The TIBCO Platform is a real-time, composable data platform that will bring together an evolving set of your TIBCO solutions - and it's available now!
A chart showing the TIBCO Platform vision
Jump to content
Articles
Read more about TIBCO use cases, product features, capabilities and more
  • If you are using old releases of the SFTP Plugin, release 1.1 for BusinessWorks 5.X or release 6.1.x for BusinessWorks 6.X and BusinessWorks Container Edition, you likely need to upgrade to the latest version that is, as of this writing, release 1.1.1 for BusinessWorks 5.X and release 6.2.0 for BusinessWorks 6.X and BusinessWorks Container Edition.

    But you may also face issues with the recent versions of the BusinessWorks Plugin for SFTP that are based on a fork of the JSCH open source library that disables signature algorithms that are no longer considered secure by the general cryptographic community (including RSA/SHA1).

    The problem in the context of an integration platform is that you often need to connect to multiple SFTP servers, some recent ones where old algorithms like ssh-rsa are disabled and some old ones that do not support newer protocols.

    While using a recent version of the Plugin for SFTP you will get an error message like the one below while trying to connect to an old server willing to use ssh-rsa:

    com.jcraft.jsch.JSchAlgoNegoFailException: Algorithm negotiation fail: algorithmName=”server_host_key” jschProposal=”ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2–512,rsa-sha2–256" serverProposal=”ssh-rsa”

    The good news is that it is possible to re-enable older protocols using some properties managed by the JSCH open source library.

    Available properties to change JSCH behavior

    The properties to use are the following:
    jsch.server_host_key
    jsch.client_pubkey

    In the example below we keep all the protocols enabled by default and add the ssh-rsa protocol (at the end):

    jsch.server_host_key=ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2–512,rsa-sha2–256,ssh-rsa

    jsch.client_pubkey=ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2–512,rsa-sha2–256,ssh-rsa

    You may also add the ssh-dss protocol in the same way if needed.

    Note that there are other properties available to configure the behavior of the JSCH library and those properties may help to address other issues encountered with some SFTP servers (jsch.kex, jsch.cipher, etc…).

    They are listed in the FAQ section of the JSCH open source page:
    https://github.com/mwiede/jsch

    Setting the properties in BusinessWorks 6.X context

    In BusinessWorks 6.X context the properties can be set in different ways:

    . They can be added in an appnode config.ini file to apply for a specific appnode

    . They can also be added in the appnode_config.ini_template file of a given server from the <TIBCO_HOME>/bw/6.X/config directory to apply as default to all the appnodes of the server

    Setting the properties in BusinessWorks 5.X context

    In BusinessWorks 5.X they can be added in the bwengine.tra file using the java.property prefix like below:

    java.property.jsch.server_host_key=ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2–512,rsa-sha2–256,ssh-rsa
    java.property.jsch.client_pubkey=ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2–512,rsa-sha2–256,ssh-rsa

    Once the bwengine.tra file has been updated, applications need to be redeployed for the changes to be taken into account.

    They can also be set specifically for an application at deployment time using the solution described in the BusinessWorks 5.X documentation:
    https://docs.tibco.com/pub/activematrix_businessworks/5.15.1/doc/html/wwhelp/wwhimpl/js/html/wwhelp.htm#href=tib_bw_administration/admin.4.64.htm

    Other elements

    The BusinessWorks Plugin for SFTP, release 1.1.1 for BusinessWorks 5.X is using JSCH version 0.2.13.

    The BusinessWorks Plugin for SFTP, release 6.2.0 for BusinessWorks 6.X is using JSCH version 0.2.15.

    Elements on the JSCH library used in the recent versions are available here:
    https://github.com/mwiede/jsch/blob/master/ChangeLog.md

    Elements on the JSCH library used in the older versions are available here:
    http://www.jcraft.com/jsch/


    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...