cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3995
Views
0
Helpful
2
Replies

sFTP Encryption

Cale Montgomery
Beginner
Beginner

We have an out-of-house entity who recently updated their sFTP encryption requirements to only allow the following:

sFTP.png

 

This has broken the sFTP job we have set up with them within CWA -- although FileZilla has no trouble connecting with that same account/password.

 

I've been going through our .properties files to see how we may have sFTP configured, but so far I've not found anything.  I've also been going through the user manuals, the installation manuals, and the process-tuning to locate more information on how sFTP is configured, but again I've not been able to gather any useful information.

 

There are some entries when it comes to encryption, but nothing that I've seen on that level of detail.

 

So I'm looking for more data on how CWA handles sFTP algorithms -- where those settings are stored, what limitations we're facing, what defaults the system would be using if we don't actually have anything currently set...

 

That sort of thing.  I do know that our CWA job is at least pushing AES, but nothing beyond that, and we were working fine up until their restrictions went into place.  Unfortunately, they've not been able to provide logging information on the failed attempts.

 

The error being returned is:

FTP JOB Failed : The negotiation of key exchange method has failed

 

Which is what I'd expect for a deficiency on our side regarding the SSH encryption method.

 

CWA Master Version 6.3.1.64

1 Accepted Solution

Accepted Solutions

Might as well close this out -- was able to get into the module installation, and was able to determine that the SSH adapter is providing Tidal with its encryption algorithms.

 

We are currently behind in our updates, but more recent versions should be able to apply the encryption standards that we're looking for.

View solution in original post

2 Replies 2

Cale Montgomery
Beginner
Beginner

Ah.  I seem to be getting closer.  Our Tidal rig appears to be limited to the Diffie-Hellman Group 14 algorithms, which in turn limits it to SHA-1 where the target server has now restricted us to SHA-256 or better.

 

I can see that we have an SSH adapter running for Tidal, but our license does not allow for that to be used in connections.

 

Which leads me to ask  -- when creating an sFTP job where an SSH connection is not being used, where does Tidal find its algorithms?  Is it from agents on the Tidal server itself, agents on the local connection being used in the job definition, or is the SSH adapter in Tidal being used despite not having a connection explicitly defined as using it?

Might as well close this out -- was able to get into the module installation, and was able to determine that the SSH adapter is providing Tidal with its encryption algorithms.

 

We are currently behind in our updates, but more recent versions should be able to apply the encryption standards that we're looking for.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: