Hi Luis, SUN JCE provider shipped with JDK places restrictions on Diffie Hellman modulus bit size to range from 512 to 2048 bits in increments of 64 bits[1]. Support for bigger keys is due in Java 9[2].
Your SSH server probably has Diffie Hellman modulus size > 2048, possibly to circumvent LOGJAM vulnerability[3], or is using key size that is not modulo 64. You can: - either change the Diffie Hellman key exchange settings of your SSH server, or - upgrade to a newer version of karaf (4.1.x) [4] that includes newer version of Apache SSHD[5], or - install Bouncy Castle with priority over SUN JCE[6] (not recommended, really) zoran [1] https://github.com/openjdk-mirror/jdk/blob/jdk8u/jdk8u/master/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java#L83-L88 [2] https://bugs.openjdk.java.net/browse/JDK-8072452 [3] https://weakdh.org/ [4] https://issues.apache.org/jira/browse/KARAF-4461 [5] https://issues.apache.org/jira/browse/SSHD-589 [6] http://www.bouncycastle.org/wiki/display/JA1/Provider+Installation#ProviderInstallation-InstallingtheProviderStatically On Thu, Nov 3, 2016 at 4:23 PM, conejo <[email protected]> wrote: > I tried the next command: > ssh:ssh -p 22 user@server > > > using karaf console and I have the next message in the log: > (I can connect to the same server using putty) > > java.security.InvalidAlgorithmParameterException: Prime size must be > multiple of 64, and can only range from 512 to 2048 (inclusive) -- Zoran Regvart [email protected]
