无法使用JSch和Java 8的密钥文件连接到SFP服务器 [英] Cannot connect to SFP sever using key file with JSch and Java 8

问题描述

我正在尝试使用2048位RSA密钥文件连接到SFTP服务器。它可以使用JSch在JRE版本7r45上运行良好，但是在针对JRE版本8r31运行时我得到了以下异常。

I am trying to connect to a SFTP server using a 2048 bit RSA key file. It works fine running against version 7r45 of the JRE using JSch but i get the follow exception when running against version 8r31 of the JRE.

com。 jcraft.jsch.JSchException：Session.connect：java.security.InvalidAlgorithmParameterException：Prime大小必须是64的倍数，并且只能在512到2048（含）之间。

这不是一个有限的Java安全策略的问题，因为我已经尝试过，无论两个版本的java都有无限制的强度jar。

It's not an issue with limited Java security policy as I have tried it with and without the unlimited strength jars for both versions of java.

我已经看到对此异常的其他引用建议用BouncyCastle替换默认的Java JCE提供程序，但为什么java 7和java 8之间会有区别？我通过在程序启动时运行
Security.addProvider（new BouncyCastleProvider（））; 来尝试这个，但它似乎没有任何区别。

I have seen other references to this exception suggesting replacing the default java JCE provider with the BouncyCastle one, but why would there be a difference between java 7 and java 8? I did try this by running Security.addProvider(new BouncyCastleProvider()); at program start up but it doesn't seem to make any difference.

推荐答案

我们案例中的问题似乎是通过在调用session之前删除diffie-hellman-group-exchange-sha1来修复/解决的。 connect（）

The problem in our case seems to be fixed/worked around by removing diffie-hellman-group-exchange-sha1 before calling session.connect()

String kex = session.getConfig("kex");
System.out.println("old kex:" + kex);
kex = kex.replace(",diffie-hellman-group-exchange-sha1", "");
session.setConfig("kex", kex);
System.out.println("new kex:" + session.getConfig("kex"));
session.connect();

[我们控制客户端，但不控制我们无法连接的服务器。]

[We control the client, but not the server that we were failing to connect to.]

这篇关于无法使用JSch和Java 8的密钥文件连接到SFP服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！