https://karaf.apache.org/manual/latest/security
Regards, Ryan Goulding On Tue, Nov 22, 2016 at 10:13 AM, Vikram Darsi <vda...@advaoptical.com> wrote: > Thanks for the quick reply Ryan > > > > Can you please share the link, it is missed in the mail > > > > Thanks > > Vikram > > > > *From:* Ryan Goulding [mailto:ryandgould...@gmail.com] > *Sent:* 22 November 2016 20:30 > *To:* Vikram Darsi <vda...@advaoptical.com> > *Cc:* controller-dev@lists.opendaylight.org; netconf-dev@lists. > opendaylight.org > *Subject:* Re: [controller-dev] InvalidAlgorithmParameterException during > SSH key exchange > > > > Hi Vikram, > > > > I have run into this too before. You need to make sure you are using > bouncy castle JCE, which is described here [0]. Basically, even though the > default JCE + Unlimited Strength Policy + JDK8 "allows" for 2K DHE keys, > they do not work in Ubuntu.. no idea why. They do work in CentOS. I tried > copying over some of the settings to the Ubuntu from the CentOS config, but > still never got it to cough up a 2K key. However, after enabling bouncy > castle all is well again :). > > > > Hope this helps. > > > Regards, > > Ryan Goulding > > > > On Tue, Nov 22, 2016 at 9:25 AM, Vikram Darsi <vda...@advaoptical.com> > wrote: > > Hi Team > > > > We are using ODL Boron and facing below exception while SSH Key exchange > is happening between Netconf Client (SSH Client) and Netconf based device > (SSH Server) > > > > 1. SSH Server is a NETCONF based device (SSH-2.0-OpenSSH_6.4) > > 2. SSH Client is based on Apache Mina SSHD 0.14.0 & Mina Core > 2.0.9 running on JAVA (1.8.0_45) (SSH handshake failed with below > exception) > > 3. In beryllium, SSH Client is based on Apache Mina SSHD 0.12.0 & > Mina Core 2.0.7running on JAVA (1.8.0_45) (SSH handshake is successful) > > > > > > java.security.InvalidAlgorithmParameterException: Prime size must be > multiple of 64, and can only range from 512 to 2048 (inclusive) > > at com.sun.crypto.provider.DHKeyPairGenerator.initialize( > DHKeyPairGenerator.java:120)[sunjce_provider.jar:1.8.0_51] > > at java.security.KeyPairGenerator$Delegate. > initialize(KeyPairGenerator.java:674)[:1.8.0_45] > > at java.security.KeyPairGenerator.initialize( > KeyPairGenerator.java:411)[:1.8.0_45] > > at org.apache.sshd.common.kex.DH.getE(DH.java:65)[31:org. > apache.sshd.core:0.14.0] > > at org.apache.sshd.client.kex. > DHGEX.next(DHGEX.java:118)[31:org.apache.sshd.core:0.14.0] > > at org.apache.sshd.common.session.AbstractSession. > doHandleMessage(AbstractSession.java:425)[31:org.apache.sshd.core:0.14.0] > > at org.apache.sshd.common.session.AbstractSession. > handleMessage(AbstractSession.java:326)[31:org.apache.sshd.core:0.14.0] > > at org.apache.sshd.client.session.ClientSessionImpl. > handleMessage(ClientSessionImpl.java:306)[31:org.apache.sshd.core:0.14.0] > > at org.apache.sshd.common.session.AbstractSession. > decode(AbstractSession.java:780)[31:org.apache.sshd.core:0.14.0] > > at org.apache.sshd.common.session.AbstractSession. > messageReceived(AbstractSession.java:308)[31:org.apache.sshd.core:0.14.0] > > at com.adva.ensemble.controller.callhome.impl. > ReversedAsyncSshHandler$MyAsyncSshHandlerReader.operationComplete( > ReversedAsyncSshHandler.java:138)[286:com.adva.ensemble. > controller.callhome-config-dispatcher:17.1.1.1] > > at com.adva.ensemble.controller.callhome.impl. > ReversedAsyncSshHandler$MyAsyncSshHandlerReader.operationComplete( > ReversedAsyncSshHandler.java:111)[286:com.adva.ensemble. > controller.callhome-config-dispatcher:17.1.1.1] > > at