Re: [JSch-users] Key Exchange Cipher diffie-hellman-group14-sha1

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Thanks for the pointers.  
Now when I run my program, I get the following info message .. diffie-hellman-group14-sha1 is not available.

Code Snippet...

JSch jsch=new JSch();
Hashtable<String,String> cipherList = new Hashtable<String,String>(  );
cipherList.put("kex", "diffie-hellman-group14-sha1");
cipherList.put("diffie-hellman-group14-sha1", "com.jcraft.jsch.DHG14");
...
JSch.setConfig( cipherList );

...
Run Program...

INFO: Remote version string: SSH-2.0-OpenSSH_4.3
INFO: Local version string: SSH-2.0-JSCH-0.1.45
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1
INFO: diffie-hellman-group14-sha1 is not available.
INFO: Disconnecting from 192.168.1.6 port 22
com.jcraft.jsch.JSchException: There are not any available kexes.
	at com.jcraft.jsch.Session.send_kexinit(Session.java:576)
	at com.jcraft.jsch.Session.connect(Session.java:278)
	at com.jcraft.jsch.Session.connect(Session.java:154)
	at SshLogger.main(SshLogger.java:83)
com.jcraft.jsch.JSchException: There are not any available kexes.

So why is it saying that kex is not available?  Is this expected?  I have not included the boucycastle library yet.

How do I then override the SunJCE provider to use the bouncycastle JCE provider?

Thanks for any guidance.

-Jeff

On Dec 29, 2010, at 9:01 AM, Atsuhiko Yamanaka wrote:

> Hi,
> 
>   +-From: Jeff Russell <je...@ci...> --
>   |_Date: Sat, 25 Dec 2010 22:54:27 -0500 ___
>   |
>   |Is there any way to get jsch to work with the key exchange cipher of
>   |diffie-hellman-group14-sha1?  Right now it only seems to support
>   |diffie-hellman-group-exchange-sha1, and diffie-hellman-group1-sha1.
> 
> It seems that it has been defined since draft-ietf-secsh-transport-19[1]
> and RFC4253[2] has clearly stated it is required to be supported.  
> Frankly to say, I had not recognized it.  That is my fault.
> 
> I have tried to implemented it, and here is a working version,
>  http://www.jcraft.com/jsch/jsch-0.1.45-rc1.zip
> 
> Unfortunately, group14 requires Diffie-Hellman 2048 length key,
> and SunJCE provider included in Sun's(or Oracle's) JDK does not support such a long key.
> I have confirmed that jsch-0.1.45-rc1 with BouncyCastle[3]'s JCE provider will 
> support diffie-hellman-group14-sha1.
> 
> FYI, jsch-0.1.45 will automagically check the availability of 
> 'diffie-hellman-group14-sha1' on the running environment, 
> and if it is not available, it will be ignored.
> 
> [1] http://tools.ietf.org/rfcdiff?url2=draft-ietf-secsh-transport-19.txt
> [2] http://tools.ietf.org/html/rfc4253
> [3] http://www.bouncycastle.org/
> 
> 
> Sincerely,
> --
> Atsuhiko Yamanaka
> JCraft,Inc.
> 1-14-20 HONCHO AOBA-KU,
> SENDAI, MIYAGI 980-0014 Japan.
> Tel +81-22-723-2150
>    +1-415-578-3454
> Skype callto://jcraft/
> Twitter: http://twitter.com/ymnk

'Life isn't about how to survive the storm, But how to dance in the rain.'