问题描述

我们正在使用JCraft / Jsch进行sftp文件传输。

We are using JCraft / Jsch for sftp file transfer.http://www.jcraft.com/jsch

使用Java6和Java 7已经有好几年了。
然后我们升级到Java 8并且它在我们的测试环境中运行良好，但它在我们的QA环境中失败了。然后它对远程SFTP服务器失败了。
此SFTP服务器使用'SSH-2.0-4.2.0.21 SSH安全外壳Windows NT服务器'
我们无法控制此服务器。

This has worked excellent for several years with Java6 and Java 7.But then we upgraded to Java 8 and it worked fine in our test environment, but it failed in our QA environment. Then it failed against a remote SFTP server.This SFTP server uses 'SSH-2.0-4.2.0.21 SSH Secure Shell Windows NT Server'We have no control over this server.

我google了一下，发现有些人认为问题的根源是我们没有安装Java Cryptography Extension（JCE）Unlimited Strength。
我知道这是必需的，它安装在Java6 / 7上。
在Java 8上安装它，结果是一样的。

I googled a little and found out that some suggests that the source of the problem is that we have not installed "Java Cryptography Extension (JCE) Unlimited Strength".I know that this is needed and it is installed on Java6/7.Installed it on Java 8, the result is the same.

我已经在Windows 8和Linux上测试了Java 8 update 5和update 11。

I have tested with Java 8 update 5 and update 11 on both windows and linux.

我们使用Jcraft版本0.1.51（最新）
当我切换到Java7运行时，一切正常。

We use Jcraft version 0.1.51 (latest)When I switch to Java7 runtime everything works.

我得到的错误就是这个：

The error I get is this one:

com.jcraft.jsch.JSchException: Session.connect: java.security.InvalidKeyException: Key is too long for this algorithm
at com.jcraft.jsch.Session.connect(Session.java:558)
at com.jcraft.jsch.Session.connect(Session.java:183)
at sb1.fip.backend.ssh2.sftp.SFTPClientImpl.connect(SFTPClientImpl.java:241)

我怀疑JCraft有问题。

I suspect there is something wrong with JCraft.

我执行了这个程序：

它确认了我已经安装了Java Cryptography Extension。

I have executed this program:http://sourceforge.net/p/jsch/mailman/message/32660306/And it confirms that I have installed Java Cryptography Extension.

这是失败的代码：

private void connect() {
        try {
            JSch.setLogger(new JschLogger());
            JSch jsch = new JSch();
            session = jsch.getSession(sftpConfig.getUsername(), sftpConfig.getHost(), sftpConfig.getPort());
            session.setUserInfo(new SFTPUserInfo(sftpConfig.getPassword()));
            session.setTimeout(150000);
            session.connect();
            channel = (ChannelSftp) session.openChannel("sftp");
            channel.connect();
        } catch (Exception e) {
            throw new SystemException(Ssh2ErrorCode.SFTP_CONNECT_ERROR, sftpConfig.getLoggableConfigInfo(), e);
        }
    }

