Cannot connect to SFP sever using key file with JSch and Java 8

Question

I am trying to connect to a SFTP server using a 2048 bit RSA key file. It works fine running against version 7r45 of the JRE using JSch but i get the follow exception when running against version 8r31 of the JRE.

com.jcraft.jsch.JSchException: Session.connect: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 2048 (inclusive).

It's not an issue with limited Java security policy as I have tried it with and without the unlimited strength jars for both versions of java.

I have seen other references to this exception suggesting replacing the default java JCE provider with the BouncyCastle one, but why would there be a difference between java 7 and java 8? I did try this by running Security.addProvider(new BouncyCastleProvider()); at program start up but it doesn't seem to make any difference.

Answer 1

The problem in our case seems to be fixed/worked around by removing diffie-hellman-group-exchange-sha1 before calling session.connect()

String kex = session.getConfig("kex");
System.out.println("old kex:" + kex);
kex = kex.replace(",diffie-hellman-group-exchange-sha1", "");
session.setConfig("kex", kex);
System.out.println("new kex:" + session.getConfig("kex"));
session.connect();

[We control the client, but not the server that we were failing to connect to.]

Answer 2

We have resolved such issue by enabling diffie-hellman-group14 algorithm on SFTP server