3

I am trying to connect to password less configured server using SFTP. Sftp connection is successful using terminal. But when I am connecting in JAVA (using Jsch library) through username and password, I am unable to connect. My java code:- 

try {
        try {
            jsch.addIdentity(ftp_Info.getSftpCertFile());
        } catch (Exception e) {
            // TODO: Add a log message
        }
        session = jsch.getSession(ftp_Info.getUserName(), ftp_Info.getHost(), ftp_Info.getPort());
        String pswd = (password_encypted) // password encryption
        session.setPassword(pswd);
        session.setConfig("StrictHostKeyChecking", "no");
        session.setConfig("PreferredAuthentications", "password,hostbased,publickey");
        session.connect(); // exception occurred here
        session.setTimeout(connectionTimeOut);
        Channel channel = session.openChannel(SFTP);
        channel.connect();
        sftpChannel = (ChannelSftp) channel;

    } catch (Exception e) {
        log.error(e.getMessage(), e);//error logged here
    }

I am getting following exception :-

com.jcraft.jsch.JSchException: Session.connect: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive) at com.jcraft.jsch.Session.connect(Session.java:485) at com.jcraft.jsch.Session.connect(Session.java:149)

Please help in troubleshooting or resolving it. Is there any way except any third party service provider to make my 2048 bit key pass this exception?

Improve this question
2
  • I suspect this is a problem with your crypto suite. You are probably going to want to switch to use BouncyCastle provider. What JDK are you using? Commented Jul 25, 2017 at 13:37
  • I am using jdk 1.7 Commented Jul 25, 2017 at 13:48

1 Answer 1

Reset to default
2

Under 1.7, I will assume you are utilizing maven for your project. I would add the bouncycastle dependency to your pom.

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk16</artifactId>
    <version>1.45</version>
</dependency>

This should work fine with jdk 7.

Then add a line of code to add the BouncyCastle provider as the 1st provider.

Security.insertProviderAt(new BouncyCastleProvider(),1);

I would place that prior to your getSftpCertFile() call and prior to any SSL related code. If you are not using Maven or have a different infrastructure, please let me know. You could configure the security provider at the JRE level, but I would always prefer to configure at the project level if possible to not impact other projects.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

My key size is 2048 bit, and I think thats the reason I am getting the exception. Will jdk1.8 will make it work or bountyCastleProvider. If jdk1.8 wil work than that will be more feasible.
The issue with the JCE imposing an artificial restricition on the Diffie-Hellman primes (JDK-651495) should have been in addressed in JDK8u56. So as long as you use a JDK8u56 or later this should address the problem.
Thanks for your help @M.Rizzo

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.