Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4437
Views
0
Helpful
2
Replies

sFTP Encryption

Go to solution
Cale Montgomery
Level 1
Level 1

‎06-05-2018 12:22 PM - edited ‎03-01-2019 09:28 AM

We have an out-of-house entity who recently updated their sFTP encryption requirements to only allow the following:

sFTP.png

 

This has broken the sFTP job we have set up with them within CWA -- although FileZilla has no trouble connecting with that same account/password.

 

I've been going through our .properties files to see how we may have sFTP configured, but so far I've not found anything.  I've also been going through the user manuals, the installation manuals, and the process-tuning to locate more information on how sFTP is configured, but again I've not been able to gather any useful information.

 

There are some entries when it comes to encryption, but nothing that I've seen on that level of detail.

 

So I'm looking for more data on how CWA handles sFTP algorithms -- where those settings are stored, what limitations we're facing, what defaults the system would be using if we don't actually have anything currently set...

 

That sort of thing.  I do know that our CWA job is at least pushing AES, but nothing beyond that, and we were working fine up until their restrictions went into place.  Unfortunately, they've not been able to provide logging information on the failed attempts.

 

The error being returned is:

FTP JOB Failed : The negotiation of key exchange method has failed

 

Which is what I'd expect for a deficiency on our side regarding the SSH encryption method.

 

CWA Master Version 6.3.1.64

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Cale Montgomery
Level 1
Level 1
In response to Cale Montgomery

‎06-14-2018 06:06 AM

Might as well close this out -- was able to get into the module installation, and was able to determine that the SSH adapter is providing Tidal with its encryption algorithms.

 

We are currently behind in our updates, but more recent versions should be able to apply the encryption standards that we're looking for.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Cale Montgomery
Level 1
Level 1

‎06-06-2018 08:40 AM

Ah.  I seem to be getting closer.  Our Tidal rig appears to be limited to the Diffie-Hellman Group 14 algorithms, which in turn limits it to SHA-1 where the target server has now restricted us to SHA-256 or better.

 

I can see that we have an SSH adapter running for Tidal, but our license does not allow for that to be used in connections.

 

Which leads me to ask  -- when creating an sFTP job where an SSH connection is not being used, where does Tidal find its algorithms?  Is it from agents on the Tidal server itself, agents on the local connection being used in the job definition, or is the SSH adapter in Tidal being used despite not having a connection explicitly defined as using it?

0 Helpful

Go to solution
Cale Montgomery
Level 1
Level 1
In response to Cale Montgomery

‎06-14-2018 06:06 AM

Might as well close this out -- was able to get into the module installation, and was able to determine that the SSH adapter is providing Tidal with its encryption algorithms.

 

We are currently behind in our updates, but more recent versions should be able to apply the encryption standards that we're looking for.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card