on 04-17-2017 3:49 AM
Hi Experts,
We are getting the following error message at the sender SFTP comm channel for the normal authentication method, user & password.
We already openned successfully an SFTP session from the AIX OS where the SAP PI 7.31 SP13 is installed in order to confirm any firewall issue. Also we confirmed the SFTP adapter instalation and everything is ok. Of course we made a double check on the user & password.
I purposely configured with wrong server fingerprint (only for testing) and I get the message asking to configure it with the correct server fingerprint.
Could TCP Gateway tool help me with this issue?
Has anyone already faced this issues?
Tks,
Leandro Silva
Leandro ,
user.sftp is standard variable name defined for SFTP adapter , so i don't think this is a issue.
However have u tried with mentioning domain name as well .
Br,
Manoj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Did you solve the problem? How?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Leandro,
All looks good and should work. Just few checking -
1) Can you login to SFTP using File Zilla/CoreFTP etc using this credential?
2) Did you deploy latest SFTP PGP Addon?
3) Hope the SFTP service is activated properly in NWA-> Operation->Start & Stop.
Thanks,
Apu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Apu Das,
Yes! For all
1) Can you login to SFTP using File Zilla/CoreFTP etc using this credential?
Yes! Also by Open SFTP over OS where SAP PI is installed
2) Did you deploy latest SFTP PGP Addon?
Yes! SP04 & Patch 33
3) Hope the SFTP service is activated properly in NWA-> Operation->Start & Stop.
Yes! Bcz the sender comm channel is up & running - the server finger print is being verified by server Open SSH
Thanks,
Leandro Silva
Hi Leandro,
We are facing the same error and tried the standard steps - did you get any solution to the issue.
Regards Subhro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Subhro De,
Not yet! I asked them to increse the OpenSSH version level from 5.3 to 6.0. In addition, I generated a public key using this blog as a refrence - https://wiki.scn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+2
Once they update the OpenSSH, I will try to connect it using the key-based authentication. I will let you know if I get sucess ion this.
Are you getting the "is not available" error message for the algorithm negotiations?
--- SFTP Logs---
Check Ciphers
Check Kexes
Check Signatures
#Line 79: aes256-ctr is not available.
#Line 83: aes192-ctr is not available.
#Line 87: aes256-cbc is not available.
#Line 91: aes192-cbc is not available.
#Line 99: ecdh-sha2-nistp256 is not available.
#Line 103: ecdh-sha2-nistp384 is not available.
#Line 107: ecdh-sha2-nistp521 is not available.
#Line 115: ecdsa-sha2-nistp256 is not available.
#Line 119: ecdsa-sha2-nistp384 is not available.
#Line 123: ecdsa-sha2-nistp521 is not available.#
Which is the remote & local version in your scenario?
Thanks
Leandro Silva
Hi Manoj,
I just tried with user.sftp@domain.com and I got the same message.
Thanks,
Leandro Silva
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Manoj,
I just tried with the following ones
carta.web@domain.com
carta.web@IP
carta.web\domain.com
carta.web\IP
and for the directory
. (only dot)
/pdf
\pdf
OS level
Thanks,
Leandro Silva
Hi Manoj,
In addition, the SFTP server log & SAP PI log (defaulttrace-005-log.txt)
Apr 17 11:02:26 prd-custom-sftp01 sshd[15574]: pam_ldap:
error trying to bind as user
"uid=XXX.carta.web,ou=users,dc=XXXX,dc=com" (Invalid credentials)
Apr 17 11:02:28 prd-custom-sftp01 sshd[15574]: Failed password for XXX.carta.web from 191.240.XXX.XXX
port 451XX ssh2
Apr 17 11:02:28 prd-custom-sftp01 sshd[15575]: Received
disconnect from 191.240.XXX.XXX: 3: com.jcraft.jsch.JSchException: Auth cancel
Apr 17 11:03:26 prd-custom-sftp01 unix_chkpwd[15596]:
password check failed for user (XXX.carta.web)
Apr 17 11:03:26 prd-custom-sftp01 sshd[15594]:
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
ruser= rhost=191.240.XXX.XXX user=XXX.carta.web
looking inside the file SAP PI log, after the connection staslehd, I got the following messages
Line 79: aes256-ctr is not available.#
Line 83: aes192-ctr is not available.#
Line 87: aes256-cbc is not available.#
Line 91: aes192-cbc is not available.#
Line 99: ecdh-sha2-nistp256 is not available.#
Line 103: ecdh-sha2-nistp384 is not available.#
Line 107: ecdh-sha2-nistp521 is not available.#
Line 115: ecdsa-sha2-nistp256 is not available.#
Line 119: ecdsa-sha2-nistp384 is not available.#
Line 123: ecdsa-sha2-nistp521 is not available.#
Leandro,
By looking at these below logs , looks like algorithm is not supported .
