jenkins / java升级后,由于rsa密钥大小为2047,如何解决或解决CVS身份验证问题?

时间:2019-03-15 14:15:03

标签: jenkins jenkins-plugins cvs ssh-keys

这个问题已经困扰我好几年了! 要解决此问题需要更改哪些键?

背景:大小为2048的ssh rsa密钥可以以前导1或0开头。前导0导致该密钥被某些软件视为长度2047。这些密钥似乎不符合标准,因此最新软件库不接受它们。

用于允许2047大小rsa密钥的较旧的Java版本和默认加密库。较新的Java没有。 “”“ java.security.InvalidAlgorithmParameterException:DH密钥大小必须是64的倍数,并且只能在512到8192(含)范围内。看不到特定的密钥大小2047。”“”

我们看到的是,当詹金斯升级时,现在可以使用CVS访问的作业不起作用:-(

如果不重建jenkins以使用不同的安全性库,是否可以解决此问题?

尝试生成RSA大小为4096的CVS用户密钥。没有成功。错误所在是CVS服务器主机密钥还是CVS用户密钥?

https://www.ssh.com/ssh/keygen/ 

ssh-keygen -t rsa -b 4096

可以使用不同的密码库解决错误: DH key size must be multiple of 64, and can only range from 512 to 2048 (inclusive)

2047和2048个RSA密钥长度: https://security.stackexchange.com/questions/90169/rsa-public-key-and-private-key-lengths

DHGEX failing with 2048-bit key under Java 8, but succeeding with 1024-bit key 

Building in workspace /var/lib/jenkins/workspace/cvs_status_xxxxx
cvs checkout -P -D 15 Mar 2019 12:30:42 +0000 -d xxxxx xxxxx 
ERROR: CVS Authentication failed: null
org.netbeans.lib.cvsclient.connection.AuthenticationException: SSH connection failed.
    at org.netbeans.lib.cvsclient.connection.SSHConnection.open(SSHConnection.java:141)
    at org.netbeans.lib.cvsclient.Client$1.run(Client.java:374)
    at java.lang.Thread.run(Thread.java:748)
Caused by: com.jcraft.jsch.JSchException: Session.connect: java.security.InvalidAlgorithmParameterException: DH key size must be multiple of 64, and can only range from 512 to 8192 (inclusive). The specific key size 2047 is not supported
    at com.jcraft.jsch.Session.connect(Session.java:565)
    at com.jcraft.jsch.Session.connect(Session.java:183)
    at org.netbeans.lib.cvsclient.connection.SSHConnection.open(SSHConnection.java:139)
    ... 2 more
ERROR: Cvs task failed
ERROR: Step ‘Archive the artifacts’ failed: No artifacts are configured for archiving.
You probably forgot to set the file pattern, so please go back to the configuration and specify it.
If you really did mean to archive all the files in the workspace, please specify "**"
[BFA] Scanning build for known causes...
[BFA] No failure causes found
[BFA] Done. 0s
Started calculate disk usage of build
Finished Calculation of disk usage of build in 0 seconds
Started calculate disk usage of workspace
Finished Calculation of disk usage of workspace in 0 seconds
Finished: FAILURE

https://bugs.openjdk.java.net/browse/JDK-8164963 在RFC 2631和FIPS 186-3 / 4中,p不能有前导零。 JDK强制执行此操作。 https://www.ietf.org/rfc/rfc2631.txt RFC的本部分对此进行了概述:“ 2.2.1.1。p,q的生成”

0 个答案:

没有答案
相关问题
最新问题