2

I am trying to SCP a file from my application to a server using j2ssh. The remote server is running TECTIA.

From the command line (Solaris machine where my app is deployed) the scp works fine using the key pair we exchanged.

From my application, j2ssh can not make a connection, throwing the exception: 

Caused by: com.sshtools.j2ssh.transport.TransportProtocolException: The connection did not complete

The debug logs from j2ssh show the following:

com.sshtools.j2ssh.transport.TransportProtocolCommon.beginKeyExchange(Unknown Source) | Starting key exchange
com.sshtools.j2ssh.transport.TransportProtocolCommon.determineAlgorithm(Unknown Source) | Determine Algorithm
com.sshtools.j2ssh.transport.TransportProtocolCommon.determineAlgorithm(Unknown Source) | Client Algorithms: [diffie-hellman-group1-sha1]
com.sshtools.j2ssh.transport.TransportProtocolCommon.determineAlgorithm(Unknown Source) | Server Algorithms: [diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1]
com.sshtools.j2ssh.transport.TransportProtocolCommon.sendMessage(Unknown Source) | Sending SSH_MSG_DISCONNECT
com.sshtools.j2ssh.transport.TransportProtocolCommon.run(Unknown Source) | The Transport Protocol has been stopped

From the above I can see above that there is no matching algorithm for the key exchange between my app and the server (debugging actually shows that the root of this problem is a AlgorithmNotAgreedException when no server and client algorithm match so I know this is the root cause).

How can I add new algorithms to j2ssh so it can find a match? The j2ssh documentation is pretty sparse.

Adam McCormick
  • 315
  • 5
  • 10
  • This seems like it would be way easier if you used Runtime's exec and scp. – Nick ODell Apr 25 '12 at 20:44
  • I agree with both you and @JeremyBrooks that a different implementation for file transfer is probably the 'best' solution here, however it is not an option at this point. This is a specific use case that happens to break the way we do SFTP transfers. I can not, at this time, rewrite this portion. For now I am bound by j2ssh until I get time to rewrite it (looking at you Apache VFS) – Adam McCormick Apr 25 '12 at 21:13

2 Answers2

1

You should have a sshtools.xml file in the j2ssh distribution. In that file you can add an additional ExtensionAlgorithm entry to map

diffie-hellman-group14-sha1 to
com.maverick.ssh.components.jce.DiffieHellmanGroup14Sha1

or to

com.maverick.ssh.components.standalone.DiffieHellmanGroup14Sha1
Ashish Ratan
  • 2,838
  • 1
  • 24
  • 50
dsalazar
  • 51
  • 4
  • Actually we are using j2ssh-0.2.9, not the j2ssh from javassh.com. Apologies, I should have specified. There is a sshtools.xml config file but there is only 1 class which implements SshKeyExchange and that's DhGroup1Sha1, so although I should be able to configure this, I have nothing to configure it with. Please correct me if I'm wrong here – Adam McCormick Apr 25 '12 at 22:07
  • Are you using the version from sourceforge? That version seems to have only one SshKeyExchange implementation. If you have admin access to the remote server you could configure TECTIA to support diffie-hellman-group1-sha1 (as described in their [docs](http://www.ssh.com/manuals/server-admin/62/ssh-server-config.html)) – dsalazar Apr 26 '12 at 19:05
  • Yes, in the end this is what we did, add the key exchange to TECTIA to get this working. Marking this answer as accepted based on your correct answer for maverick j2ssh and the correct comment response for adding the algorithm to TECTIA directly. – Adam McCormick Apr 26 '12 at 23:03
  • Suggesting that the answer is to weaken the security of the server is a bad answer. Upgrade your API to a current version that supports the latest key exchange mechanisms. There is an open source version at https://github.com/sshtools/j2ssh-maverick – Lee David Painter Feb 23 '17 at 10:50
0

I don't have an exact answer to your question, but I have a suggestion. Take a look at the jsch library. I am using jsch in several applications with success.

Jeremy Brooks
  • 589
  • 3
  • 12