The security strength of SHA-1 digest algorithm is not sufficient for this key size

2,184 views
Skip to first unread message

Neeraj Pandey

unread,
Jun 5, 2018, 2:28:09 PM6/5/18
to jBPM Usage
Hi,

I am running kie-wb 6.5 on centos 7 with java version 1.8.0_111".
While trying to clone repository from kie-wb with "git clone ssh://127.0.0.1:8001/MyRepo1", I am getting following error. Could not find any solution for this issue.


[org.apache.sshd.server.session.ServerSession] (sshd-SshServer[36dcd1db]-nio2-thread-3) Exception caught: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size
at sun.security.provider.DSA.checkKey(DSA.java:104)
at sun.security.provider.DSA.engineInitSign(DSA.java:136)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1174)
at java.security.Signature.initSign(Signature.java:527)
at org.apache.sshd.common.signature.AbstractSignature.init(AbstractSignature.java:47)
at org.apache.sshd.server.kex.AbstractDHGServer.next(AbstractDHGServer.java:91)
at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:393)
at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:295)
at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:731)
at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:277)
at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:187)
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)
at sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)
at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:276)
at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:297)
at java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:420)
at org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173)
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:189)
at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)
at sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)
at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:276)
at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:297)
at java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:420)
at org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173)
at org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:129)
at org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:108)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
at sun.nio.ch.Invoker$2.run(Invoker.java:218)
at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)


Thanks
Neeraj

Sam Meek

unread,
Jul 18, 2018, 9:26:16 AM7/18/18
to jBPM Usage
Did you ever find a solution to this? I am having the same issue.

Kind regards

Neeraj Pandey

unread,
Jul 18, 2018, 9:42:45 AM7/18/18
to jBPM Usage
Sam,

As far as I remember, I fixed it by adding a system property to my configuration file(standalone-full.xml in my case).

<property name="org.uberfire.nio.git.ssh.algorithm" value="RSA"/>

Sam Meek

unread,
Jul 18, 2018, 9:44:40 AM7/18/18
to jBPM Usage
Hi Neeraj,

Thanks for getting back to me.

Do you remember how that looked in your config file and where you put it?

I have done the same thing, but with no luck.

Thanks again.

Neeraj Pandey

unread,
Jul 18, 2018, 10:26:08 AM7/18/18
to jBPM Usage
Hi Sam,

here is my system property text:

<system-properties>
        <property name="org.uberfire.nio.git.daemon.host" value="127.0.0.1"/>
        <property name="org.uberfire.nio.git.ssh.host" value="127.0.0.1"/>
        <property name="org.kie.demo" value="false"/>
        <property name="org.kie.example" value="false"/>
        <property name="org.uberfire.nio.git.ssh.enabled" value="true"/>
        <property name="org.uberfire.nio.git.ssh.algorithm" value="RSA"/>
    </system-properties>

Restart your kie-wb after adding this configuration and see if this issue gets resolved.

Sam Meek

unread,
Jul 18, 2018, 11:08:57 AM7/18/18
to jBPM Usage
Thanks Neeraj,

Thanks for the information.

What file were you using?

standalone-full.xml
standalone.xml
 

Or something else?

Sorry to keep replying, but I have been stuck on this issue for a couple of days!

Thanks again.

Sam

Neeraj Pandey

unread,
Jul 26, 2018, 11:44:15 AM7/26/18
to jBPM Usage
HI Sam,

I am running jbpm with standalone-full.xml so I have added these into the same file.

Liqun Du

unread,
Jul 9, 2019, 4:01:20 PM7/9/19
to jBPM Usage
I am running into the same issue. I added <property name="org.uberfire.nio.git.ssh.algorithm" value="RSA"/> to system-properties but still see the following error message in the server.log:
Exception caught: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size

Q: if the value is RSA, why still SHA-1 in the log?. I use jdk 1.8.0_171

Thanks

Celso Gutiérrez

unread,
Jun 23, 2020, 6:49:23 PM6/23/20
to jBPM Usage
  • stop server
  • delete content of .security folder by default in the working directory or configured by org.uberfire.nio.git.ssh.cert.dir
  • add the property mentioned above in the standalone-full.xml o wherever the way you are passing system properties
  • start server
  • try again cloning and pushing using ssh, a new file will be generated in the .security folder
Reply all
Reply to author
Forward
0 new messages