Skip to Content
author's profile photo Former Member
Former Member

SFTP Channel Issue

Hi Gurus,

We are using the dual stack 7.3 version.

The issue we are facing is with an SFTP communication channel of a particular server which throws the following error:

Exception received: java.lang.UnsupportedOperationException: received authentication request from server which could not be processed: destination=xuser@ftp.xserver.com; name=; instruction=prompt=Enter password:

As you are aware, the password field is a mandatory field on the communication channel and has been entered and we are still getting this error.

Also, we are able to logon to the server externally using WINSCP.There has been no change on the SFTP server recently too.

Please advice.

Thank you,

Regards,

Rakesh.

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

8 Answers

  • Best Answer
    Posted on Oct 16, 2013 at 04:09 PM

    Hello Rakesh,

    I just came across this error message twice due to two different reasons.

    Reason 1: user or pwd is incorrect or not known on the sftp server you are calling - o.k. this should not be your problem here. It is just important to know that it raises the same error in audit log.

    Reason 2: the sftp server you are calling is configured for "keyboard-interactive authentication". So even with a ftp client (e.g. FileZilla) accessing the sftp server looks normal, PI experiences different behavior. In xpi_inspector you should see following:

    Caused by: java.lang.UnsupportedOperationException: received authentication request from server which could not be processed: destination=user@server:22; name=; instruction=prompt=Enter password:

    at com.sap.aii.adapter.sftp.ra.rar.integration.sftp.SSHConnection$MyUserInfo.promptKeyboardInteractive(SSHConnection.java:547)

    at com.jcraft.jsch.UserAuthKeyboardInteractive.start(UserAuthKeyboardInteractive.java:139)

    at com.jcraft.jsch.Session.connect(Session.java:420)

    at com.sap.aii.adapter.sftp.ra.rar.integration.sftp.SSHConnection.<init>(SSHConnection.java:149)

    at com.sap.aii.adapter.sftp.ra.rar.jca.CCIInteraction.sendSFTP(CCIInteraction.java:484)

    Your options: Either the sftp server can be reconfigured "no keyboard interactive" or they give you a ssh-rsa-key logon.

    Best regards,

    Wolfgang

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Aug 26, 2013 at 07:37 PM

    Hi there,

    best use xpi_inspector to get a more in-depth view of the problem.

    Chose 50 (XI Channel) and add your channel (the one that connects to FTPS server) to the XI Channels table. Then hit "Start" and reproduce the problem. Hit "Stop" and analyse the error.

    If you can't find solution or need additional info, please come back with details.

    HTH

    Cheers

    Jens

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Jens Schwendemann

      That is correct, it was working fine earlier.

      So 'change password on first connect' doesn't look likely. I am thinking more on the lines of a prompt that asks the user to re-enter the password (which isnt the case when we are logging in using WINSCP though)

      We have logged in a ticket with the team that maintains the SFTP server, hope to hear from them soon.

      Thanks,

      Rakesh.

  • author's profile photo Former Member
    Former Member
    Posted on Jan 08, 2014 at 06:16 AM

    Hi All,

    We couldn't really get to the depth of the issue as we were running out of time and eventually decided to deploy our certificates on the legacy's SFTP server for authentication. We switched from password based authentication to Certificate based authentication.

    Thanks for all your inputs.

    Regards,

    Rakesh.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Oct 29, 2013 at 05:00 PM

    HI Rakesh,

    Ran into similar issue with one of my client. I did the below steps to fix

    1) Kill the existing sftp sessions in SFTP server.

    2) Stop channels where your getting error (stop sftp service if possible).

    3) Refresh cache if problem still exists.

    Thanks

    Kiran Nekkanti

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Nov 06, 2013 at 10:09 AM

    There has not been much progress. We are raising an OSS message now.

    Regards,

    Rakesh.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Apr 08, 2014 at 04:44 PM

    Hello,

    We had the similar problem when we try to connect to a sFTP Server. But switching to certificate autentication didn't resolve our problem. We allways get de next error:

    Exception caught by adapter framework: java.lang.UnsupportedOperationException: received authentication request from server which could not be processed:

    destination=<user>@<host>:<port>; name=Password authentication; instruction=prompt=<user>'s password

    The problem is that the client we want to connect to, tell us that in the server, they haven't the option to deactivate the keyboard-interactive. They have only two options to choose , or authentication with user/password who is keyboard-interactive or autentication with certificates. We tested both options with identical error (the error above).

