Question

SFTP Knownhost File issue

  • 19 April 2024
  • 8 replies
  • 96 views
T
Rank
Badge +4

Hello ,

 

I am trying to create the known host file for SFTP connector to send the file out .

We are using APP 10 UPD 18 and when I try to execute the below  code in Command Prompt :(replacing the host names  and credentials) 


java -cp <IFS_HOME>\repository\server\javaruntime\ifs-fnd-connect.jar;<IFS_HOME>\repository\server\dist\lib\jsch-0.1.55.jar ifs.fnd.connect.ftp.SftpClient -CreateKnownHosts=KNOWNHOSTS -hostname=SFTPHOST -username=USERNAME -password=PASSWORD

 

Also tried with jsch-0.1.53 , I get the error saying :

com.jcraft.jsch.JSchException: Algorithm negotiation fail
        at com.jcraft.jsch.Session.receive_kexinit(Session.java:590)
        at com.jcraft.jsch.Session.connect(Session.java:320)
        at com.jcraft.jsch.Session.connect(Session.java:183)
        at ifs.fnd.connect.ftp.SftpClient.createKnownHostsFile(SftpClient.java:448)
        at ifs.fnd.connect.ftp.SftpClient.main(SftpClient.java:422)

 

 

Any suggestion would be helpful.

 

Thanks in advance.

 

Regards

Thej

8 replies

Aswin Shadhujan
Rank
Userlevel 3
Badge +9

Hi @Thejaswini ,

This error seems to be getting due to the incompatible algorithm.

Below are the key-exchanges, Host Keys, and cipher suites supported by IFS SFTP Connectors:

• SSH2 protocol support.
• Key exchange: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
• Cipher: blowfish-cbc,3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,3des-ctr,arcfour,arcfour128,arcfour256
• MAC: hmac-md5, hmac-sha1, hmac-md5-96, hmac-sha1-96
• Host key type: ssh-dss,ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
• Userauth: password
• Userauth: publickey(DSA,RSA,ECDSA)
• Userauth: keyboard-interactive
• Userauth: gssapi-with-mic

Confirm above types are compatible with your SFTP server.

 

Thank you,

Aswin.

T
Rank
Badge +4

Hello Aswin,

Thank you for the response

Is there a way around if the above are not compatible with the SFTP server .

The Host key are not the same.

 

Regards

Thej

K
Rank
Userlevel 4
Badge +9

Not sure what your issue is here (and pardon me if I am explaining the obvious but...)

The KNOWN_HOSTS file is just a text file with an IP address, an encryption protocol to communicate with and the public key of the server you are trying to connect to. This ensures the initial connection is with the server you think it is. If anyone tries to spoof the connection it will fail.

Once you have made your connection you then need to authenticate with the SFTP server and this is were you normally put a username and password in the connector configuration screen in IFS.

All of this is driven from IFS i.e. you are either reading a file from an SFTP server outside of IFS in order to pull into IFS or else you are sending a file from IFS to an SFTP Server (again, outside of IFS).

I get the impression from your post that you are trying to get a third party to drop files onto IFS via SFTP?  If that is the case none of the above will work. You need to set-up a separate SFTP server that will receive the files and then configure IFS to read those files from this server.

 

T
Rank
Badge +4

Thank you for the response.

The issue here is , the IFS and the SFTP Server  host keys are not compatible and when creating the Known host file itself there is this issue and JSCh library prevents the creation of  Known host file.

Yes, without known host file we cannot use SFTP connector in IFS and isn't feasible

While attempting to connect using WinSCP and transferring the file from the IFS server to the SFTP server works, probably need to automate the WINSCP

Any input to overcome the incompatibility between the host keys and any alternative option for this would be valuable.

 

Regards,

Thej

R
Rank
Badge +2

I have same issue on my case too. The third-party vendor will support  one of the Host key algorithm:

• rsa-sha2-256.
• rsa-sha2-512.
• ssh-ed25519.

when I try to use winscp/FileZilla it uses ssh-ed25519. JSch too support check the attached document

is there a way to pass the hostkey algorithm when you create the host file

1 Attachment
K
Rank
Userlevel 4
Badge +9

Do you have any other IFS to SFTP connections that work?

If not, it sounds like a very specific issue with your version of IFS and SFTP connection - sorry I can’t be of more help.

WinSCP is pretty powerful and, as long as you have the expertise, you can get some quite sophisticated PowerShell scripts working for moving files around. WinSCP provide template scripts that are pretty helpful.

 

 

 

 

T
Rank
Badge +4

Hello Ramesh,

As you mentioned , Yes JSCh and even third party Vendors supports :   

  • rsa-sha2-256.
  •  rsa-sha2-512.
  • ssh-ed25519.

But IFS Confirmed that it uses only :

  • ssh-dss
  • ssh-rsa
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521

and if JSCh is the SFTP client for IFS then this limitation shouldn't prevent us from creating KonwnHost files. 

 

To answer this : is there a way to pass the hotkey algorithm when you create the host file

I have not explored this option ,  I will look into this and thank you for the suggestion.

 

Regards

Thej

T
Rank
Badge +4

Hello Andy ,

 

We do have SFTP connections working and yes the issue is only for this particular case.

Thank you for all the help and support:) 

 

Regards

Thej

Reply


Terms & ConditionsCookie settings