java.security.InvalidAlgorithmParameterException进入SFTP

时间:2016-06-06 10:57:06

标签: java ssh sftp java-security

您好我正在尝试一个简单的sftp,但我在建立时遇到错误。连接,我正在使用 maverick-legacy-client-all jar https://www.sshtools.com/en/products/java-ssh-client此代码在1.6.9版本中运行良好,但在将其更新为1.6.17时失败了。

我也尝试过那里的jar changes doc here,关于我的异常 DiffieHellmanGroupExchange Algo 相关变化的注释很少,但我没有清楚地理解它们。

public void connect() throws SshException, IOException,
        SftpStatusException, ChannelOpenException {

    SshConnector con = SshConnector.createInstance();
    con.setKnownHosts(new SftpHostKeyVerification());
    // Tries SSH2 first and fallback to SSH1 if its not available
    con.setSupportedVersions(SshConnector.SSH1 | SshConnector.SSH2);
    /*Error coming here, in con.connect*/

    this.ssh = con
            .connect(new SocketTransport(this.host, DEFAULT_SSH_PORT),
                    this.userName);

    PasswordAuthentication pwd = new PasswordAuthentication();
    pwd.setPassword(this.passwod);
    int isLoggedIn = this.ssh.authenticate(pwd);
    if (SshAuthentication.COMPLETE == isLoggedIn) {
        this.client = new SftpClient(this.ssh);
    } else {
        throw new IOException("[Authentication failure] login status: "
                + isLoggedIn);
    }
}

异常日志:

com.maverick.ssh.SshException: com.maverick.ssh.SshException
    at com.maverick.ssh.components.jce.client.DiffieHellmanGroupExchangeSha1.performClientExchange(DiffieHellmanGroupExchangeSha1.java:315)
    at com.maverick.ssh2.TransportProtocol.performKeyExchange(TransportProtocol.java:1424)
    at com.maverick.ssh2.TransportProtocol.processMessage(TransportProtocol.java:1835)
    at com.maverick.ssh2.TransportProtocol.startTransportProtocol(TransportProtocol.java:348)
    at com.maverick.ssh2.Ssh2Client.connect(Ssh2Client.java:146)
    at com.maverick.ssh.SshConnector.connect(SshConnector.java:649)
    at com.maverick.ssh.SshConnector.connect(SshConnector.java:471)
    at com.tekelec.ems.util.SftpImpl.connect(SftpImpl.java:73)
    at com.tekelec.ems.eagle.measurement.WriterThread.run(WriterThread.java:93)

 Caused by: com.maverick.ssh.SshException: Failed to generate DH value: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive) [java.security.InvalidAlgorithmParameterException]
    at com.maverick.ssh.components.jce.client.DiffieHellmanGroupExchangeSha1.performClientExchange(DiffieHellmanGroupExchangeSha1.java:250)
    ... 8 more

Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)
    at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenerator.java:120)
    at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:658)
    at java.security.KeyPairGenerator.initialize(KeyPairGenerator.java:400)
    at com.maverick.ssh.components.jce.client.DiffieHellmanGroupExchangeSha1.performClientExchange(DiffieHellmanGroupExchangeSha1.java:240)
    ... 8 more

2 个答案:

答案 0 :(得分:1)

这是因为默认密钥交换算法在这些版本之间更改为更安全的算法,并且您没有包含Maverick旧客户端分发版的lib文件夹中提供的所有第三方依赖项。此文件夹包含BouncyCastle JCE提供程序,如果添加到类路径将解决此问题。

您面临的问题是,如果没有BouncyCastle JCE提供程序或支持大型Diffie Hellman素数的合适JCE提供程序,您将无法为更新的,更安全的密钥交换方法生成大质数。

答案 1 :(得分:0)

我认为这对许多程序员来说是一个非常严重的情况, 我还要感谢Lee David这里的建议。我能够通过在maverick lib文件夹中添加Bouncy Castle JCE第三方jar来处理这种情况。

在此之前,我试图按照其他帖子的建议编辑我的java.security文件,但这很简单,这些Bouncy Castle罐子也捆绑在Maverick官方发布中,所以不用担心这一部分。