Webmethods IS SFTP is not working on port 22 while other tool like putty, WinSCP & FileZilla can

Dear Expers,

In our webmethods IS server, the SFTP feature is not able to get the host key for our TP which is using port 22. The other port is working fine like 4045, 8122, 2022 etc.

This is the error that we got when trying to get the host key:

[ISS.0147.9010] Cannot get host key from server [202.162.17.180]:22. Details: com.jcraft.jsch.JSchException: Session.connect: java.net.SocketException: Software caused connection abort: recv failed

And this is the log in wrapper.log:
INFO | jvm 2 | 2017/10/31 10:52:05 | INFO: Connecting to 202.162.17.180 port 22
INFO | jvm 2 | 2017/10/31 10:52:07 | INFO: Connection established
INFO | jvm 2 | 2017/10/31 10:55:09 | INFO: Disconnecting from 202.162.17.180 port 22

We tried to copy the host key from other server which is working but again it is failing with the same error when trying to connect under SFTP user alias.

We tried to use other tools like WinSCP, putty and FileZilla on the same server, but they are working fine even for port 22.

Tried to see the packet using WireShark but found no useful information.
We noticed when using port 22, it is tried to connect via SSHv2 while other port is using normal TCP.

So just wondering whether webmethods IS 95 is not supporting SSHv2? Since other tools are working fine.

Does any one have this issue before? if yes how do you solve it?
Appreciate any comments/inputs.

Thank you,
Fanny T

PS: We are using webmethods 9.5 with the latest patch which is IS95 Core fix 14.


Hi Fanny,

please provide your wM version.

Also provide a list of installed fixes from UpdateManager for this instance.

There have been some issues with the SFTP feature in the past solved by various IS Core fixes (at least IS_9.5_SP1_Core Fix12 or newer, latest is Fix17 currently) and certain SCG_Third Party-Fixes (esp. SCG_9.5 SP1_TPL_Fix2), which updates the JCraft Secure Channel lib used internally by the SFTP feature.

Regards,
Holger

Please find the About Page and Fix List from Update manager in the attachment.
ISAbout_172_38_236_29_7030_1.txt (26.2 KB)
UpdateManager_172_38_236_29_7030.txt (2.79 KB)

Hi Fanny,

as listed in the About/Updates page as well as the UpdateManager Overview you have the neccessary Fixes applied.

“Broker JMS API Common Libraries 9.5.1 Fix1 9.5.1.0001-0200” is outdated and superceded by “Broker Java API Common Libraries 9.5.1 Fix6 9.5.1.0006-0457” and should have been removed according to the Readmes.

You will have to check with your SFTP Administrator what is different between IntegrationServer and the other Programs you tried.

Regards,
Holger

Hi All,

Just want to update that this issue has been resolved.

There are some application called IPS which block the SSH communication which contain the version string error/rejected.
Since the JSCH protocol is not recognized by TP’s SSH Tectia server, the IPS assumed that this communication is not secure then drop it.

The other protocol like WinSCP, putty and Filezilla are well recognized by the TP SSH Tectia server unlike JSCH.
After infra team allowed this SSH: Version String Rejected, the SFTP SSH communication from Webmethods to TPs are working fine.

Thanks again for all input.

Best Regards,
Fanny T