tag:help-archives.hannonhill.com,2010-02-09:/discussions/general/19652-password-character-restrictionsCascade CMS: Discussion 2016-06-20T21:00:24Ztag:help-archives.hannonhill.com,2010-02-09:Comment/357054542015-01-06T16:09:59Z2015-01-06T16:09:59ZPassword character restrictions?<div><p>Hi Jessica,</p>
<p>The error message:<br></p>
<pre>
<code>SFTP error occurred during SFTP Shuttle initialization: Algorithm negotiation fail</code>
</pre>
sounds like an issue with the key exchange algorithm. Can you tell
me if your client happens to be using OpenSSH 6.7? One thing we
found recently is that our 3rd party SFTP library (JSch) is not
compatible with the default settings for OpenSSH 6.7 as a couple of
default ciphers have been removed (specifically
<code>diffie-hellman-group1-sha1</code> and
<code>diffie-hellman-group-exchange-sha1</code>). The related bug
for JSch can be found <a href=
"http://sourceforge.net/p/jsch/bugs/79/">here</a>.
<p>We are still actively looking for ways around this, but in the
meantime, if this does end up being the issue you're running into,
the workaround for now will be to re-enable those 2 older ciphers I
mentioned above.</p>
<p>I'll wait to hear back from you.</p>
<p>Thanks!</p></div>Timtag:help-archives.hannonhill.com,2010-02-09:Comment/357054542015-01-06T19:58:41Z2015-01-06T19:58:41ZPassword character restrictions?<div><p>Hi Tim,</p>
<p>Thanks for your quick response! The client confirms they are
using openSSH 6.7.</p>
<p>Jessica Hayes<br>
Analyst, Web CMS Service<br>
3820 Chiles Road, 2nd Floor<br>
Information & Educational Technology<br>
University of California, Davis<br>
<a href="mailto:Jlhayes@ucdavis.edu">Jlhayes@ucdavis.edu</a><br>
530.752.2144</p></div>jlhayestag:help-archives.hannonhill.com,2010-02-09:Comment/357054542015-01-06T20:44:24Z2015-01-06T20:44:24ZPassword character restrictions?<div><p>Thanks for confirming, Jessica. Are they familiar with the
process of adding these key exchange algorithms back (temporarily)
until we're able to update our SFTP library? I believe they'll just
need to edit their <em>sshd_config</em>, add the 2 algorithms I
mentioned <a href=
"http://help.hannonhill.com/discussions/general/19652-password-character-restrictions#comment_35705706">
above</a>, then restart SSH Server.</p>
<p>In the meantime, our related issue for this is located <a href=
"https://hannonhill.jira.com/browse/CSI-839">here</a>. Keep an eye
on the Release Notes for any versions we make available to see if
this fix is included.</p>
<p>Let me know if you have any further questions.</p>
<p>Thanks!</p></div>Timtag:help-archives.hannonhill.com,2010-02-09:Comment/357054542015-01-07T22:29:15Z2015-01-07T22:29:15ZPassword character restrictions?<div><p>Tim,</p>
<p>My client has followed up with the the following message. Can
you offer any guidance on his request?</p>
<p>"We have temporary enabled the two key exchange algorithms Do
you know if there is a way to enable more verbose debug messages in
the CMS for the connection so we can see if that is not the only
issue?"</p></div>jlhayestag:help-archives.hannonhill.com,2010-02-09:Comment/357054542015-01-07T22:42:39Z2015-01-07T22:42:39ZPassword character restrictions?<div><p>Hey Jessica,</p>
<p>We do have a way of enabling some more logging for SFTP, but the
resulting messages are more related to the internal workings of
Cascade Server as opposed to the actual connection (so I don't
believe they would be of much assistance). However, if they want,
they can <a href=
"http://help.hannonhill.com/kb/frequently-asked-questions/how-do-i-enable-debug-logging-for-cascade-server">
enable DEBUG logging</a> for this class and then check the
<em>cascade.log</em> files after the error appears to see if it
contains any helpful messages:<br></p>
<pre>
<code>com.hannonhill.cascade.model.publish.transmit.SFTPShuttle</code>
</pre>
<p>If your client is still running into issues, I would recommend
doing the following:</p>
<ul>
<li>Enable the additional logging as mentioned above</li>
<li>Reproduce the problem and make a note of the time that the
error is displayed</li>
<li>Attach the <em>cascade.log</em> file from the day the issue was
replicated (and let us know the time the error was
encountered)</li>
<li>Attach the OpenSSH logs covering the time period when the error
message was encountered</li>
<li>Go back to the logging interface and click
<strong>Reset</strong> (this will make sure your log files aren't
filled with a bunch of extraneous messages used for debugging)</li>
</ul>
<p>Thanks!</p></div>Timtag:help-archives.hannonhill.com,2010-02-09:Comment/357054542016-06-20T20:37:32Z2016-06-20T21:00:00ZPassword character restrictions?<div><p>Hi Tim,</p>
<p>I'm re-opening this ticket because a user has a very similar
problem as outlined in the preceding ticket and I was wondering if
you might have some advice on other options to try.</p>
<p>Here's what he wrote to me:</p>
<hr>
<p>Getting this error on publish:</p>
<pre>
<code>There were destination failures during the publish. Jobs publishing to the same destination have been skipped for this publish.
