Reputation: 63
Not able to connect to sftp : com.jcraft.jsch.JSchException: Algorithm negotiation fail
Out FTP server went through migration for some better security (don't know much details about it).
But after upgrade, we are not able to download/upload files from the server. It was working fine before the upgrade. The error log says:
ns0:ClientCould not connect to FTP Server.http://schemas.cordys.com/ftpconnector/1.1Cordys.FTPConnector.Messages.ftpserverConnectionFailedcom.eibus.applicationconnector.ftp.FTPException: Algorithm negotiation fail
at com.eibus.applicationconnector.ftp.CordysSFTPClient.connect(CordysSFTPClient.java:78) at com.eibus.applicationconnector.ftp.FTPCommand.connect(FTPCommand.java:86) at com.eibus.applicationconnector.ftp.FTPTransaction.process(FTPTransaction.java:109) at com.eibus.soap.SOAPTransaction.handleBodyBlock(SOAPTransaction.java:1340) at com.eibus.soap.SOAPTransaction.(SOAPTransaction.java:546) at com.eibus.soap.SOAPTransaction.(SOAPTransaction.java:195) at com.eibus.soap.Processor.onReceive(Processor.java:1024) at com.eibus.soap.Processor.onReceive(Processor.java:997) at com.eibus.connector.nom.Connector.onReceive(Connector.java:483) at com.eibus.transport.NonTransactionalWorkerThreadBody.doWork(NonTransactionalWorkerThreadBody.java:61) at com.eibus.transport.NonTransactionalWorkerThreadBody.run(NonTransactionalWorkerThreadBody.java:26) at com.eibus.util.threadpool.WorkerThread.run(WorkerThread.java:67) Caused by: com.jcraft.jsch.JSchException: Algorithm negotiation fail at com.jcraft.jsch.Session.receive_kexinit(Session.java:520) at com.jcraft.jsch.Session.connect(Session.java:286) at com.jcraft.jsch.Session.connect(Session.java:150) at com.eibus.applicationconnector.ftp.CordysSFTPClient.connectOnce(CordysSFTPClient.java:124) at com.eibus.applicationconnector.ftp.CordysSFTPClient.connect(CordysSFTPClient.java:64) ... 11 more
jsch jar version used is: jsch-0.1.41.jar java version used is: 1.7.0_40
Note that
- We don't own the FTP server and can't change any settings there.
- Upgrading the Java version is not an option
Trial 1 After spending some time on google, I understood that upgrading the jsch jar version might help. So I used the latest jsch jar which is: jsch-0.1.54.jar. After this I started getting following error:
com.eibus.applicationconnector.ftp.FTPException: Session.connect: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive) at com.eibus.applicationconnector.ftp.CordysSFTPClient.connect(CordysSFTPClient.java:78) at com.eibus.applicationconnector.ftp.FTPCommand.connect(FTPCommand.java:86) at com.eibus.applicationconnector.ftp.FTPTransaction.process(FTPTransaction.java:109) at com.eibus.soap.SOAPTransaction.handleBodyBlock(SOAPTransaction.java:1340) at com.eibus.soap.SOAPTransaction.(SOAPTransaction.java:546) at com.eibus.soap.SOAPTransaction.(SOAPTransaction.java:195) at com.eibus.soap.Processor.onReceive(Processor.java:1024) at com.eibus.soap.Processor.onReceive(Processor.java:997) at com.eibus.connector.nom.Connector.onReceive(Connector.java:483) at com.eibus.transport.NonTransactionalWorkerThreadBody.doWork(NonTransactionalWorkerThreadBody.java:61) at com.eibus.transport.NonTransactionalWorkerThreadBody.run(NonTransactionalWorkerThreadBody.java:26) at com.eibus.util.threadpool.WorkerThread.run(WorkerThread.java:67) Caused by: com.jcraft.jsch.JSchException: Session.connect: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive) at com.jcraft.jsch.Session.connect(Session.java:565) at com.jcraft.jsch.Session.connect(Session.java:183) at com.eibus.applicationconnector.ftp.CordysSFTPClient.connectOnce(CordysSFTPClient.java:124) at com.eibus.applicationconnector.ftp.CordysSFTPClient.connect(CordysSFTPClient.java:64) ... 11 more
Trial 2 : Installed unlimited strength jurisdiction policy files (www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html), this was also of no use. Got the same error
Any pointers would be helpful.
Here is the piece of code I am using to connect to ftp:
private void connectOnce(FTPConfiguration ftpConfiguration) throws JSchException {
JSch jsch = new JSch();
this.session = jsch.getSession(ftpConfiguration.getUsername(), ftpConfiguration.getServer(), ftpConfiguration.getPort());
this.session.setPassword(ftpConfiguration.getPassword());
Properties config = new Properties();
config.put("StrictHostKeyChecking", "no");
this.session.setConfig(config);
if (logger.isDebugEnabled()) {
logger.debug("Opening SFTP connection to " + ftpConfiguration.getServer());
}
this.session.connect();
}
Upvotes: 2
Views: 4393
Answers (1)
Reputation: 63
I think I've found a solution.
Solution involves modifying the jsch source code. (latest version 1.0.54). I’ve done some research and finally able to force jsch to use “Bouncy Castle” security provider. This involved changing the source code for following classes in the jsch library:
- com.jcraft.jsch.jce.KeyPairGenDSA
- com.jcraft.jsch.jce.KeyPairGenECDSA
- com.jcraft.jsch.jce.KeyPairGenRSA
- com.jcraft.jsch.jce.DH
I've added following argument whenever it was trying to geInstance of the keyGenerator.
KeyPairGenerator.getInstance("DSA","BC");
got some idea from this post (I've put security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider but it isn't being used during SSL handshake)
Upvotes: 2
Related Questions
- JSch Algorithm negotiation fail
- JSchException: Algorithm negotiation fail
- SFTP connection error with JSch: SSH_MSG_DISCONNECT: 11 Internal server error
- com.jcraft.jsch.JSchException: timeout: socket is not established
- com.jcraft.jsch.JSchException: connection is closed by foreign host when i use jsch to connect my ftp server
- SFTP via JSch is throwing error 4: Failure
- Error to connect to FileZilla server using JSch SFTP client
- SFTP Connection error
- com.jcraft.jsch.JSchException: failed to send sftp request
- Security Exception while connecting using sftp through JSCH