Re: [JSch-users] JSCH - Change order of preference for key exchange algorithms for connection
Status: Alpha
Brought to you by:
ymnk
From: nazlı g. <naz...@gm...> - 2010-08-23 08:27:20
|
Thanks for the reply Atsuhiko. I have another question here and appreciate your help: What is this list used for? It represents the list of algorithms that we support for session but if the first item on the list is not supported by the ssh server than we get an exception and jar file does *not* continue trying second item. For instance: Jsch supports below default config for "cipher.s2c": *aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc * but I want to use the "*aes128-cbc*" as default, and if ssh server does not support this algorithm, want to use "*3des-cbc*": session.setConfig("cipher.s2c", "aes128-cbc,3des-cbc"); Using code above I get "*com.jcraft.jsch.JSchException: SSH_MSG_DISCONNECT: 2 Packet corrupt*" exception when the server does not support aes128-cbc but supports 3des-cbc. (when the order of the configuration changes as 3des-cbc, aes128-cbc; I can have a successful connection) So is there a way to handshake with the server on that? I mean, can I send a list of algorithms that I support and handshake with the server on which one is going to be used, Or should I keep trying to change order of config until I get a successful connection as I get an exception? Is there a property for that which I am not aware of? Sorry for the long mail, I just tried to make myself clear. Thanks, Nazli 2010/8/23 Atsuhiko Yamanaka <ym...@jc...> > Hi, > > +-From: =?ISO-8859-9?B?bmF6bP0gZ/xuZPx6?= <naz...@gm...> -- > |_Date: Wed, 18 Aug 2010 17:16:55 +0300 ______________________________ > | > |I want to change the order of preference of key exchange or encryption > |algorithms in Jsch. I tried overriding the config as below: > |config = new Properties(); > |String kexOrder = getOrderForConfiguration("kex"); > |where "getOrderForConfiguration" method returns a string including the > |preferred order of algorithms. This does not seem to work. In addition, > can > |I remove one of the algorithm supported to support only one kex > algorithm? > |I appreciate your help. > > I don't know about the implementation of your getOrderForConfiguration() > method, but you can config and choose kex algorithm as follows, > > ... > JSch jsch = new JSch(); > Session session = jsch.getSession(user, host, 22); > System.out.println("default settings for kex: > "+session.getConfig("kex")) > session.setConfig("kex", "diffie-hellman-group1-sha1") > ... > > > Sincerely, > -- > Atsuhiko Yamanaka > JCraft,Inc. > 1-14-20 HONCHO AOBA-KU, > SENDAI, MIYAGI 980-0014 Japan. > Tel +81-22-723-2150 > +1-415-578-3454 > Skype callto://jcraft/ > Twitter: @ymnk > -- Nazli |