多一点日志：

2014-08-20 14:01:52,801 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: Connecting to sftp.il.stralfors.com port 22
2014-08-20 14:01:52,824 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: Connection established
2014-08-20 14:01:53,181 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: Remote version string: SSH-2.0-4.2.0.21 SSH Secure Shell Windows NT Server
2014-08-20 14:01:53,181 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: Local version string: SSH-2.0-JSCH-0.1.51
2014-08-20 14:01:53,181 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
2014-08-20 14:01:53,313 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: CheckKexes: diffie-hellman-group14-sha1
2014-08-20 14:01:53,345 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: SSH_MSG_KEXINIT sent
2014-08-20 14:01:53,345 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: SSH_MSG_KEXINIT received
2014-08-20 14:01:53,345 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: server: diffie-hellman-group1-sha1
2014-08-20 14:01:53,346 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: server: ssh-dss
2014-08-20 14:01:53,346 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: server: aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour
2014-08-20 14:01:53,346 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: server: aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour
2014-08-20 14:01:53,346 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: server: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
2014-08-20 14:01:53,347 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: server: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
2014-08-20 14:01:53,347 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: server: none,zlib
2014-08-20 14:01:53,347 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: server: none,zlib
2014-08-20 14:01:53,347 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: server:
2014-08-20 14:01:53,348 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: server:
2014-08-20 14:01:53,348 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: client: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
2014-08-20 14:01:53,348 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: client: ssh-rsa,ssh-dss
2014-08-20 14:01:53,348 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
2014-08-20 14:01:53,348 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
2014-08-20 14:01:53,349 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
2014-08-20 14:01:53,349 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
2014-08-20 14:01:53,349 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: client: none
2014-08-20 14:01:53,349 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: client: none
2014-08-20 14:01:53,349 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: client:
2014-08-20 14:01:53,350 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: client:
2014-08-20 14:01:53,353 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: server->client aes128-cbc hmac-md5 none
2014-08-20 14:01:53,354 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: kex: client->server aes128-cbc hmac-md5 none
2014-08-20 14:01:53,360 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: SSH_MSG_KEXDH_INIT sent
2014-08-20 14:01:53,360 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: expecting SSH_MSG_KEXDH_REPLY
2014-08-20 14:01:53,419 [INFO ] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [JschLogger     ]: Disconnecting from sftp.il.stralfors.com port 22
2014-08-20 14:01:53,450 [ERROR] [HTY50006] [main ] [9.13.0] [666349519712388] [JUNIT-TEST] [] [StraalforsBackendNoStubTest]: SSH error!
sb1.fip.infra.core.error.SystemException: ErrorCode:FIP-3802 ErrorId:AHWK-9LKI ErrorMsg:Feil i ssh2-backend. Connect failed. SFTPConfig[STRAALFORS, [email protected]:22, remoteDownloadDir:/tmp, remoteUploadDir:/tmp, localDownloadDir:C:\Users\a11632u\AppData\Local\Temp\/, localUploadDir:C:\Users\a11632u\AppData\Local\Temp\/, uploadPattern:.*, downloadPattern:.*] RootCause:com.jcraft.jsch.JSchException:Session.connect: java.security.InvalidKeyException: Key is too long for this algorithm
    at sb1.fip.backend.ssh2.sftp.SFTPClientImpl.connect(SFTPClientImpl.java:243) ~[classes/:na]
    at sb1.fip.backend.ssh2.sftp.SFTPClientImpl.listDirs(SFTPClientImpl.java:100) ~[classes/:na]
    at sb1.fip.backend.straalfors.StraalforsBackend.listDirs(StraalforsBackend.java:42) ~[classes/:na]
    at sb1.fip.backend.straalfors.StraalforsBackendNoStubTest.testListDirs(StraalforsBackendNoStubTest.java:22) ~[test-classes/:na]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_11]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_11]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_11]
    at java.lang.reflect.Method.invoke(Method.java:483) ~[na:1.8.0_11]
    at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47) [junit-4.11.jar:na]
    at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) [junit-4.11.jar:na]
    at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44) [junit-4.11.jar:na]
    at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) [junit-4.11.jar:na]
    at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26) [junit-4.11.jar:na]
    at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:74) [spring-test-4.0.6.RELEASE.jar:4.0.6.RELEASE]
    at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27) [junit-4.11.jar:na]
    at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:83) [spring-test-4.0.6.RELEASE.jar:4.0.6.RELEASE]
    at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:72) [spring-test-4.0.6.RELEASE.jar:4.0.6.RELEASE]
    at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:233) [spring-test-4.0.6.RELEASE.jar:4.0.6.RELEASE]
    at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:87) [spring-test-4.0.6.RELEASE.jar:4.0.6.RELEASE]
    at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238) [junit-4.11.jar:na]
    at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63) [junit-4.11.jar:na]
    at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236) [junit-4.11.jar:na]
    at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53) [junit-4.11.jar:na]
    at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229) [junit-4.11.jar:na]
    at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61) [spring-test-4.0.6.RELEASE.jar:4.0.6.RELEASE]
    at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:71) [spring-test-4.0.6.RELEASE.jar:4.0.6.RELEASE]
    at org.junit.runners.ParentRunner.run(ParentRunner.java:309) [junit-4.11.jar:na]
    at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:176) [spring-test-4.0.6.RELEASE.jar:4.0.6.RELEASE]
    at org.junit.runner.JUnitCore.run(JUnitCore.java:160) [junit-4.11.jar:na]
    at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:74) [junit-rt.jar:na]
    at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:211) [junit-rt.jar:na]
    at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:67) [junit-rt.jar:na]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_11]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_11]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_11]
    at java.lang.reflect.Method.invoke(Method.java:483) ~[na:1.8.0_11]
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:134) [idea_rt.jar:na]
Caused by: com.jcraft.jsch.JSchException: Session.connect: java.security.InvalidKeyException: Key is too long for this algorithm
    at com.jcraft.jsch.Session.connect(Session.java:558) ~[jsch-0.1.51.jar:na]
    at com.jcraft.jsch.Session.connect(Session.java:183) ~[jsch-0.1.51.jar:na]
    at sb1.fip.backend.ssh2.sftp.SFTPClientImpl.connect(SFTPClientImpl.java:239) ~[classes/:na]
    ... 36 common frames omitted

推荐答案

有类似的问题。
一些带有SSH的遗留系统（开放式VMS），它实现了带有2048位密钥的SHA-1。
不确定它是否是一个jsch错误，或者是一个错误的ssh实现。
我还必须使用java 8，因为我使用javafx 8功能。
任何方式，为了解决这个问题，我得到了openjdk代码并滥用了代码：

had a similar problem.some legacy system (open VMS) with SSH that implemented SHA-1 with 2048 bit keys.not sure yet if it's a jsch bug, or a wrong ssh implementation.i also had to work with java 8 since i use javafx 8 features.any way, in order to work around this i got the openjdk code and abused the code like so:

sun.security.provider.DSA.java ...
@Override
    protected void checkKey(DSAParams params) throws InvalidKeyException {
        int valueL = params.getP().bitLength();
     // comment out this check since it only
     // enforces the protocol and doesn't break the functionality
     // if (valueL > 1024) {
     //    throw new InvalidKeyException("Key is too long for this algorithm");
     // }
    }

编译它并使用-Xbootclasspath / p选项激活它。
我知道这是不好的做法，但修复服务器不是一个选择，修复jsch可能是一项大任务。
欢迎你为此谴责我。

compiled it and used -Xbootclasspath/p option to activate it.i know this is bad practice, but fixing the server is not an option, and fixing jsch might be a big task.you're welcome to condemn me for this.

这篇关于Java8 + Jcraft =这个算法的密钥太长了的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！