org.apache.mina.core.future.DefaultIoFuture. > notifyListener(DefaultIoFuture.java:375)[30:org.apache.mina.core:2.0.9] > > at org.apache.mina.core.future.DefaultIoFuture. > notifyListeners(DefaultIoFuture.java:360)[30:org.apache.mina.core:2.0.9] > > at org.apache.mina.core.future.DefaultIoFuture.setValue( > DefaultIoFuture.java:288)[30:org.apache.mina.core:2.0.9] > > at org.apache.mina.core.future.DefaultReadFuture.setRead( > DefaultReadFuture.java:102)[30:org.apache.mina.core:2.0.9] > > at org.apache.mina.core.session.AbstractIoSession. > offerReadFuture(AbstractIoSession.java:372)[30:org.apache.mina.core:2.0.9] > > at org.apache.mina.core.filterchain.DefaultIoFilterChain$ > TailFilter.messageReceived(DefaultIoFilterChain.java:857) > [30:org.apache.mina.core:2.0.9] > > at org.apache.mina.core.filterchain.DefaultIoFilterChain. > callNextMessageReceived(DefaultIoFilterChain.java:542) > [30:org.apache.mina.core:2.0.9] > > at org.apache.mina.core.filterchain. > DefaultIoFilterChain.access$1300(DefaultIoFilterChain. > java:48)[30:org.apache.mina.core:2.0.9] > > at org.apache.mina.core.filterchain.DefaultIoFilterChain$ > EntryImpl$1.messageReceived(DefaultIoFilterChain.java:943) > [30:org.apache.mina.core:2.0.9] > > at org.apache.mina.core.filterchain.IoFilterAdapter. > messageReceived(IoFilterAdapter.java:109)[30:org.apache.mina.core:2.0.9] > > at org.apache.mina.core.filterchain.DefaultIoFilterChain. > callNextMessageReceived(DefaultIoFilterChain.java:542) > [30:org.apache.mina.core:2.0.9] > > at org.apache.mina.core.filterchain.DefaultIoFilterChain. > fireMessageReceived(DefaultIoFilterChain.java:535) > [30:org.apache.mina.core:2.0.9] > > at org.apache.mina.core.polling. > AbstractPollingIoProcessor.read(AbstractPollingIoProcessor. > java:714)[30:org.apache.mina.core:2.0.9] > > at org.apache.mina.core.polling. > AbstractPollingIoProcessor.process(AbstractPollingIoProcessor. > java:668)[30:org.apache.mina.core:2.0.9] > > at org.apache.mina.core.polling. > AbstractPollingIoProcessor.process(AbstractPollingIoProcessor. > java:657)[30:org.apache.mina.core:2.0.9] > > at org.apache.mina.core.polling. > AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor. > java:67)[30:org.apache.mina.core:2.0.9] > > at org.apache.mina.core.polling. > AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor. > java:1121)[30:org.apache.mina.core:2.0.9] > > at org.apache.mina.util.NamePreservingRunnable.run( > NamePreservingRunnable.java:64)[30:org.apache.mina.core:2.0.9] > > at java.util.concurrent.ThreadPoolExecutor.runWorker( > ThreadPoolExecutor.java:1142)[:1.8.0_45] > > at java.util.concurrent.ThreadPoolExecutor$Worker.run( > ThreadPoolExecutor.java:617)[:1.8.0_45] > > at java.lang.Thread.run(Thread.java:745)[:1.8.0_45] > > > > > > > > Do we need to configure any other JCE provider? > > Do we need to configure anything else in ODL? > > > > Please provide us some pointers on how to debug the issue > > > > > > Thanks > > Vikram > > > > > > > > > > > _______________________________________________ > controller-dev mailing list > controller-dev@lists.opendaylight.org > https://lists.opendaylight.org/mailman/listinfo/controller-dev > > >
_______________________________________________ controller-dev mailing list controller-dev@lists.opendaylight.org https://lists.opendaylight.org/mailman/listinfo/controller-dev