Re: [JSch-users] Key Exchange Cipher diffie-hellman-group14-sha1
Status: Alpha
Brought to you by:
ymnk
From: Jeff R. <je...@ci...> - 2011-01-04 22:06:45
|
Thanks for the pointers. Now when I run my program, I get the following info message .. diffie-hellman-group14-sha1 is not available. Code Snippet... JSch jsch=new JSch(); Hashtable<String,String> cipherList = new Hashtable<String,String>( ); cipherList.put("kex", "diffie-hellman-group14-sha1"); cipherList.put("diffie-hellman-group14-sha1", "com.jcraft.jsch.DHG14"); ... JSch.setConfig( cipherList ); ... Run Program... INFO: Remote version string: SSH-2.0-OpenSSH_4.3 INFO: Local version string: SSH-2.0-JSCH-0.1.45 INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256 INFO: CheckKexes: diffie-hellman-group14-sha1 INFO: diffie-hellman-group14-sha1 is not available. INFO: Disconnecting from 192.168.1.6 port 22 com.jcraft.jsch.JSchException: There are not any available kexes. at com.jcraft.jsch.Session.send_kexinit(Session.java:576) at com.jcraft.jsch.Session.connect(Session.java:278) at com.jcraft.jsch.Session.connect(Session.java:154) at SshLogger.main(SshLogger.java:83) com.jcraft.jsch.JSchException: There are not any available kexes. So why is it saying that kex is not available? Is this expected? I have not included the boucycastle library yet. How do I then override the SunJCE provider to use the bouncycastle JCE provider? Thanks for any guidance. -Jeff On Dec 29, 2010, at 9:01 AM, Atsuhiko Yamanaka wrote: > Hi, > > +-From: Jeff Russell <je...@ci...> -- > |_Date: Sat, 25 Dec 2010 22:54:27 -0500 ___ > | > |Is there any way to get jsch to work with the key exchange cipher of > |diffie-hellman-group14-sha1? Right now it only seems to support > |diffie-hellman-group-exchange-sha1, and diffie-hellman-group1-sha1. > > It seems that it has been defined since draft-ietf-secsh-transport-19[1] > and RFC4253[2] has clearly stated it is required to be supported. > Frankly to say, I had not recognized it. That is my fault. > > I have tried to implemented it, and here is a working version, > http://www.jcraft.com/jsch/jsch-0.1.45-rc1.zip > > Unfortunately, group14 requires Diffie-Hellman 2048 length key, > and SunJCE provider included in Sun's(or Oracle's) JDK does not support such a long key. > I have confirmed that jsch-0.1.45-rc1 with BouncyCastle[3]'s JCE provider will > support diffie-hellman-group14-sha1. > > FYI, jsch-0.1.45 will automagically check the availability of > 'diffie-hellman-group14-sha1' on the running environment, > and if it is not available, it will be ignored. > > [1] http://tools.ietf.org/rfcdiff?url2=draft-ietf-secsh-transport-19.txt > [2] http://tools.ietf.org/html/rfc4253 > [3] http://www.bouncycastle.org/ > > > Sincerely, > -- > Atsuhiko Yamanaka > JCraft,Inc. > 1-14-20 HONCHO AOBA-KU, > SENDAI, MIYAGI 980-0014 Japan. > Tel +81-22-723-2150 > +1-415-578-3454 > Skype callto://jcraft/ > Twitter: http://twitter.com/ymnk 'Life isn't about how to survive the storm, But how to dance in the rain.' |