search

wso2 / product-micro-integrator

The cloud-native configuration driven runtime that helps developers implement composite microservices.
https://wso2.com/integration/
Apache License 2.0
204 stars 221 forks source link

Solving SFTP Connection Issues in WSO2 Micro Integrator 4.3.0 Due to Host Key Algorithm Mismatch #3730

Open BechtelCanDoIt opened 1 month ago

BechtelCanDoIt commented 1 month ago

Description

Recently ran into an old sftp server while connecting MI 4.3 utilizing VFS and couldn't get past this phase:

2024-10-17 15:44:15,079] INFO {SftpClientFactory} - SSH_MSG_KEX_ECDH_INIT sent [2024-10-17 15:44:15,079] INFO {SftpClientFactory} - expecting SSH_MSG_KEX_ECDH_REPLY [2024-10-17 15:44:15,080] INFO {SftpClientFactory} - Disconnecting from ...

Once these JAVA_OPTS were added it worked successfully.

JAVA_OPTS: " -Djsch.client_pubkey=ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256 -Djsch.server_host_key=ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa"

Steps to Reproduce

Related to a client server so unable to reproduce.

Affected Component

MI

Version

4.3

Environment Details (with versions)

WSO2 Micro Integrator version 4.3.0 and File Connector v4.0.28

Relevant Log Output

[2024-10-17 15:44:14,856]  INFO {SftpClientFactory} - Connecting to [REDACTED] port 22
[2024-10-17 15:44:14,876]  INFO {SftpClientFactory} - Connection established
[2024-10-17 15:44:15,047]  INFO {SftpClientFactory} - Remote version string: SSH-2.0-mod_sftp/0.9.9
[2024-10-17 15:44:15,047]  INFO {SftpClientFactory} - Local version string: SSH-2.0-JSCH_0.2.4
[2024-10-17 15:44:15,047]  INFO {SftpClientFactory} - CheckCiphers: chacha20-poly1305@openssh.com
[2024-10-17 15:44:15,047]  INFO {SftpClientFactory} - CheckKexes: curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512
[2024-10-17 15:44:15,051]  INFO {SftpClientFactory} - curve25519-sha256 is not available.
[2024-10-17 15:44:15,051]  INFO {SftpClientFactory} - curve25519-sha256@libssh.org is not available.
[2024-10-17 15:44:15,051]  INFO {SftpClientFactory} - curve448-sha512 is not available.
[2024-10-17 15:44:15,051]  INFO {SftpClientFactory} - CheckSignatures: ssh-ed25519,ssh-ed448
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - ssh-ed25519 is not available.
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - ssh-ed448 is not available.
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - SSH_MSG_KEXINIT sent
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - SSH_MSG_KEXINIT received
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: server: diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: server: ssh-rsa,ssh-dss
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: server: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-ctr,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,3des-ctr,3des-cbc
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: server: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-ctr,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,3des-ctr,3des-cbc
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: server: hmac-sha2-256,hmac-sha2-512,hmac-md5,hmac-md5-96,hmac-ripemd160,umac-64@openssh.com
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: server: hmac-sha2-256,hmac-sha2-512,hmac-md5,hmac-md5-96,hmac-ripemd160,umac-64@openssh.com
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: server: none
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: server: none
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: server:
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: server:
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: client:
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: client: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: client: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: client: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: client: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: client: none
[2024-10-17 15:44:15,052]  INFO {SftpClientFactory} - kex: client: none
[2024-10-17 15:44:15,053]  INFO {SftpClientFactory} - kex: client:
[2024-10-17 15:44:15,053]  INFO {SftpClientFactory} - kex: client:
[2024-10-17 15:44:15,053]  INFO {SftpClientFactory} - kex: algorithm: ecdh-sha2-nistp256
[2024-10-17 15:44:15,053]  INFO {SftpClientFactory} - kex: host key algorithm:
[2024-10-17 15:44:15,053]  INFO {SftpClientFactory} - kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
[2024-10-17 15:44:15,053]  INFO {SftpClientFactory} - kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
[2024-10-17 15:44:15,079]  INFO {SftpClientFactory} - SSH_MSG_KEX_ECDH_INIT sent
[2024-10-17 15:44:15,079]  INFO {SftpClientFactory} - expecting SSH_MSG_KEX_ECDH_REPLY
[2024-10-17 15:44:15,080]  INFO {SftpClientFactory} - Disconnecting from [REDACTED] port 22
