我正在使用sshj(0.19.1)处理带有SSH2连接的scala应用程序。我可以在eclipse中连接好,但是从一个胖罐子运行应用程序,我得到了一些错误。我最初的错误是:
Line 3: TransportException: null
at net.schmizz.sshj.transport.TransportException$1.chain(33)
at net.schmizz.sshj.transport.TransportException$1.chain(27)
at net.schmizz.concurrent.Promise.deliverError(96)
at net.schmizz.concurrent.Event.deliverError(74)
at net.schmizz.concurrent.ErrorDeliveryUtil.alertEvents(34)
at net.schmizz.sshj.transport.KeyExchanger.notifyError(386)
at net.schmizz.sshj.transport.TransportImpl.die(596)
at net.schmizz.sshj.transport.Reader.run(68)
我已将US_export_policy.jar和local_policy.jar添加到$ JAVA_HOME / lib / security。我已添加以下内容以尝试将bouncycastle注册为提供者,
import org.bouncycastle.jce.provider.BouncyCastleProvider
val bouncyCastle = new BouncyCastleProvider()
java.security.Security.addProvider(bouncyCastle)
net.schmizz.sshj.common.SecurityUtils.registerSecurityProvider("org.bouncycastle.jce.provider.BouncyCastleProvider")
但我仍然遇到以下错误:
INFO n.schmizz.sshj.common.SecurityUtils - Registration of Security Provider 'org.bouncycastle.jce.provider.BouncyCastleProvider' unexpectedly failed
INFO n.schmizz.sshj.common.SecurityUtils - BouncyCastle not registered, using the default JCE provider
INFO n.s.sshj.transport.random.JCERandom - Creating new SecureRandom.
WARN net.schmizz.sshj.DefaultConfig - Illegal key size
WARN net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CBC/NoPadding
...
WARN net.schmizz.sshj.DefaultConfig - Illegal key size or default parameters
WARN net.schmizz.sshj.DefaultConfig - Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy
INFO n.s.sshj.transport.TransportImpl - Client identity string: SSH-2.0-SSHJ_0.19.1
INFO n.s.sshj.transport.TransportImpl - Server identity string: SSH-2.0-OpenSSH_6.6.1
ERROR n.s.sshj.transport.TransportImpl - Dying because - {}
net.schmizz.sshj.common.SSHRuntimeException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256
at net.schmizz.sshj.common.Buffer.readPublicKey(Buffer.java:431)
at net.schmizz.sshj.transport.kex.AbstractDHG.next(AbstractDHG.java:66)
at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:358)
at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:493)
at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:104)
at net.schmizz.sshj.transport.Decoder.received(Decoder.java:172)
at net.schmizz.sshj.transport.Reader.run(Reader.java:60)
Caused by: java.security.GeneralSecurityException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256
at net.schmizz.sshj.common.KeyType$3.readPubKeyFromBuffer(KeyType.java:120)
at net.schmizz.sshj.common.Buffer.readPublicKey(Buffer.java:429)
... 6 common frames omitted
INFO n.s.sshj.transport.TransportImpl - Disconnected - UNKNOWN
ERROR net.schmizz.concurrent.Promise - <<kex done>> woke to: net.schmizz.sshj.transport.TransportException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256
我将jar作为java -cp ../lib/bcprov-jdk15on-1.51.jar -jar <my jar>运行,因为根据我的理解,你不能将bouncycastle作为你的胖罐的一部分作为提供者。但我不确定我错过了什么,我无法将其注册为提供商。任何帮助将不胜感激。
答案 0 :(得分:1)
java -jar忽略来自命令行或envvar的classpath,而是在其清单中使用指定的jar加上任何class-path项。
引用 bcprov(但不将bcprov这样的提供程序合并到你自己的jar中,你是对的)或
将bcprov放在您的JRE / lib / ext中,以便JVM可以在不使用classpath的情况下找到它。
或者使用java -cp myjar:bcprov mainclassname(在Windows上为;)并使用类路径运行。
我希望您的new BouncyCastleProvider()在尝试使用提供商的代码中达到要点之前抛出,但我不知道scala,也许它有所不同这里。
FWIW,如果这个项目升级到5年前(Java 7),你就不需要Bouncy for EC,包括ECDSA。你仍然需要Twofish,但我不知道谁(其他)实现了Twofish,如果有人需要,我会感到惊讶;您的服务器在此处标识为OpenSSH,但不是。