Password character restrictions?
I'm trying to help a client troubleshoot a Transport/Destination problem where, on test, they're receiving this error: SFTP error occurred during SFTP Shuttle initialization: Algorithm negotiation fail. As we try to narrow down the issue, one question raised was are there any characters that shouldn't be used for password? Such as empty character spaces or hyphens?
Thanks,
Jessica
Discussions are closed to public comments.
If you need help with Cascade CMS please
start a new discussion.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tim on 06 Jan, 2015 04:09 PM
Hi Jessica,
The error message:
sounds like an issue with the key exchange algorithm. Can you tell me if your client happens to be using OpenSSH 6.7? One thing we found recently is that our 3rd party SFTP library (JSch) is not compatible with the default settings for OpenSSH 6.7 as a couple of default ciphers have been removed (specificallydiffie-hellman-group1-sha1
anddiffie-hellman-group-exchange-sha1
). The related bug for JSch can be found here.We are still actively looking for ways around this, but in the meantime, if this does end up being the issue you're running into, the workaround for now will be to re-enable those 2 older ciphers I mentioned above.
I'll wait to hear back from you.
Thanks!
2 Posted by jlhayes on 06 Jan, 2015 07:58 PM
Hi Tim,
Thanks for your quick response! The client confirms they are using openSSH 6.7.
Jessica Hayes
Analyst, Web CMS Service
3820 Chiles Road, 2nd Floor
Information & Educational Technology
University of California, Davis
[email blocked]
530.752.2144
Support Staff 3 Posted by Tim on 06 Jan, 2015 08:44 PM
Thanks for confirming, Jessica. Are they familiar with the process of adding these key exchange algorithms back (temporarily) until we're able to update our SFTP library? I believe they'll just need to edit their sshd_config, add the 2 algorithms I mentioned above, then restart SSH Server.
In the meantime, our related issue for this is located here. Keep an eye on the Release Notes for any versions we make available to see if this fix is included.
Let me know if you have any further questions.
Thanks!
4 Posted by jlhayes on 07 Jan, 2015 10:29 PM
Tim,
My client has followed up with the the following message. Can you offer any guidance on his request?
"We have temporary enabled the two key exchange algorithms Do you know if there is a way to enable more verbose debug messages in the CMS for the connection so we can see if that is not the only issue?"
Support Staff 5 Posted by Tim on 07 Jan, 2015 10:42 PM
Hey Jessica,
We do have a way of enabling some more logging for SFTP, but the resulting messages are more related to the internal workings of Cascade Server as opposed to the actual connection (so I don't believe they would be of much assistance). However, if they want, they can enable DEBUG logging for this class and then check the cascade.log files after the error appears to see if it contains any helpful messages:
If your client is still running into issues, I would recommend doing the following:
Thanks!
Tim closed this discussion on 17 Apr, 2015 06:54 PM.
jlhayes re-opened this discussion on 20 Jun, 2016 08:37 PM
6 Posted by jlhayes on 20 Jun, 2016 08:37 PM
Hi Tim,
I'm re-opening this ticket because a user has a very similar problem as outlined in the preceding ticket and I was wondering if you might have some advice on other options to try.
Here's what he wrote to me:
Getting this error on publish:
I did some research and found:
http://help.hannonhill.com/discussions/general/19652-password-chara...
I fixed the sshd_config file, I think, yet the publish still fails with the Algorithm fail. I added the following to the sshd_config file:
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
I also tried this with just the sha1 entries of diffie-hellman-group
Any recommendations?
Thanks,
Jessica
7 Posted by jlhayes on 20 Jun, 2016 08:50 PM
Hi Tim,
The user just reported that they fixed the problem. Please disregard this request.
Thanks,
Jessica
Support Staff 8 Posted by Tim on 20 Jun, 2016 09:00 PM
OK, thanks for the update, Jessica! Glad to hear things are working properly.
Tim closed this discussion on 20 Jun, 2016 09:00 PM.