karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zoran Regvart <zregv...@redhat.com>
Subject Re: ssh:ssh fails on karaf 4.0.7
Date Thu, 03 Nov 2016 19:53:36 GMT
Hi Luis,
SUN JCE provider shipped with JDK places restrictions on Diffie
Hellman modulus bit size to range from 512 to 2048 bits in increments
of 64 bits[1]. Support for bigger keys is due in Java 9[2].

Your SSH server probably has Diffie Hellman modulus size > 2048,
possibly to circumvent LOGJAM vulnerability[3], or is using key size
that is not modulo 64.

You can:
- either change the Diffie Hellman key exchange settings of your SSH server, or
- upgrade to a newer version of karaf (4.1.x) [4] that includes newer
version of Apache SSHD[5], or
- install Bouncy Castle with priority over SUN JCE[6] (not recommended, really)

zoran

[1] https://github.com/openjdk-mirror/jdk/blob/jdk8u/jdk8u/master/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java#L83-L88
[2] https://bugs.openjdk.java.net/browse/JDK-8072452
[3] https://weakdh.org/
[4] https://issues.apache.org/jira/browse/KARAF-4461
[5] https://issues.apache.org/jira/browse/SSHD-589
[6] http://www.bouncycastle.org/wiki/display/JA1/Provider+Installation#ProviderInstallation-InstallingtheProviderStatically

On Thu, Nov 3, 2016 at 4:23 PM, conejo <lozanofamili@gmail.com> wrote:
> I tried the next command:
> ssh:ssh -p 22 user@server
>
>
> using karaf console and I have the next message in the log:
> (I can connect to the same server using putty)
>
> java.security.InvalidAlgorithmParameterException: Prime size must be
> multiple of 64, and can only range from 512 to 2048 (inclusive)

-- 
Zoran Regvart
zregvart@redhat.com

Mime
View raw message