If you are using old releases of the SFTP Plugin, release 1.1 for BusinessWorks 5.X or release 6.1.x for BusinessWorks 6.X and BusinessWorks Container Edition, you likely need to upgrade to the latest version that is, as of this writing, release 1.1.1 for BusinessWorks 5.X and release 6.2.0 for BusinessWorks 6.X and BusinessWorks Container Edition.
But you may also face issues with the recent versions of the BusinessWorks Plugin for SFTP that are based on a fork of the JSCH open source library that disables signature algorithms that are no longer considered secure by the general cryptographic community (including RSA/SHA1).
The problem in the context of an integration platform is that you often need to connect to multiple SFTP servers, some recent ones where old algorithms like ssh-rsa are disabled and some old ones that do not support newer protocols.
While using a recent version of the Plugin for SFTP you will get an error message like the one below while trying to connect to an old server willing to use ssh-rsa:
com.jcraft.jsch.JSchAlgoNegoFailException: Algorithm negotiation fail: algorithmName=”server_host_key” jschProposal=”ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2–512,rsa-sha2–256" serverProposal=”ssh-rsa”
The good news is that it is possible to re-enable older protocols using some properties managed by the JSCH open source library.
Available properties to change JSCH behavior
The properties to use are the following:
jsch.server_host_key
jsch.client_pubkey
In the example below we keep all the protocols enabled by default and add the ssh-rsa protocol (at the end):
jsch.server_host_key=ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2–512,rsa-sha2–256,ssh-rsa
jsch.client_pubkey=ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2–512,rsa-sha2–256,ssh-rsa
You may also add the ssh-dss protocol in the same way if needed.
Note that there are other properties available to configure the behavior of the JSCH library and those properties may help to address other issues encountered with some SFTP servers (jsch.kex, jsch.cipher, etc…).
They are listed in the FAQ section of the JSCH open source page:
https://github.com/mwiede/jsch
Setting the properties in BusinessWorks 6.X context
In BusinessWorks 6.X context the properties can be set in different ways:
. They can be added in an appnode config.ini file to apply for a specific appnode
. They can also be added in the appnode_config.ini_template file of a given server from the <TIBCO_HOME>/bw/6.X/config directory to apply as default to all the appnodes of the server
Setting the properties in BusinessWorks 5.X context
In BusinessWorks 5.X they can be added in the bwengine.tra file using the java.property prefix like below:
java.property.jsch.server_host_key=ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2–512,rsa-sha2–256,ssh-rsa
java.property.jsch.client_pubkey=ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2–512,rsa-sha2–256,ssh-rsa
Once the bwengine.tra file has been updated, applications need to be redeployed for the changes to be taken into account.
They can also be set specifically for an application at deployment time using the solution described in the BusinessWorks 5.X documentation:
https://docs.tibco.com/pub/activematrix_businessworks/5.15.1/doc/html/wwhelp/wwhimpl/js/html/wwhelp.htm#href=tib_bw_administration/admin.4.64.htm
Other elements
The BusinessWorks Plugin for SFTP, release 1.1.1 for BusinessWorks 5.X is using JSCH version 0.2.13.
The BusinessWorks Plugin for SFTP, release 6.2.0 for BusinessWorks 6.X is using JSCH version 0.2.15.
Elements on the JSCH library used in the recent versions are available here:
https://github.com/mwiede/jsch/blob/master/ChangeLog.md
Elements on the JSCH library used in the older versions are available here:
http://www.jcraft.com/jsch/
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now