:159)
> at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:79)
> at net.schmizz.sshj.transport.Decoder.received(Decoder.java:231)
> at net.schmizz.sshj.transport.Reader.run(Reader.java:59)
> Caused by: java.security.InvalidAlgorithmParameterException: parameter object
> not a ECParameterSpec
> at
> org.bouncycastle.jcajce.provider.asymmetric.ec.KeyPairGeneratorSpi$EC.initialize(Unknown
> Source)
> at java.security.KeyPairGenerator.initialize(KeyPairGenerator.java:411)
> at net.schmizz.sshj.transport.kex.ECDH.init(ECDH.java:45)
> at net.schmizz.sshj.transport.kex.ECDHNistP.initDH(ECDHNistP.java:82)
> at net.schmizz.sshj.transport.kex.AbstractDHG.init(AbstractDHG.java:46)
> at
> net.schmizz.sshj.transport.KeyExchanger.gotKexInit(KeyExchanger.java:236)
> ... 6 common frames omitted
> 2020-02-19 09:40:24,666 INFO [reader]
> net.schmizz.sshj.transport.TransportImpl Disconnected - KEY_EXCHANGE_FAILED
> 2020-02-19 09:40:24,666 DEBUG [reader]
> net.schmizz.sshj.transport.KeyExchanger Got notified of
> net.schmizz.sshj.transport.TransportException: [KEY_EXCHANGE_FAILED]
> parameter object not a ECParameterSpec
> 2020-02-19 09:40:24,666 DEBUG [reader] n.s.s.t.TransportImpl$NullService
> Notified of net.schmizz.sshj.transport.TransportException:
> [KEY_EXCHANGE_FAILED] parameter object not a ECParameterSpec
> 2020-02-19 09:40:24,666 DEBUG [reader]
> net.schmizz.sshj.transport.TransportImpl Setting active service to
> null-service
> 2020-02-19 09:40:24,666 DEBUG [reader]
> net.schmizz.sshj.transport.TransportImpl Sending SSH_MSG_DISCONNECT:
> reason=[KEY_EXCHANGE_FAILED], msg=[parameter object not a ECParameterSpec]
> 2020-02-19 09:40:24,666 DEBUG [reader] net.schmizz.sshj.transport.Reader
> Stopping
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
