• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
2

CF2018 / CF2021 sFTP fail - Algorithm negotiation fail

Explorer ,
Nov 14, 2023 Nov 14, 2023

Copy link to clipboard

Copied

We connect to a partner organization daily to grab sets of files using sFTP.  We had received notice from them that they were deprecating ssh-rsa and only supporting rsa-sha2-256 and rsa-sha2-512 going forward.  Well the day has come and apparently CF2018 (and 2021) using ssh-rsa as our connections have failed. 

 

There's nothing in any documents or articles that we can find about switching, forcing or upgrading the CFFTP algorithm other than some bugs with CF2011 and a zlib jar. 

 

Any help or ideas on how to get around this? 

Views

145

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Nov 14, 2023 Nov 14, 2023

Copy link to clipboard

Copied

When connecting with CoreFTP, the connection is:

SH-2.0-SSHD  
diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,rsa2048-sha256,ecdh-sha2-nistp384,ext-info-s
diffie-hellman-group-exchange-sha256
rsa-sha2-512
ciphers selected: 
aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,des-cbc,des-cbc@ssh.com
client->server cipher: aes256-ctr
client->server mac: hmac-sha2-256
server->client cipher: aes256-ctr
server->client mac: hmac-sha2-256 
SHA1 23:0b:3e:35:a6:85:78:77:fd:a2:bb:13:a6:34:8a:98:05:8b:08:8b
sending password...
PWD  
Current directory is '/' 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Apr 05, 2024 Apr 05, 2024

Copy link to clipboard

Copied

What error message do you get?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Apr 24, 2024 Apr 24, 2024

Copy link to clipboard

Copied

We ended up switching to JSch (http://www.jcraft.com/jsch/) which supports more modern protocols than CF's built in sFTP capabilities.  Not only did they require us to switch to rsa-sha2-512, but also they're going to allow only hmac-sha2-256 and hmac-sha2-512 for handshakes going forward - something else that it seems ACF sFTP doens't support (or isn't documented)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Apr 24, 2024 Apr 24, 2024

Copy link to clipboard

Copied

LATEST

Thanks for the update and for sharing your insight. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation