Getting Error when setup SFTP server in IS Admin

Fanny_Sari1 · January 18, 2024, 8:21am

Product/components used and version/fix level:

Product=webMethods Integration Server
Version=10.3.0.0
Updates=
Trading Networks Server 10.3 Fix 2
Trading Networks Server 10.3 Fix 1
IS_10.3_Core_Fix5
IS_10.3_SPM_Fix2|

Detailed explanation of the problem:

Hi Experts,

Good day and I hope you are doing well.

We got an error when trying to set up a new SFTP server in webMethods IS Admin.
During the SFTP setup in Settings > SFTP > > Edit (SFTP Server Alias Properties), we managed to get the host key, however, when trying to save it, the error came out.

Error messages / full error message screenshot / log file:

“[ISS.0147.9003] Cannot retrieve the host key from location /XXX/IntegrationServer/instances/default/config/sftp/temp/xxx_sftp_xxx_22. Details: Corrupt or unknown public key file format.”

When we checked the host key detail, it showed:
cat xxx_sftp_xxx_22
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBFB89QTrTxFRKPRoBSMBnc8txhKqJrHH4CQLAa3AojnZJQhWXaxRXz6LJ7fEsO54FjAK1ltqoTI3eGpbcnUbRY=

The other partner SFTP has ssh-rsa format for their public key which is working fine in our IS Admin server.

Does it mean our IS Admin server can’t support this algorithm?
“ecdsa-sha2-nistp256”

Has anyone encountered the same error like this before?
If yes, appreciate sharing the solution.

Thank you and Best Regards,
Fanny T

andrej.mondom · January 23, 2024, 11:33am

Hello Fanny,

Is the SFTP location by any chance hosted in Azure?
Try the following: save the key file (again) and edit it by replacing ecdsa-sha2-nistp256 with ssh-rsa. Now try to load it into the Host Key Location field.

As an alternative, use the ssh-keyscan to retrieve the public key. Typically, the server will offer multiple formats so select the ssh-rsa format, save to a file and then use it to configure your SFTP alias.

Fanny_Sari1 · January 25, 2024, 1:29am

Hi Andrej,

Thanks for the reply.
We are unsure if the SFTP server is hosted in Azure since it belongs to our Customer/Partner.
We received the SFTP host plus username and password.

Your solution is working and we have done it slightly differently.
*) During the “Create Server Alias” under “Settings>SFTP”, we used another SFTP host key file which was created using ssh-rsa and finally, we can save the SFTP Server Alias successfully.
*) And under “Settings > SFTP > User Alias Settings”, we set the “Strict Host Key Checking” to NO as the default is “YES”.
*) And “Voila”, when we tested “SFTP User Alias” worked successfully.

I have been told that this “ECDSA” algorithm is not supported by our webMethods version 10.3, but it will be supported in
10.13 onwards. Does anyone have a comment on this?

Anyway, hope this solution will work for others who have the same issue.

Thank you.

Best Regards,
Fanny T