Skip to main content
S
stevelogan19075
Inspiring
November 14, 2023
Question

CF2018 / CF2021 sFTP fail - Algorithm negotiation fail

  • November 14, 2023
  • 2 replies
  • 825 views

We connect to a partner organization daily to grab sets of files using sFTP.  We had received notice from them that they were deprecating ssh-rsa and only supporting rsa-sha2-256 and rsa-sha2-512 going forward.  Well the day has come and apparently CF2018 (and 2021) using ssh-rsa as our connections have failed. 

 

There's nothing in any documents or articles that we can find about switching, forcing or upgrading the CFFTP algorithm other than some bugs with CF2011 and a zlib jar. 

 

Any help or ideas on how to get around this? 

      This topic has been closed for replies.

      2 replies

      BKBK
      Community Expert
      BKBKCommunity Expert
      Community Expert
      April 5, 2024

      What error message do you get?

      S
      stevelogan19075Author
      Inspiring
      April 24, 2024

      We ended up switching to JSch (http://www.jcraft.com/jsch/) which supports more modern protocols than CF's built in sFTP capabilities.  Not only did they require us to switch to rsa-sha2-512, but also they're going to allow only hmac-sha2-256 and hmac-sha2-512 for handshakes going forward - something else that it seems ACF sFTP doens't support (or isn't documented)

      BKBK
      Community Expert
      BKBKCommunity Expert
      Community Expert
      April 24, 2024

      Thanks for the update and for sharing your insight. 

      S
      stevelogan19075Author
      Inspiring
      November 14, 2023

      When connecting with CoreFTP, the connection is:

      SH-2.0-SSHD  
diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,rsa2048-sha256,ecdh-sha2-nistp384,ext-info-s
diffie-hellman-group-exchange-sha256
rsa-sha2-512
ciphers selected: 
aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,des-cbc,des-cbc@ssh.com
client->server cipher: aes256-ctr
client->server mac: hmac-sha2-256
server->client cipher: aes256-ctr
server->client mac: hmac-sha2-256 
SHA1 23:0b:3e:35:a6:85:78:77:fd:a2:bb:13:a6:34:8a:98:05:8b:08:8b
sending password...
PWD  
Current directory is '/'
      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices