cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Connection to SFTP server failed - the login credentials provided are incorrect

Former Member

on ‎04-17-2017 3:49 AM

0 Kudos

Hi Experts,

We are getting the following error message at the sender SFTP comm channel for the normal authentication method, user & password.


We already openned successfully an SFTP session from the AIX OS where the SAP PI 7.31 SP13 is installed in order to confirm any firewall issue. Also we confirmed the SFTP adapter instalation and everything is ok. Of course we made a double check on the user & password.



I purposely configured with wrong server fingerprint (only for testing) and I get the message asking to configure it with the correct server fingerprint.

Could TCP Gateway tool help me with this issue?

Has anyone already faced this issues?

Tks,
Leandro Silva

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (6)

Answers (6)

manoj_khavatkopp
Active Contributor
‎04-17-2017 3:38 PM

Leandro ,

user.sftp is standard variable name defined for SFTP adapter , so i don't think this is a issue.

However have u tried with mentioning domain name as well .

Br,

Manoj

Show replies
Show replies
siddhesh_pathak4
Contributor
‎02-24-2019 8:56 PM
0 Kudos

Did you solve the problem? How?

Show replies
Show replies
apu_das2
Active Contributor
‎04-26-2017 11:33 AM
0 Kudos

Hi Leandro,

All looks good and should work. Just few checking -

1) Can you login to SFTP using File Zilla/CoreFTP etc using this credential?

2) Did you deploy latest SFTP PGP Addon?

3) Hope the SFTP service is activated properly in NWA-> Operation->Start & Stop.

Thanks,

Apu

Show replies
Show replies
Former Member
‎04-26-2017 1:57 PM
0 Kudos

Hi Apu Das,

Yes! For all

1) Can you login to SFTP using File Zilla/CoreFTP etc using this credential?
Yes! Also by Open SFTP over OS where SAP PI is installed

2) Did you deploy latest SFTP PGP Addon?
Yes! SP04 & Patch 33

3) Hope the SFTP service is activated properly in NWA-> Operation->Start & Stop.
Yes! Bcz the sender comm channel is up & running - the server finger print is being verified by server Open SSH

Thanks,

Leandro Silva

subhro_de
Active Participant
‎04-24-2017 8:48 AM
0 Kudos

Hi Leandro,

We are facing the same error and tried the standard steps - did you get any solution to the issue.

Regards Subhro

Show replies
Show replies
Former Member
‎04-24-2017 6:45 PM
0 Kudos

Hi Subhro De,

Not yet! I asked them to increse the OpenSSH version level from 5.3 to 6.0. In addition, I generated a public key using this blog as a refrence - https://wiki.scn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+2


Once they update the OpenSSH, I will try to connect it using the key-based authentication. I will let you know if I get sucess ion this.

Are you getting the "is not available" error message for the algorithm negotiations?


--- SFTP Logs---
Check Ciphers
Check Kexes
Check Signatures

#Line 79: aes256-ctr is not available.
#Line 83: aes192-ctr is not available.
#Line 87: aes256-cbc is not available.
#Line 91: aes192-cbc is not available.
#Line 99: ecdh-sha2-nistp256 is not available.
#Line 103: ecdh-sha2-nistp384 is not available.
#Line 107: ecdh-sha2-nistp521 is not available.
#Line 115: ecdsa-sha2-nistp256 is not available.
#Line 119: ecdsa-sha2-nistp384 is not available.
#Line 123: ecdsa-sha2-nistp521 is not available.#


Which is the remote & local version in your scenario?

Thanks
Leandro Silva

Former Member
‎04-17-2017 3:53 PM
0 Kudos

Hi Manoj,

I just tried with user.sftp@domain.com and I got the same message.

Thanks,
Leandro Silva

Show replies
Show replies
manoj_khavatkopp
Active Contributor
‎04-17-2017 4:10 PM
0 Kudos

Leandro,

Try like this : Domain\UserID. Please share the screenshot of channel config too/

And also cross check how where you able to login into servre from OS level.

Br,

Manoj

Former Member
‎04-17-2017 5:33 PM
0 Kudos

Hi Manoj,

I just tried with the following ones

carta.web@domain.com
carta.web@IP
carta.web\domain.com
carta.web\IP

and for the directory

. (only dot)

/pdf
\pdf



OS level

Thanks,
Leandro Silva

Former Member
‎04-17-2017 5:51 PM
0 Kudos

Hi Manoj,

In addition, the SFTP server log & SAP PI log (defaulttrace-005-log.txt)

Apr 17 11:02:26 prd-custom-sftp01 sshd[15574]: pam_ldap: error trying to bind as user "uid=XXX.carta.web,ou=users,dc=XXXX,dc=com" (Invalid credentials)

Apr 17 11:02:28 prd-custom-sftp01 sshd[15574]: Failed password for XXX.carta.web from 191.240.XXX.XXX port 451XX ssh2

Apr 17 11:02:28 prd-custom-sftp01 sshd[15575]: Received disconnect from 191.240.XXX.XXX: 3: com.jcraft.jsch.JSchException: Auth cancel

Apr 17 11:03:26 prd-custom-sftp01 unix_chkpwd[15596]: password check failed for user (XXX.carta.web)

Apr 17 11:03:26 prd-custom-sftp01 sshd[15594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.240.XXX.XXX user=XXX.carta.web

looking inside the file SAP PI log, after the connection staslehd, I got the following messages

Line 79: aes256-ctr is not available.#
Line 83: aes192-ctr is not available.#
Line 87: aes256-cbc is not available.#
Line 91: aes192-cbc is not available.#
Line 99: ecdh-sha2-nistp256 is not available.#
Line 103: ecdh-sha2-nistp384 is not available.#
Line 107: ecdh-sha2-nistp521 is not available.#
Line 115: ecdsa-sha2-nistp256 is not available.#
Line 119: ecdsa-sha2-nistp384 is not available.#
Line 123: ecdsa-sha2-nistp521 is not available.#


manoj_khavatkopp
Active Contributor
‎04-18-2017 8:19 AM
0 Kudos

Leandro,

By looking at these below logs , looks like algorithm is not supported .

#2.0#2017 04 17 10:08:49:462#0-300#Info#com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger#
#BC-XI-CON-B2B#sap.com/com.sap.aii.adapter.sftp.app#C0000A640AC0282D0000000A0102009E#308156250002901570##com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger.log#J2EE_GUEST#0##9379DA2BF66811E68AA70E9DE8479F02#9379da2bf66811e68aa70e9de8479f02##0#XI SFTP2XI[CC_SFTP_SENDER_xxx_Test/ESB/]_37500#Plain##
aes256-ctr is not available.#

#2.0#2017 04 17 10:08:49:463#0-300#Info#com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger#
#BC-XI-CON-B2B#sap.com/com.sap.aii.adapter.sftp.app#C0000A640AC0282D0000000B0102009E#308156250002901570##com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger.log#J2EE_GUEST#0##9379DA2BF66811E68AA70E9DE8479F02#9379da2bf66811e68aa70e9de8479f02##0#XI SFTP2XI[CC_SFTP_SENDER_xxx_Test/ESB/]_37500#Plain##
aes192-ctr is not available.#

#2.0#2017 04 17 10:08:49:463#0-300#Info#com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger#
#BC-XI-CON-B2B#sap.com/com.sap.aii.adapter.sftp.app#C0000A640AC0282D0000000C0102009E#308156250002901570##com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger.log#J2EE_GUEST#0##9379DA2BF66811E68AA70E9DE8479F02#9379da2bf66811e68aa70e9de8479f02##0#XI SFTP2XI[CC_SFTP_SENDER_xxx_Test/ESB/]_37500#Plain##
aes256-cbc is not available.#

#2.0#2017 04 17 10:08:49:463#0-300#Info#com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger#
#BC-XI-CON-B2B#sap.com/com.sap.aii.adapter.sftp.app#C0000A640AC0282D0000000D0102009E#308156250002901570##com.sap.aii.adapter.sftp.ra.rar.integration.sftp.JSchXILogger.log#J2EE_GUEST#0##9379DA2BF66811E68AA70E9DE8479F02#9379da2bf66811e68aa70e9de8479f02##0#XI SFTP2XI[CC_SFTP_SENDER_xxx_Test/ESB/]_37500#Plain##
aes192-cbc is not available.#

This note may be helpful:

2344454 - "com.jcraft.jsch.JSchException: Algorithm negotiation fail" error in Message Monitoring while using SFTP Receiver Adapter

Br,

Manoj

Former Member
‎04-18-2017 1:52 PM
0 Kudos

Hi Manoj,

Yes! I will read this note and I will let you know.

Do you know if is possible to add any other algorithm by module?

Thanks a lot
Leandro Silva

Former Member
‎04-19-2017 1:49 PM
0 Kudos

Hi Manoj,

Our SFTP adapter is alredy on the latest SP04 & pacth 32 level! In addition, the "JCE Unlimited Strength Jurisdiction Policy" is updated as well! But the error message still ocurring.

Remote version: SSH-2.0-OpenSSH_5.3
Local version: SSH-2.0-JSCH-0.1.53

Do you think if they increase the OpenSSH version, will that solve it?

Thanks a lot!
Leandro Silva

Former Member
‎04-17-2017 2:09 PM
0 Kudos

Can be the user "user.sftp"? It contain a dot "."
I already asked another user with no dot "."

Show replies
Show replies
Ask a Question