Encountered an error below when creating SFTP Server Alias in webMethods IS.
Does anyone encountered below error?
Cannot get host key from server [sftp-hostname]:22. Details: com.jcraft.jsch.JSchException: connection is closed by foreign host
IS version: 9.8
There might be network issue or might be there are handshake errors…
Can you enable JSch handshake logs and post here? To enable handshake logs you have to set server property watt.ssh.jsch.logging = true.
The logs will be there in wrapper.log file.
INFO: Connecting to hostname.com port 22
INFO: Connection established
ssl_debug(71570): Starting handshake (iSaSiLk 3.03)…
ssl_debug(71570): IOException while handshaking: Connection closed by remote host.
ssl_debug(71570): Sending alert: Alert Fatal: handshake failure
ssl_debug(71570): Shutting down SSL layer…
ssl_debug(71570): Closing transport…
ssl_debug(71570): Closing transport…
……
……
….
ssl_debug(71593): Starting handshake (iSaSiLk 3.03)…
ssl_debug(71593): IOException while handshaking: Connection closed by remote host.
ssl_debug(71593): Sending alert: Alert Fatal: handshake failure
ssl_debug(71593): Shutting down SSL layer…
ssl_debug(71593): Closing transport…
ssl_debug(71593): Closing transport…
INFO: Disconnecting from hostname.com port 22
Hi,
are there any Fixes applied to your IS 9.8?
AFAIK there were some issues with the SFTP feature which were solved with some IS_Core and/or ThirdParty Fixes provided by SAG.
Can you try to connect to the SFTP server by using the following command to check its SSL/TLS status:
openssl s_client -showcerts -connect host:22
Might be an issue with some SSL related extended settings in your IS and/or key length or algorithm of the remote servers host key.
Regards,
Holger
Thank you Holger for your response.
In this case I would assume an issue with the SSHD config on the remote server.
You should check this with OS Admin of the remote server.
Eventually there might be an issue with the Java version used by your wM 9.8 installation not supporting the cipher specs your partner is requiring.
In this case it is recommended to update your environments to a more recent version of wM (I suggest wM 9.12 as minimum version, from where you can migrate to the wM 10.x stream later on.).
Regards,
Holger
Update…
Was able to create a connection in IS SFTP Server and User Alias but when Test button is clicked still encountered errors below which were taken from Error Logs.
ERRORMESSAGE
[ISS.0147.9011] Test of SFTP user alias UserAliasSFTP failed. Details: connection is closed by foreign host
Caused by: com.wm.app.b2b.server.sftp.client.SFTPClientException:
[ISS.0147.9011] Test of SFTP user alias UserAliasSFTP failed. Details: connection is closed by foreign host
Caused by: com.jcraft.jsch.JSchException: connection is closed by foreign host’
ERRSTACKTRACE
com.jcraft.jsch.JSchException: connection is closed by foreign host
at com.jcraft.jsch.Session.connect(Session.java:269)
at com.wm.app.b2b.server.sftp.client.SFTPClientManager.jschConnect(SFTPClientManager.java:837)
at com.wm.app.b2b.server.sftp.client.SFTPClientManager.connectWithoutProxy(SFTPClientManager.java:826)
at com.wm.app.b2b.server.sftp.client.SFTPClientManager.connect(SFTPClientManager.java:734)
at com.wm.app.b2b.server.sftp.client.SFTPClientManager.login(SFTPClientManager.java:598)
at com.wm.app.b2b.server.sftp.client.SFTPClientManager.testConnection(SFTPClientManager.java:648)
at wm.server.sftpclient.testConnection(sftpclient.java:361)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.wm.app.b2b.server.JavaService.baseInvoke(JavaService.java:441)
at com.wm.app.b2b.server.invoke.InvokeManager.process(InvokeManager.java:649)
at com.wm.app.b2b.server.util.tspace.ReservationProcessor.process(ReservationProcessor.java:39)
at com.wm.app.b2b.server.invoke.StatisticsProcessor.process(StatisticsProcessor.java:53)
at com.wm.app.b2b.server.invoke.ServiceCompletionImpl.process(ServiceCompletionImpl.java:243)
at com.wm.app.b2b.server.invoke.ValidateProcessor.process(ValidateProcessor.java:49)
at com.wm.app.b2b.server.invoke.PipelineProcessor.process(PipelineProcessor.java:171)
at com.wm.app.b2b.server.ACLManager.process(ACLManager.java:303)
at com.wm.app.b2b.server.invoke.DispatchProcessor.process(DispatchProcessor.java:34)
at com.wm.app.b2b.server.AuditLogManager.process(AuditLogManager.java:370)
at com.wm.app.b2b.server.invoke.InvokeManager.invoke(InvokeManager.java:548)
at com.wm.app.b2b.server.invoke.InvokeManager.invoke(InvokeManager.java:386)
at com.wm.app.b2b.server.ServiceManager.inv…<truncated
In this case you will have to contact the Admin of the SFTP-Server, if they have any informations for you from the SSHD-Log.
I would assume an handshaking issue due mismatch in TLS protocol versions supported by your JVM compared to those allowed by the SSH/SFTP-Server.
Regards,
Holger
Hi LL,
Apparently this is a clear issue of SSL handshake failure, and the client server failed to reach a mutually agreed protocol to use for the SFTP connection. If it’s possible for you to actually enable more detail debug logs like telling what are the SSL protocol negotiated between the client and the server, it would also help to understand more. Also getting info from the log of SFTP server side will help to unearth more details. I assumed this likely to be a configuration issue than an actual product defect.
I would also suggest to get this book if possible, as it’s quite handy to understand SSL/TLS related matters in details.
Thank you all for your responses.
Below actions were performed for our investigation on this incident.
Hi Leroux,
can you share some more details about your SFTP-User-Alias Config please?
As the error message indicates that you are able to reach out to the SFTP-Server but it is rejecting your connection attempt.
So there should be anything in the ssh logs on the AWS plattform for this server.
Can you check this with your TradingPartner?
Regards,
Holger