Skip to Content
0

Connection to SFTP server failed - the login credentials provided are incorrect

Apr 17, 2017 at 02:49 AM

443

avatar image

Hi Experts,

We are getting the following error message at the sender SFTP comm channel for the normal authentication method, user & password.


We already openned successfully an SFTP session from the AIX OS where the SAP PI 7.31 SP13 is installed in order to confirm any firewall issue. Also we confirmed the SFTP adapter instalation and everything is ok. Of course we made a double check on the user & password.



I purposely configured with wrong server fingerprint (only for testing) and I get the message asking to configure it with the correct server fingerprint.

Could TCP Gateway tool help me with this issue?

Has anyone already faced this issues?

Tks,
Leandro Silva

file.png (28.5 kB)
-1.png (6.1 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

5 Answers

Manoj K Apr 17, 2017 at 02:38 PM
1

Leandro ,

user.sftp is standard variable name defined for SFTP adapter , so i don't think this is a issue.

However have u tried with mentioning domain name as well .

Br,

Manoj

Share
10 |10000 characters needed characters left characters exceeded
Leandro Silva Apr 17, 2017 at 01:09 PM
0

Can be the user "user.sftp"? It contain a dot "."
I already asked another user with no dot "."

Share
10 |10000 characters needed characters left characters exceeded
Leandro Silva Apr 17, 2017 at 02:53 PM
0

Hi Manoj,

I just tried with user.sftp@domain.com and I got the same message.

Thanks,
Leandro Silva

Show 6 Share
10 |10000 characters needed characters left characters exceeded

Leandro,

Try like this : Domain\UserID. Please share the screenshot of channel config too/

And also cross check how where you able to login into servre from OS level.

Br,

Manoj

0

Hi Manoj,

I just tried with the following ones

carta.web@domain.com
carta.web@IP
carta.web\domain.com
carta.web\IP

and for the directory

. (only dot)

/pdf
\pdf



OS level

Thanks,
Leandro Silva

0

Hi Manoj,

In addition, the SFTP server log & SAP PI log (defaulttrace-005-log.txt)

Apr 17 11:02:26 prd-custom-sftp01 sshd[15574]: pam_ldap: error trying to bind as user "uid=XXX.carta.web,ou=users,dc=XXXX,dc=com" (Invalid credentials)

Apr 17 11:02:28 prd-custom-sftp01 sshd[15574]: Failed password for XXX.carta.web from 191.240.XXX.XXX port 451XX ssh2

Apr 17 11:02:28 prd-custom-sftp01 sshd[15575]: Received disconnect from 191.240.XXX.XXX: 3: com.jcraft.jsch.JSchException: Auth cancel

Apr 17 11:03:26 prd-custom-sftp01 unix_chkpwd[15596]: password check failed for user (XXX.carta.web)

Apr 17 11:03:26 prd-custom-sftp01 sshd[15594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.240.XXX.XXX user=XXX.carta.web

looking inside the file SAP PI log, after the connection staslehd, I got the following messages

Line 79: aes256-ctr is not available.#
Line 83: aes192-ctr is not available.#
Line 87: aes256-cbc is not available.#
Line 91: aes192-cbc is not available.#
Line 99: ecdh-sha2-nistp256 is not available.#
Line 103: ecdh-sha2-nistp384 is not available.#
Line 107: ecdh-sha2-nistp521 is not available.#
Line 115: ecdsa-sha2-nistp256 is not available.#
Line 119: ecdsa-sha2-nistp384 is not available.#
Line 123: ecdsa-sha2-nistp521 is not available.#


0

Leandro,

By looking at these below logs , looks like algorithm is not supported .

#2.0#2017 04 17 10:08:49:462#0-300#Info#com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger#
#BC-XI-CON-B2B#sap.com/com.sap.aii.adapter.sftp.app#C0000A640AC0282D0000000A0102009E#308156250002901570##com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger.log#J2EE_GUEST#0##9379DA2BF66811E68AA70E9DE8479F02#9379da2bf66811e68aa70e9de8479f02##0#XI SFTP2XI[CC_SFTP_SENDER_xxx_Test/ESB/]_37500#Plain##
aes256-ctr is not available.#

