[JSch-users] Jsch stopped working with Java8

Thu, 11 Sep 2014 04:13:28 -0700 

Hello,
I have faced with the same issue as discussed here http://sourceforge.net/p/jsch/mailman/message/32660306 and here http://stackoverflow.com/questions/25404371/java8-jcraft-key-is-too-long-for-this-algorithm 


I had a chance to test it with two different SFTP servers and got 
different results. Please find JSch logs (successful and failed) in 
attachments.


Could you help me to find the root of the problem and how it can be fixed?

Also the following test passes fine without any exception:

Try the following program

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

public class CheckCrypto {
     public static void main(String[] args){
         String cryptoAlg = "AES";
         try{
             SecretKeySpec keyspec = new SecretKeySpec(new byte[32], cryptoAlg);
             Cipher c = Cipher.getInstance(cryptoAlg + "/CBC/NoPadding");
             c.init(Cipher.ENCRYPT_MODE, keyspec, new IvParameterSpec(new 
byte[16]));
         }
         catch(Exception e){
             System.err.println("************ The Java Virtual Machine can't handle 
strong cryptography.\n************ This will lead to problems with some services and 
subsystems!");
         }

     }
}

If you get the exception-message, you still need to install the
unlimimted strength cryptography policy files.


Cheers, Lothar


-----
Sincerely,
Nick

Connecting to *.*.*.* port 22
Connection established
Remote version string: SSH-2.0-1.36_sshlib GlobalSCAPE
Local version string: SSH-2.0-JSCH-0.1.51
CheckCiphers: 
aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
aes256-cbc is not available.
aes192-cbc is not available.
CheckKexes: diffie-hellman-group14-sha1
SSH_MSG_KEXINIT sent
SSH_MSG_KEXINIT received
kex: server: diffie-hellman-group1-sha1
kex: server: ssh-dss
kex: server: 
twofish-cbc,twofish128-cbc,3des-cbc,cast128-cbc,aes256-cbc,aes128-cbc
kex: server: 
twofish-cbc,twofish128-cbc,3des-cbc,cast128-cbc,aes256-cbc,aes128-cbc
kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
kex: server: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
kex: server: zlib,none
kex: server: zlib,none
kex: server:
kex: server:
kex: client: 
diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
kex: client: ssh-rsa,ssh-dss
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
kex: client: none
kex: client: none
kex: client:
kex: client:
kex: server->client aes128-cbc hmac-md5 none
kex: client->server aes128-cbc hmac-md5 none
SSH_MSG_KEXDH_INIT sent
expecting SSH_MSG_KEXDH_REPLY
Caused by: com.jcraft.jsch.JSchException: Session.connect: 
java.security.InvalidKeyException: Key is too long for this algorithm
        at com.jcraft.jsch.Session.connect(Session.java:558)
        at com.jcraft.jsch.Session.connect(Session.java:183)

Connecting to *.*.*.* port 22
Connection established
Remote version string: SSH-2.0-OpenSSH_5.8
Local version string: SSH-2.0-JSCH-0.1.51
CheckCiphers: 
aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
aes256-cbc is not available.
aes192-cbc is not available.
CheckKexes: diffie-hellman-group14-sha1
SSH_MSG_KEXINIT sent
SSH_MSG_KEXINIT received
kex: server: 
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
kex: server: ssh-rsa,ssh-dss
kex: server: 
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se
kex: server: 
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se
kex: server: 
hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
kex: server: 
hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
kex: server: none,z...@openssh.com
kex: server: none,z...@openssh.com
kex: server:
kex: server:
kex: client: 
diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
kex: client: ssh-rsa,ssh-dss
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
kex: client: none
kex: client: none
kex: client:
kex: client:
kex: server->client aes128-ctr hmac-md5 none
kex: client->server aes128-ctr hmac-md5 none
SSH_MSG_KEXDH_INIT sent
expecting SSH_MSG_KEXDH_REPLY
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users























					Reply via email to