#2.0#2017 04 17 10:08:49:462#0-300#Info#com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger#
#BC-XI-CON-B2B#sap.com/com.sap.aii.adapter.sftp.app#C0000A640AC0282D0000000A0102009E#308156250002901570##com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger.log#J2EE_GUEST#0##9379DA2BF66811E68AA70E9DE8479F02#9379da2bf66811e68aa70e9de8479f02##0#XI SFTP2XI[CC_SFTP_SENDER_xxx_Test/ESB/]_37500#Plain##
aes256-ctr is not available.#
#2.0#2017 04 17 10:08:49:463#0-300#Info#com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger#
#BC-XI-CON-B2B#sap.com/com.sap.aii.adapter.sftp.app#C0000A640AC0282D0000000B0102009E#308156250002901570##com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger.log#J2EE_GUEST#0##9379DA2BF66811E68AA70E9DE8479F02#9379da2bf66811e68aa70e9de8479f02##0#XI SFTP2XI[CC_SFTP_SENDER_xxx_Test/ESB/]_37500#Plain##
aes192-ctr is not available.#
#2.0#2017 04 17 10:08:49:463#0-300#Info#com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger#
#BC-XI-CON-B2B#sap.com/com.sap.aii.adapter.sftp.app#C0000A640AC0282D0000000C0102009E#308156250002901570##com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger.log#J2EE_GUEST#0##9379DA2BF66811E68AA70E9DE8479F02#9379da2bf66811e68aa70e9de8479f02##0#XI SFTP2XI[CC_SFTP_SENDER_xxx_Test/ESB/]_37500#Plain##
aes256-cbc is not available.#
#2.0#2017 04 17 10:08:49:463#0-300#Info#com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger#
#BC-XI-CON-B2B#sap.com/com.sap.aii.adapter.sftp.app#C0000A640AC0282D0000000D0102009E#308156250002901570##com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger.log#J2EE_GUEST#0##9379DA2BF66811E68AA70E9DE8479F02#9379da2bf66811e68aa70e9de8479f02##0#XI SFTP2XI[CC_SFTP_SENDER_xxx_Test/ESB/]_37500#Plain##
aes192-cbc is not available.#
This note may be helpful:
2344454 - "com.jcraft.jsch.JSchException: Algorithm negotiation fail" error in Message Monitoring while using SFTP Receiver Adapter
Br,
Manoj
Hi Manoj,
Our SFTP adapter is alredy on the latest SP04 & pacth 32 level! In addition, the "JCE Unlimited Strength Jurisdiction Policy" is updated as well! But the error message still ocurring.
Remote version: SSH-2.0-OpenSSH_5.3
Local version: SSH-2.0-JSCH-0.1.53
Do you think if they increase the OpenSSH version, will that solve it?
Thanks a lot!
Leandro Silva
Can be the user "user.sftp"? It contain a dot "."
I already asked another user with no dot "."
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
82 | |
10 | |
10 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.