java.security.InvalidAlgorithmParameterException 即将进入 SFTP
java.security.InvalidAlgorithmParameterException Coming in SFTP
您好,我正在尝试一个简单的 sftp,但我在建立时遇到错误。连接,我正在使用 maverick-legacy-client-all jar
https://www.sshtools.com/en/products/java-ssh-client 此代码在 1.6.9 版中运行良好,但在我将其更新到 1.6.17 时失败了。
我也尝试过 jar changes doc here,关于我的异常 DiffieHellmanGroupExchange Algo 相关更改的注释很少,但我未能清楚地理解它们。
public void connect() throws SshException, IOException,
SftpStatusException, ChannelOpenException {
SshConnector con = SshConnector.createInstance();
con.setKnownHosts(new SftpHostKeyVerification());
// Tries SSH2 first and fallback to SSH1 if its not available
con.setSupportedVersions(SshConnector.SSH1 | SshConnector.SSH2);
/*Error coming here, in con.connect*/
this.ssh = con
.connect(new SocketTransport(this.host, DEFAULT_SSH_PORT),
this.userName);
PasswordAuthentication pwd = new PasswordAuthentication();
pwd.setPassword(this.passwod);
int isLoggedIn = this.ssh.authenticate(pwd);
if (SshAuthentication.COMPLETE == isLoggedIn) {
this.client = new SftpClient(this.ssh);
} else {
throw new IOException("[Authentication failure] login status: "
+ isLoggedIn);
}
}
异常日志:
com.maverick.ssh.SshException: com.maverick.ssh.SshException
at com.maverick.ssh.components.jce.client.DiffieHellmanGroupExchangeSha1.performClientExchange(DiffieHellmanGroupExchangeSha1.java:315)
at com.maverick.ssh2.TransportProtocol.performKeyExchange(TransportProtocol.java:1424)
at com.maverick.ssh2.TransportProtocol.processMessage(TransportProtocol.java:1835)
at com.maverick.ssh2.TransportProtocol.startTransportProtocol(TransportProtocol.java:348)
at com.maverick.ssh2.Ssh2Client.connect(Ssh2Client.java:146)
at com.maverick.ssh.SshConnector.connect(SshConnector.java:649)
at com.maverick.ssh.SshConnector.connect(SshConnector.java:471)
at com.tekelec.ems.util.SftpImpl.connect(SftpImpl.java:73)
at com.tekelec.ems.eagle.measurement.WriterThread.run(WriterThread.java:93)
Caused by: com.maverick.ssh.SshException: Failed to generate DH value: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive) [java.security.InvalidAlgorithmParameterException]
at com.maverick.ssh.components.jce.client.DiffieHellmanGroupExchangeSha1.performClientExchange(DiffieHellmanGroupExchangeSha1.java:250)
... 8 more
Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)
at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenerator.java:120)
at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:658)
at java.security.KeyPairGenerator.initialize(KeyPairGenerator.java:400)
at com.maverick.ssh.components.jce.client.DiffieHellmanGroupExchangeSha1.performClientExchange(DiffieHellmanGroupExchangeSha1.java:240)
... 8 more
这是因为这些版本之间的默认密钥交换算法已更改为更安全的算法,并且您没有包含 Maverick Legacy Client 分发的 lib 文件夹中提供的所有第 3 方依赖项。此文件夹包含 BouncyCastle JCE 提供程序,如果将其添加到 class 路径将解决此问题。
您面临的问题是,如果没有 BouncyCastle JCE 提供程序或支持大 Diffie Hellman 素数的合适 JCE 提供程序,您将无法为更新的、更安全的密钥交换方法生成大素数。
我相信这对许多程序员来说是一个非常严重的情况,
我还要在这里感谢 Lee David 的建议。我能够通过 在特立独行的 lib 文件夹 .
