The JSch library (used by Jenkins or one of it's plugins) makes use of Java's JCE provider. It appears the JCE provider of your Java version can't handle the key length of 2047 bits.
You can swap your current JCE provider with a BouncyCastle provider.
While @Brian Low's workaround describes a dynamic registration of BouncyCastle as the cryptography package provider, I'd like to point out an alternative way where it's done by configuring your environment via static registration.
Look for the "Signed JAR Files" section and select your provider. For example, bcprov-jdk15to18-165.jar, for any Java version between 5 and 8.
- In Jenkins go to Manage Jenkins - Global Tool Configurations - JDK to verify your JDK location (JAVA_HOME).
- Copy the JAR file to $JAVA_HOME/jre/lib/ext
- Locate and edit $JAVA_HOME/jre/lib/security/java.security
Here we insert the BouncyCastle provider at the first position (most prefered) and update the others' preference number.
Example:
#
# List of providers and their preference orders (see above):
#
security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC
security.provider.11=sun.security.mscapi.SunMSCAPI
At this point restart Jenkins.
