Yes, that works on Java8, I can now access the FIPS-mode server using diffie-hellman-group-exchange-sha1 . But it still fails on Java7, I assume because it can not generate keys > 1024? Does this mean it will be hopeless to use JSch to connect to a FIPS-mode server on Java7 (that's mostly all I have here)? Thanks. - Scott
On 3/13/2015 7:33 PM, Atsuhiko Yamanaka wrote: > Hi, > > +-From: Scott Smith <sc...@smithdomain.com> -- > |_Date: Fri, 13 Mar 2015 11:43:55 -0500 ______ > | > |Using 0.1.51, I am unable to connect to a CentOS6/RH6 Server setup in > |"FIPS compliance mode" > > |(https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html). > ... > | sshd[9299]: debug3: mm_answer_moduli: got parameters: 2048 2048 1024 > | sshd[9299]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024 > > |Using either diffie-hellman-group-exchange-sha1 or > |diffie-hellman-group-exchange-sha256 fails with FIPS enabled, but > |succeeds with FIPS disabled. Using either with the OpenSSH client works > |fine. > > Could you try to replace the following line > static int max=1024; > with > static int max=2048; > in src/main/java/com/jcraft/jsch/DHGEX.java, and > choose 'diffie-hellman-group-exchange-sha1' on 'Java8'? > > > Sincerely, > -- > Atsuhiko Yamanaka > JCraft,Inc. > 1-14-20 HONCHO AOBA-KU, > SENDAI, MIYAGI 980-0014 Japan. > Tel +81-22-723-2150 > Skype callto://jcraft/ > Twitter: http://twitter.com/ymnk > Facebook: http://facebook.com/aymnk ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ JSch-users mailing list JSch-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jsch-users