[2024-10-17 15:44:15,085] ERROR {SFTPConnectionFactory} - Error while validating the connection org.apache.commons.vfs2.FileSystemException: Could not connect to SFTP server at "{org.apache.commons.vfs2.provider.sftp.SftpFileSystem.avoidpermissioncheck=true, org.apache.commons.vfs2.provider.sftp.SftpFileSystem.org.apache.commons.vfs2.provider.sftp.SftpFileSystemConfigBuilder.STRICT_HOST_KEY_CHECKING=no, org.apache.commons.vfs2.provider.sftp.SftpFileSystem.org.apache.commons.vfs2.provider.sftp.SftpFileSystemConfigBuilder.TIMEOUT=150000, org.apache.commons.vfs2.provider.sftp.SftpFileSystem.org.apache.commons.vfs2.provider.sftp.SftpFileSystemConfigBuilder.USER_DIR_IS_ROOT=true}".
        at org.apache.commons.vfs2.provider.sftp.SftpClient.ensureSession(SftpClient.java:106)
        at org.apache.commons.vfs2.provider.sftp.SftpClient.<init>(SftpClient.java:42)
        at org.apache.commons.vfs2.provider.sftp.SftpFileSystem.<init>(SftpFileSystem.java:60)
        at org.apache.commons.vfs2.provider.sftp.SftpFileProvider.doCreateFileSystem(SftpFileProvider.java:71)
        at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.getFileSystem(AbstractOriginatingFileProvider.java:158)
        at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.findFile(AbstractOriginatingFileProvider.java:112)
        at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.findFile(AbstractOriginatingFileProvider.java:82)
        at org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:796)
        at org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:658)
        at org.wso2.carbon.connector.connection.SFTPConnectionFactory.validateObject(SFTPConnectionFactory.java:54)
        at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1198)
        at org.wso2.carbon.connector.core.pool.ConnectionPool.borrowObject(ConnectionPool.java:143)
        at org.wso2.carbon.connector.core.connection.ConnectionHandler.getConnection(ConnectionHandler.java:196)
        at org.wso2.carbon.connector.operations.ListFiles.connect(ListFiles.java:112)
        at org.wso2.carbon.connector.core.AbstractConnector.mediate(AbstractConnector.java:32)
        at org.apache.synapse.mediators.ext.ClassMediator.updateInstancePropertiesAndMediate(ClassMediator.java:178)
        at org.apache.synapse.mediators.ext.ClassMediator.mediate(ClassMediator.java:97)
        at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:126)
        at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:74)
        at org.apache.synapse.mediators.template.TemplateMediator.mediate(TemplateMediator.java:147)
        at org.apache.synapse.mediators.template.InvokeMediator.mediate(InvokeMediator.java:180)
        at org.apache.synapse.mediators.template.InvokeMediator.mediate(InvokeMediator.java:96)
        at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:126)
        at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:74)
        at org.apache.synapse.mediators.template.TemplateMediator.mediate(TemplateMediator.java:147)
        at org.apache.synapse.mediators.template.InvokeMediator.mediate(InvokeMediator.java:180)
        at org.apache.synapse.mediators.template.InvokeMediator.mediate(InvokeMediator.java:96)
        at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:126)
        at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:74)
        at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
        at org.apache.synapse.api.Resource.process(Resource.java:351)
        at org.apache.synapse.api.API.process(API.java:462)
        at org.apache.synapse.api.AbstractApiHandler.apiProcess(AbstractApiHandler.java:95)
        at org.apache.synapse.api.AbstractApiHandler.dispatchToAPI(AbstractApiHandler.java:73)
        at org.apache.synapse.api.rest.RestRequestHandler.dispatchToAPI(RestRequestHandler.java:90)
        at org.apache.synapse.api.rest.RestRequestHandler.process(RestRequestHandler.java:76)
        at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:54)
        at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:350)
        at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:101)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
        at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:401)
        at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:460)
        at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:208)
        at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.apache.commons.vfs2.FileSystemException: Could not connect to SFTP server at "[REDACTED]".
        at org.apache.commons.vfs2.provider.sftp.SftpClientFactory.createConnection(SftpClientFactory.java:164)
        at org.apache.commons.vfs2.provider.sftp.SftpClient.ensureSession(SftpClient.java:100)
        ... 46 more
Caused by: com.jcraft.jsch.JSchException: SSH_MSG_DISCONNECT: 11 Application error en-US
        at com.jcraft.jsch.Session.read(Session.java:1263)
        at com.jcraft.jsch.Session.connect(Session.java:337)
        at com.jcraft.jsch.Session.connect(Session.java:194)
        at org.apache.commons.vfs2.provider.sftp.SftpClientFactory.createConnection(SftpClientFactory.java:162)
        ... 47 more

Related Issues

https://github.com/wso2/api-manager/issues/1160

Suggested Labels

No response