This question is almost a copy of this. But since it went unresolved I want to ask if some other figured out the a work around with JSCH java library ??
The problem again is that I can connect to most of the SSH server using JSCH library but there seems to be this one server I've encountered that I cannot connect to using JSCH. While establishing a connection it throws out a exception stating :
INFO: Connecting to xxxx.xxxxx.com port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-2.0
INFO: Local version string: SSH-2.0-JSCH-0.1.53
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
INFO: kex: server: ssh-dss
INFO: kex: server: aes128-cbc,rijndael128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,rijndael192-cbc,aes256-cbc,rijndael256-cbc,[email protected],cast128-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
INFO: kex: server: aes128-cbc,rijndael128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,rijndael192-cbc,aes256-cbc,rijndael256-cbc,[email protected],cast128-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
INFO: kex: server: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96
INFO: kex: server: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96
INFO: kex: server: zlib,none
INFO: kex: server: zlib,none
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: kex: server->client aes128-ctr hmac-md5 none
INFO: kex: client->server aes128-ctr hmac-md5 none
INFO: SSH_MSG_KEXDH_INIT sent
INFO: expecting SSH_MSG_KEXDH_REPLY
INFO: Disconnecting from xxxxx.xxxxx.com port 22
com.jcraft.jsch.JSchException: Session.connect: java.security.InvalidKeyException: Key is too long for this algorithm
at com.jcraft.jsch.Session.connect(Session.java:558)
at com.jcraft.jsch.Session.connect(Session.java:183)
at com.test.filetransfer.SftpDownload.main(SftpDownload.java:29)
Exception occurred : Session.connect: java.security.InvalidKeyException: Key is too long for this algorithm
I already have installed the unlimited encryption policy but
it seems to be the problem with default Java JCE provider which supports DH and DSA generation to 1024 bits. This stack supports my claim :
com.jcraft.jsch.JSchException: Session.connect failed
at com.jcraft.jsch.Session.connect(Session.java:560)
at com.jcraft.jsch.Session.connect(Session.java:184)
at com.test.filetransfer.SftpDownload.main(SftpDownload.java:28)
Caused by: java.security.InvalidKeyException: Key is too long for this algorithm
at sun.security.provider.DSA$LegacyDSA.checkKey(DSA.java:487)
at sun.security.provider.DSA.engineInitVerify(DSA.java:152)
at java.security.Signature$Delegate.init(Signature.java:1124)
at java.security.Signature$Delegate.chooseProvider(Signature.java:1087)
at java.security.Signature$Delegate.engineInitVerify(Signature.java:1142)
at java.security.Signature.initVerify(Signature.java:452)
at com.jcraft.jsch.jce.SignatureDSA.setPubKey(SignatureDSA.java:52)
at com.jcraft.jsch.KeyExchange.verify(KeyExchange.java:269)
at com.jcraft.jsch.DHG1.next(DHG1.java:187)
at com.jcraft.jsch.Session.connect(Session.java:327)
I really don't want to ditch JSCH library due to it's rich feature,popularity and documentation and the server is out of our jurisdiction.
So is there a workaround anyone has figured out using JSCH library ???
If you are using Java 8, then this might be caused by a bug in Java JCE that has recently been fixed. Upgrading to Java SE 8u45 (or higher) solves the issue.
I verified that with 1.8.0_45, jsch-0.1.53 is actually able to successfully negotiate an SSH session with a server that uses a 1536-bit DSA key.