#2.0#2017 04 17 10:08:49:463#0-300#Info#com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger#
#BC-XI-CON-B2B#sap.com/com.sap.aii.adapter.sftp.app#C0000A640AC0282D0000000B0102009E#308156250002901570##com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger.log#J2EE_GUEST#0##9379DA2BF66811E68AA70E9DE8479F02#9379da2bf66811e68aa70e9de8479f02##0#XI SFTP2XI[CC_SFTP_SENDER_xxx_Test/ESB/]_37500#Plain##
aes192-ctr is not available.#

#2.0#2017 04 17 10:08:49:463#0-300#Info#com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger#
#BC-XI-CON-B2B#sap.com/com.sap.aii.adapter.sftp.app#C0000A640AC0282D0000000C0102009E#308156250002901570##com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger.log#J2EE_GUEST#0##9379DA2BF66811E68AA70E9DE8479F02#9379da2bf66811e68aa70e9de8479f02##0#XI SFTP2XI[CC_SFTP_SENDER_xxx_Test/ESB/]_37500#Plain##
aes256-cbc is not available.#

#2.0#2017 04 17 10:08:49:463#0-300#Info#com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger#
#BC-XI-CON-B2B#sap.com/com.sap.aii.adapter.sftp.app#C0000A640AC0282D0000000D0102009E#308156250002901570##com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger.log#J2EE_GUEST#0##9379DA2BF66811E68AA70E9DE8479F02#9379da2bf66811e68aa70e9de8479f02##0#XI SFTP2XI[CC_SFTP_SENDER_xxx_Test/ESB/]_37500#Plain##
aes192-cbc is not available.#

This note may be helpful:

2344454 - "com.jcraft.jsch.JSchException: Algorithm negotiation fail" error in Message Monitoring while using SFTP Receiver Adapter

Br,

Manoj

0

Hi Manoj,

Yes! I will read this note and I will let you know.

Do you know if is possible to add any other algorithm by module?

Thanks a lot
Leandro Silva

0

Hi Manoj,

Our SFTP adapter is alredy on the latest SP04 & pacth 32 level! In addition, the "JCE Unlimited Strength Jurisdiction Policy" is updated as well! But the error message still ocurring.

Remote version: SSH-2.0-OpenSSH_5.3
Local version: SSH-2.0-JSCH-0.1.53

Do you think if they increase the OpenSSH version, will that solve it?

Thanks a lot!
Leandro Silva

0
Subhro De Apr 24, 2017 at 07:48 AM
0

Hi Leandro,

We are facing the same error and tried the standard steps - did you get any solution to the issue.

Regards Subhro

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Subhro De,

Not yet! I asked them to increse the OpenSSH version level from 5.3 to 6.0. In addition, I generated a public key using this blog as a refrence - https://wiki.scn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+2


Once they update the OpenSSH, I will try to connect it using the key-based authentication. I will let you know if I get sucess ion this.

Are you getting the "is not available" error message for the algorithm negotiations?


--- SFTP Logs---
Check Ciphers
Check Kexes
Check Signatures

#Line 79: aes256-ctr is not available.
#Line 83: aes192-ctr is not available.
#Line 87: aes256-cbc is not available.
#Line 91: aes192-cbc is not available.
#Line 99: ecdh-sha2-nistp256 is not available.
#Line 103: ecdh-sha2-nistp384 is not available.
#Line 107: ecdh-sha2-nistp521 is not available.
#Line 115: ecdsa-sha2-nistp256 is not available.
#Line 119: ecdsa-sha2-nistp384 is not available.
#Line 123: ecdsa-sha2-nistp521 is not available.#


Which is the remote & local version in your scenario?

Thanks
Leandro Silva

0
Apu Das Apr 26, 2017 at 10:33 AM
0

Hi Leandro,

All looks good and should work. Just few checking -

1) Can you login to SFTP using File Zilla/CoreFTP etc using this credential?

2) Did you deploy latest SFTP PGP Addon?

3) Hope the SFTP service is activated properly in NWA-> Operation->Start & Stop.

Thanks,

Apu

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Apu Das,

Yes! For all

1) Can you login to SFTP using File Zilla/CoreFTP etc using this credential?
Yes! Also by Open SFTP over OS where SAP PI is installed

2) Did you deploy latest SFTP PGP Addon?
Yes! SP04 & Patch 33

3) Hope the SFTP service is activated properly in NWA-> Operation->Start & Stop.
Yes! Bcz the sender comm channel is up & running - the server finger print is being verified by server Open SSH

Thanks,

Leandro Silva

0