• [dev1_cascade] : com.hannonhill.cascade.model.publish.transmit.ShuttleRuntimeException: SFTP error occurred during SFTP Shuttle initialization: Algorithm negotiation fail at com.hannonhill.cascade.model.publish.transmit.SFTPShuttle.initialize(SFTPShuttle.java:320) at com.hannonhill.cascade.model.publish.callback.TransmitCallbackImpl.executeAndRetry(TransmitCallbackImpl.java:257) at com.hannonhill.cascade.model.publish.callback.TransmitCallbackImpl.borrowShuttle(TransmitCallbackImpl.java:458) at com.hannonhill.cascade.model.publish.callback.TransmitCallbackImpl.transmit(TransmitCallbackImpl.java:92) at com.hannonhill.publish.Publisher$AggregateTransmitCallback.transmit(Publisher.java:1050) at com.hannonhill.publish.Publisher.transmit(Publisher.java:889) at com.hannonhill.publish.Publisher.publishInCurrentThread(Publisher.java:871) at com.hannonhill.publish.Publisher.access$1400(Publisher.java:69) at com.hannonhill.publish.Publisher$2.run(Publisher.java:683) at com.hannon!
hill.publish.DelegateRunner$1.run(DelegateRunner.java:85) at java.lang.Thread.run(Thread.java:745) Caused by: com.jcraft.jsch.JSchException: Algorithm negotiation fail at com.jcraft.jsch.Session.receive_kexinit(Session.java:520) at com.jcraft.jsch.Session.connect(Session.java:286) at com.jcraft.jsch.Session.connect(Session.java:150) at com.hannonhill.cascade.model.publish.transmit.SFTPShuttle.initialize(SFTPShuttle.java:295) ... 10 more</code>
</pre>
<p>I did some research and found:</p>
<p><a href="http://help.hannonhill.com/discussions/general/19652-password-character-restrictions">
http://help.hannonhill.com/discussions/general/19652-password-chara...</a></p>
<p>I fixed the sshd_config file, I think, yet the publish still
fails with the Algorithm fail. I added the following to the
sshd_config file:</p>
<p>KexAlgorithms
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1</p>
<p>I also tried this with just the sha1 entries of
diffie-hellman-group</p>
<hr>
<p>Any recommendations?</p>
<p>Thanks,<br>
Jessica</p></div>jlhayestag:help-archives.hannonhill.com,2010-02-09:Comment/357054542016-06-20T20:50:28Z2016-06-20T20:50:28ZPassword character restrictions?<div><p>Hi Tim,</p>
<p>The user just reported that they fixed the problem. Please
disregard this request.</p>
<p>Thanks,<br>
Jessica</p></div>jlhayestag:help-archives.hannonhill.com,2010-02-09:Comment/357054542016-06-20T21:00:23Z2016-06-20T21:00:23ZPassword character restrictions?<div><p>OK, thanks for the update, Jessica! Glad to hear things are
working properly.</p></div>Tim