sockets - timeout at net.schmizz.sshj.transport.KeyExchanger.waitForDone(KeyExchanger.java:160) -

i have nightly job using net.schmizz.sshj sftp library.

i suspect there change on server sftp into. however, cannot pinpoint exact change is. nor can reproduce outside production server. looking insight of root cause or how reproduce following error

net.schmizz.sshj.transport.transportexception: timeout expired @ net.schmizz.sshj.transport.transportexception$1.chain(transportexception.java:33) @ net.schmizz.sshj.transport.transportexception$1.chain(transportexception.java:27) @ net.schmizz.concurrent.promise.retrieve(promise.java:139) @ net.schmizz.concurrent.event.await(event.java:103) @ net.schmizz.sshj.transport.keyexchanger.waitfordone(keyexchanger.java:160) @ net.schmizz.sshj.transport.keyexchanger.startkex(keyexchanger.java:155) @ net.schmizz.sshj.transport.transportimpl.dokex(transportimpl.java:247) @ net.schmizz.sshj.sshclient.dokex(sshclient.java:735) @ net.schmizz.sshj.sshclient.onconnect(sshclient.java:723) @ net.schmizz.sshj.socketclient.connect(socketclient.java:54) @ net.schmizz.sshj.socketclient.connect(socketclient.java:80)

from can tell, we're connecting via java.net.socket ok , timing out waiting key exchange complete in code

package net.schmizz.sshj.transport;  /** algorithm negotiation , key exchange. */ final class keyexchanger         implements sshpackethandler, errornotifiable {      /**      * starts key exchange sending {@code ssh_msg_kexinit} packet. key exchange needs done once mandatorily      * after initializing {@link transport} usable , may initiated @ later point e.g. if      * {@link transport#getconfig() algorithms} have changed , should renegotiated.      *      * @param waitfordone whether should block till key exchange completed      *      * @throws transportexception if there error during key exchange      * @see {@link transport#settimeoutms} setting timeout kex      */     void startkex(boolean waitfordone)             throws transportexception {         if (!kexongoing.getandset(true)) {             done.clear();             sendkexinit();         }         if (waitfordone)             waitfordone();     }      /**      * sends ssh_msg_kexinit , sets {@link #kexinitsent} event.      *      * @throws transportexception      */     private void sendkexinit()             throws transportexception {         log.debug("sending ssh_msg_kexinit");         clientproposal = new proposal(transport.getconfig());         transport.write(clientproposal.getpacket());         kexinitsent.set();     }  void waitfordone()         throws transportexception {     done.await(transport.gettimeoutms(), timeunit.milliseconds); } 

after debugging after posting question figured out problem don't have same encryption libraries running in production environments did in local testing. determined building minimal jar while still retaining sshj pieces used in production , relevant code of our own , running debug level logging in command shell see output. saw following , realized timeout exception in our production server logs second exception occurring after , masking root cause not being logged in production: noclassdeffounderror

exception in thread "reader" java.lang.noclassdeffounderror: org/bouncycastle/crypto/ec/customnamedcurves     @ net.schmizz.sshj.transport.kex.curve25519dh.getcurve25519params(curve25519dh.java:51)     @ net.schmizz.sshj.transport.kex.curve25519sha256.initdh(curve25519sha256.java:36)     @ net.schmizz.sshj.transport.kex.abstractdhg.init(abstractdhg.java:55)     @ net.schmizz.sshj.transport.keyexchanger.gotkexinit(keyexchanger.java:239)     @ net.schmizz.sshj.transport.keyexchanger.handle(keyexchanger.java:359)     @ net.schmizz.sshj.transport.transportimpl.handle(transportimpl.java:493)     @ net.schmizz.sshj.transport.decoder.decode(decoder.java:107)     @ net.schmizz.sshj.transport.decoder.received(decoder.java:175)     @ net.schmizz.sshj.transport.reader.run(reader.java:60) caused by: java.lang.classnotfoundexception: org.bouncycastle.crypto.ec.customnamedcurves     @ java.net.urlclassloader.findclass(urlclassloader.java:381)     @ java.lang.classloader.loadclass(classloader.java:424)     @ sun.misc.launcher$appclassloader.loadclass(launcher.java:331)     @ java.lang.classloader.loadclass(classloader.java:357)     ... 9 more  net.schmizz.sshj.transport.transportexception: timeout expired     @ net.schmizz.sshj.transport.transportexception$1.chain(transportexception.java:33)     @ net.schmizz.sshj.transport.transportexception$1.chain(transportexception.java:27)     @ net.schmizz.concurrent.promise.retrieve(promise.java:139)     @ net.schmizz.concurrent.event.await(event.java:103)     @ net.schmizz.sshj.transport.keyexchanger.waitfordone(keyexchanger.java:160)     @ net.schmizz.sshj.transport.keyexchanger.startkex(keyexchanger.java:155)     @ net.schmizz.sshj.transport.transportimpl.dokex(transportimpl.java:247)     @ net.schmizz.sshj.sshclient.dokex(sshclient.java:735)     @ net.schmizz.sshj.sshclient.onconnect(sshclient.java:723)     @ net.schmizz.sshj.socketclient.connect(socketclient.java:54)     @ net.schmizz.sshj.socketclient.connect(socketclient.java:80)     @ kirby.app.connect(app.java:101)     @ kirby.app.execute(app.java:45)     @ kirby.app.main(app.java:31) caused by: java.util.concurrent.timeoutexception: timeout expired     ... 12 more 

the difference comes down classpath. in production had

bcpg-jdk15on-150.jar:bcpkix-jdk15on-150.jar:bcprov-jdk15on-150.jar

but need

bcpkix-jdk15on/1.51/bcpkix-jdk15on-1.51.jar:ecc-25519-java-1.0.1.jar:bcprov-jdk15on/1.51/bcprov-jdk15on-1.51.jar