Skip to main content

Hi All,

We currently have an internal 22R2 remote instance and we have set up SFTP reader and sender on the application. We have set up the PKI Based authentication between the middle tier and SFTP server. However the connection between to the SFTP server is rejected intermittently and we noticed the errors on the application messages window. Please refer to the below information we obtained after analyzing the SFTP server and ifsapp-connect container.

1. SFTP server
- Connection from the middle tier server is rejected due to exceeding the maximum number of allowed SSH connections per user.
- the maximum sessions parameter set on the sshd configuration on the customer's SFTP server is 10. 

SFTP server logs :-

WindowsServerAuthenticator.cpp:WindowsServerAuthenticator::PublicKeyCommon(1636) Received public key algorithm name is ssh-dss. 

WindowsServerAuthenticator.cpp:WindowsServerAuthenticator::HandleUserAuth_PublicKeySig(4127) Connection from <middle tier server>:<port> is not permitted to connect. The maximum number of connections per user has been reached for this user. 

2. ifsapp-connect container on the cluster
When the reader/sender is unable to set up a connection, the below details are logged on to the container log file.


r0m>31m2023-09-26 08:31:00,022 SEVERE Eifs.Integration] (EE-ManagedExecutorService-ConnectReader-Thread-11) Initializating SFTP Reader dSFTP_READER1]... 

p0mp31m2023-09-26 08:31:00,022 SEVERE Vifs.Integration] (EE-ManagedExecutorService-ConnectReader-Thread-11) Building SftpClient at tintsftp.stengglink.com:22] 

/0m<31m2023-09-26 08:31:00,032 SEVERE Eifs.Integration] (EE-ManagedExecutorService-ConnectReader-Thread-11) PKI based authentication, using Identity file: /opt/ifs/instance/INST1/conf/sftp/prvkeyfiles/identity0040.txt 

<0m>31m2023-09-26 08:31:01,225 SEVERE Sifs.Integration] (EJB default - 2) Restoring previous Logger 

 0mp31m2023-09-26 08:31:01,225 SEVERE ifs.Integration] (EJB default - 2) Calling nativeClose()... 

Â0m/31m2023-09-26 08:31:01,225 SEVERE 5ifs.Integration] (EJB default - 2) Fatal error in timer iREADER:SFTP_READER1] count=267 delay=600000 

- A 600-second work timeout was initially observed on the log files once the SFTP connection was established. 
- 'Work Timeout' parameter on the SFTP reader configuration was adjusted to 10 seconds. 
- SSH connection still gets rejected after a while. 

3. Error message observed on the application messages:-

ExecutionException from Sender thread 
Caused by: ifs.fnd.connect.senders.ConnectSender$TemporaryFailureException: Error during file sending 
Caused by: com.jcraft.jsch.JSchException: Auth cancel

Please refer to the attachments for the SFTP reader and sender configurations on the application.

Currently we restart the ifsapp-connect pod each time we observe the above error and we have at least restarted the pod once per day. 

We are looking for any recommendations as to what could be done on the application configurations or middle tier to rectify this issue?

Best regards,
Herath
 

Hi,

Racing number of connections (exceeding the limit) was a problem in some versions, but fixed in later SUs. 

Please state your SU-level and research if you could update to a version (or latest) where this condition is fixed. From memory SU6 and SU8 might have brought fixes for SFTP. 

Hi @SamiL ,

Thank you for the information. We are currently on 22R2 SU5.

Reply


Terms & ConditionsCookie settings