I am trying to connect to a SFTP server using a 2048 bit RSA key file. It works fine running against version 7r45 of the JRE using JSch but i get the follow exception when running against version 8r31 of the JRE.
com.jcraft.jsch.JSchException: Session.connect: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 2048 (inclusive).
It's not an issue with limited Java security policy as I have tried it with and without the unlimited strength jars for both versions of java.
I have seen other references to this exception suggesting replacing the default java JCE provider with the BouncyCastle one, but why would there be a difference between java 7 and java 8? I did try this by running
Security.addProvider(new BouncyCastleProvider()); at program start up but it doesn't seem to make any difference.
The problem in our case seems to be fixed/worked around by removing diffie-hellman-group-exchange-sha1 before calling session.connect()
String kex = session.getConfig("kex");
System.out.println("old kex:" + kex);
kex = kex.replace(",diffie-hellman-group-exchange-sha1", "");
session.setConfig("kex", kex);
System.out.println("new kex:" + session.getConfig("kex"));
session.connect();
[We control the client, but not the server that we were failing to connect to.]
We have resolved such issue by enabling diffie-hellman-group14 algorithm on SFTP server
来源:https://stackoverflow.com/questions/31041431/cannot-connect-to-sfp-sever-using-key-file-with-jsch-and-java-8