    We was investigating in the stadandard Adapter and we found the cause of the problem.

    In the jar com.sap.aii.adapter.sftp.ra.jar I've found the class responsible of the connection,

    SSHConnection.class.

    Decompiling and analizing this class I've found that, when the connection is establishing the next subclass is used:


    UserInfo ui = new MyUserInfo();
    this.session.setUserInfo(ui);


    And this class has the method promptKeyboardInteractive ( because implements the interface

    UIKeyboardInteractive ), who is throwing the exception mentioned ()

    public String[] promptKeyboardInteractive(String destination, String name, String instruction, String[] prompt, boolean[] echo)
    {
    String message = "received authentication request from server which could not be processed: destination=" + destination + "; name=" + name + "; instruction=" + instruction + "prompt=";

    String separator = ", ";
    for (int i = 0; i < prompt.length; i++) {
    message = message + prompt[i] + separator;
    }
    if (message.endsWith(separator))
    {
    int lastIndexOf = message.lastIndexOf(separator);
    message = message.substring(0, lastIndexOf);
    }
    throw new UnsupportedOperationException(message);
    }

    This method of the interface UIKeyboardInteractive is used for custom implementations of this functionality, when the server ask for the password (because the keyboard-interactive behavior), and it's designed for human interaction. But in this case keyboard-iteractive doesn't applies, so if we substitute the code for the next code

    public String[] promptKeyboardInteractive(String destination, String name, String instruction, String[] prompt, boolean[] echo)

    {
    String[] password = new String[1];
    try{
    password[0] = propHandler.getPropertyValueAsString("password");
    }catch(Exception ex)
    { throw new UnsupportedOperationException("Error : " + ex.toString());
    }
    return password

    }

    The sftp channel works ok, and we can exchange files with the sftp server. Essentially when the keyboard-interactive functionality appears we inform the stored password, and not ask it again to the user.

    I think in the next version of the adapter this functionality will be supported, but at the moment this work-around seems to be a good solution.

    We've tested this change in the standard adapter in our development environment and the adapters works fine.

    I don't know about the implications of changing an standard connection, except the obvius (not support, changes disappear when other standard version of the adapter is deployed). Dou you know if there are some other implications in the case of modifying a standard adapter, until the next release?

    regards.

    Fernando.

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Fernando,

      Your problem exactly similar with mine. Please check this http://scn.sap.com/thread/3501844.

      I thought it was banner issue but actually keyboard-interactive authentication.

      And actually you almost there in the java code.

      public String[] promptKeyboardInteractive(String destination, String name, String instruction, String[] prompt, boolean[] echo)

      {
      String[] password = new String[1];
      try{
      password[0] = propHandler.getPropertyValueAsString("password");
      }catch(Exception ex)
      { throw new UnsupportedOperationException("Error : " + ex.toString());
      }
      return password

      }

      In the above code, it's not asking "password" but it's asking "Enter Password". You can see this in detail via SSH trace.

      Best Regards,

      Achmad

  • Posted on Apr 09, 2014 at 10:20 AM

    Hello Achmad:

    We've installed the version 1000.1.00.2.8.20140408103100 who corresponds to sp2 patch8 but the problem is not resolved in this version as it's mentioned in

    The code of MyUserInfo.promptKeyboardInteractive in this sp throws the exception

    "received authentication request from server which could not be processed: destination=" + destination + "; name=" + name + "; instruction=" + instruction + "prompt=";

    This interface method needs to be implemented so that in it the result is that the password is returned (or an exception is throwed). You can implement it designing a control panel where the password is askered again if you're using this functionality with user interaction. But in the case of this adapter the password has been informed in the channel and keyboard-interactive functionality not applies. So we think in this method you only need to return the password stored in the channel configuration (propHandler.getPropertyValueAsString("password")).

    Best regards.

    Fernando.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Sep 14, 2016 at 09:00 AM

    Hi Rakesh,

    We recently faced this issue in PO7.4 SP 06 and were able to resolve by replacing password based authentication to key based authentication.

    This appears strange as when we don't use the PGP encryption the connection works fine even with username/password authentication but when we add the PGP module in the SFTP receiver channel it gives the same error as mentioned by you.

    This appears to be some kind of bug in the PGP addon.

    Best Regards,

    Alok Yadav

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.