#26 JSCH 0.1.53: InvalidAlgorithmParameterException when connecting to a ssh server

[eilviag]

We are getting a InvalidAlgorithmParameterException when running the SFTP client on a RHEL machine using jdk > 1.7.0_75, connecting to a Solaris machine. Please see the log below.
We are using Jsch 0.1.53. we think it is maybe something related to the 2048-bit key size. The problem does not occur with Jsch 0.1.52 as there the SSL handshake uses 1024-bit keysize.

Has anyone experienced this as well? Any help is appreciated.

Thanks
vikram

---

[root@r610x2136-3 eamisem]# java -cp .:./jsch-0.1.53.jar -Ddeployment.trace=true -Ddeployment.trace.level=all SFTPClientTest
hi
Connecting to 10.xx.xx.xx port 22
Connection established
Remote version string: SSH-2.0-Sun_SSH_1.1.3
Local version string: SSH-2.0-JSCH-0.1.53
CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
aes256-ctr is not available.
aes192-ctr is not available.
aes256-cbc is not available.
aes192-cbc is not available.
CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
getE:: P->32317006071311007300338913926423828248817941241140239112842009751400741706634354222619689417363569347117901737909704191754605873209195028853758986185622153212175412514901774520270235796078236248884246189477587641105928646099411723245426622522193230540919037680524235519125679715870117001058055877651038861847280257976054903569732561526167081339361799541336476559160368317896729073178384589680639671900977202194168647225871031411336429319536193471636533209717077448227988588565369208645296636077250268955505928362751121174096972998068410554359584866583291642136218231078990999448652468262416972035911852507045361090559g->2
getE:: dhSkipParamSpec->javax.crypto.spec.DHParameterSpec@1ee94df
CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
SSH_MSG_KEXINIT sent
SSH_MSG_KEXINIT received
kex: server: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
kex: server: ssh-rsa,ssh-dss
kex: server: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
kex: server: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
kex: server: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
kex: server: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
kex: server: none,zlib
kex: server: none,zlib
kex: server: en-CA,es-MX,en-US,es,fr,fr-CA,i-default
kex: server: en-CA,es-MX,en-US,es,fr,fr-CA,i-default
kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
kex: client: none
kex: client: none
kex: client:
kex: client:
kex: server->client aes128-ctr hmac-md5 none
kex: client->server aes128-ctr hmac-md5 none
getE:: P->27898665397498955521320264641390856965852135507840320199612524763605268694100796435142896531041265138575026052202107274641407900672884740476619069052363556912732124602240313032331225401703566857820034133136245830426449532500074086374086792378137631539056811458203216462805290125119435717586988594556205528126340108121549623730356950889963944759231308217996551464199980666844362455424100505575027925871027901548568501647578400296989201580697905253411004580174048742582792095004262759176795779225202431589058429337207540014238927329320362105646996335047131449824750280979467744635216342858181346682718139250172542058611
g->2
getE:: dhSkipParamSpec->javax.crypto.spec.DHParameterSpec@26c69727
SSH_MSG_KEX_DH_GEX_REQUEST(1024<2048<2048) sent
expecting SSH_MSG_KEX_DH_GEX_GROUP
getE:: P->16008858066536353766989978245047577646184757602568692088692920771495102529578523129526557528463905266151198391546494528308045902132007827571323247368078493682491441725572131991174344615705373361735259594690263492581292775574139950631173791610592688944379136379241869923309968175135458370817871615148100829642799651507969032558158112403406423805139553793642922269041983677628911257431343619124382508390233521931381253258571149083392902552456537178582082012854396363711624407810107922256958911028153228013079405630200401627954550436739085028773669749105621027957663934921266111901292898587842307496382264549997702606867g->2
getE:: dhSkipParamSpec->javax.crypto.spec.DHParameterSpec@37ed9554
true
java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive), or 2048
at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenerator.java:120)
at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:675)
at java.security.KeyPairGenerator.initialize(KeyPairGenerator.java:412)
at com.jcraft.jsch.jce.DH.getE(DH.java:58)
at com.jcraft.jsch.DHGEX.next(DHGEX.java:135)
at com.jcraft.jsch.Session.connect(Session.java:326)
at com.jcraft.jsch.Session.connect(Session.java:183)
at SFTPClientTest.main(SFTPClientTest.java:44)
Disconnecting from 10.xx.xx.xx port 22
com.jcraft.jsch.JSchException: Session.connect: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive), or 2048
at com.jcraft.jsch.Session.connect(Session.java:560)
at com.jcraft.jsch.Session.connect(Session.java:183)
at SFTPClientTest.main(SFTPClientTest.java:44)

[eilviag]

hello ? no one have faced this issue before ?
any suggestions?