添加 Bouncy Castle JCE 第 3 方 jar 来处理这种情况
在此之前,我尝试按照其他 post 中的建议编辑我的 java.security 文件,但这是非常简单的方法,这些 Bouncy Castle 罐子也捆绑在 Maverick 官方版本中,所以不用担心关于那部分。
您好,我正在尝试一个简单的 sftp,但我在建立时遇到错误。连接,我正在使用 maverick-legacy-client-all jar https://www.sshtools.com/en/products/java-ssh-client 此代码在 1.6.9 版中运行良好,但在我将其更新到 1.6.17 时失败了。
我也尝试过 jar changes doc here,关于我的异常 DiffieHellmanGroupExchange Algo 相关更改的注释很少,但我未能清楚地理解它们。
public void connect() throws SshException, IOException,
SftpStatusException, ChannelOpenException {
SshConnector con = SshConnector.createInstance();
con.setKnownHosts(new SftpHostKeyVerification());
// Tries SSH2 first and fallback to SSH1 if its not available
con.setSupportedVersions(SshConnector.SSH1 | SshConnector.SSH2);
/*Error coming here, in con.connect*/
this.ssh = con
.connect(new SocketTransport(this.host, DEFAULT_SSH_PORT),
this.userName);
PasswordAuthentication pwd = new PasswordAuthentication();
pwd.setPassword(this.passwod);
int isLoggedIn = this.ssh.authenticate(pwd);
if (SshAuthentication.COMPLETE == isLoggedIn) {
this.client = new SftpClient(this.ssh);
} else {
throw new IOException("[Authentication failure] login status: "
+ isLoggedIn);
}
}
异常日志:
com.maverick.ssh.SshException: com.maverick.ssh.SshException
at com.maverick.ssh.components.jce.client.DiffieHellmanGroupExchangeSha1.performClientExchange(DiffieHellmanGroupExchangeSha1.java:315)
at com.maverick.ssh2.TransportProtocol.performKeyExchange(TransportProtocol.java:1424)
at com.maverick.ssh2.TransportProtocol.processMessage(TransportProtocol.java:1835)
at com.maverick.ssh2.TransportProtocol.startTransportProtocol(TransportProtocol.java:348)
at com.maverick.ssh2.Ssh2Client.connect(Ssh2Client.java:146)
at com.maverick.ssh.SshConnector.connect(SshConnector.java:649)
at com.maverick.ssh.SshConnector.connect(SshConnector.java:471)
at com.tekelec.ems.util.SftpImpl.connect(SftpImpl.java:73)
at com.tekelec.ems.eagle.measurement.WriterThread.run(WriterThread.java:93)
Caused by: com.maverick.ssh.SshException: Failed to generate DH value: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive) [java.security.InvalidAlgorithmParameterException]
at com.maverick.ssh.components.jce.client.DiffieHellmanGroupExchangeSha1.performClientExchange(DiffieHellmanGroupExchangeSha1.java:250)
... 8 more
Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)
at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenerator.java:120)
at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:658)
at java.security.KeyPairGenerator.initialize(KeyPairGenerator.java:400)
at com.maverick.ssh.components.jce.client.DiffieHellmanGroupExchangeSha1.performClientExchange(DiffieHellmanGroupExchangeSha1.java:240)
... 8 more
这是因为这些版本之间的默认密钥交换算法已更改为更安全的算法,并且您没有包含 Maverick Legacy Client 分发的 lib 文件夹中提供的所有第 3 方依赖项。此文件夹包含 BouncyCastle JCE 提供程序,如果将其添加到 class 路径将解决此问题。
您面临的问题是,如果没有 BouncyCastle JCE 提供程序或支持大 Diffie Hellman 素数的合适 JCE 提供程序,您将无法为更新的、更安全的密钥交换方法生成大素数。
我相信这对许多程序员来说是一个非常严重的情况, 我还要在这里感谢 Lee David 的建议。我能够通过 在特立独行的 lib 文件夹 .
添加 Bouncy Castle JCE 第 3 方 jar 来处理这种情况在此之前,我尝试按照其他 post 中的建议编辑我的 java.security 文件,但这是非常简单的方法,这些 Bouncy Castle 罐子也捆绑在 Maverick 官方版本中,所以不用担心关于那部分。