Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
392
Views
0
Helpful
0
Replies

CSCvj86877 - SFTP Connect Error

noc
Level 1
Level 1

‎11-16-2018 05:41 AM

Howdy,

 

For anyone that had to discover this the hard way, there is a workaround if you like to continue using SFTP repositories while having Patch 4 applied.

Having spent close to a day on that, it would appear that the problem is arround the host keys ISE is trying to use while opening the SFTP channel.

What i saw happening is that when you SSH from ISE on to the repository it uses ECDSA keys, where triggering SFTP connection was using RSA keys instead. This ultimetly triggers an error SSH Connect error as it did not match the known hosts keys as they are differnt

In our case we use a CentOS server as SFTP repository and simply turnig off negotiation of ECDSA in the /etc/ssh/sshd_config  and restarting the sshd service allows the SFTP connections to work as normal.

This is the settings we changed:

 

From:

 

HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

 

To:

HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

 

Although its not ideal, it allows to workaround the problem, while not reverting to say FTP.

 

Hopefulyl this will help others, as looking for "SSH Connection Error" did not bring this bug up.

 

Niko

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents