Password character restrictions?

jlhayes's Avatar

jlhayes

06 Jan, 2015 03:46 PM

I'm trying to help a client troubleshoot a Transport/Destination problem where, on test, they're receiving this error: SFTP error occurred during SFTP Shuttle initialization: Algorithm negotiation fail. As we try to narrow down the issue, one question raised was are there any characters that shouldn't be used for password? Such as empty character spaces or hyphens?

Thanks,
Jessica

  1. Support Staff 1 Posted by Tim on 06 Jan, 2015 04:09 PM

    Tim's Avatar

    Hi Jessica,

    The error message:

    SFTP error occurred during SFTP Shuttle initialization: Algorithm negotiation fail
    
    sounds like an issue with the key exchange algorithm. Can you tell me if your client happens to be using OpenSSH 6.7? One thing we found recently is that our 3rd party SFTP library (JSch) is not compatible with the default settings for OpenSSH 6.7 as a couple of default ciphers have been removed (specifically diffie-hellman-group1-sha1 and diffie-hellman-group-exchange-sha1). The related bug for JSch can be found here.

    We are still actively looking for ways around this, but in the meantime, if this does end up being the issue you're running into, the workaround for now will be to re-enable those 2 older ciphers I mentioned above.

    I'll wait to hear back from you.

    Thanks!

  2. 2 Posted by jlhayes on 06 Jan, 2015 07:58 PM

    jlhayes's Avatar

    Hi Tim,

    Thanks for your quick response! The client confirms they are using openSSH 6.7.

    Jessica Hayes
    Analyst, Web CMS Service
    3820 Chiles Road, 2nd Floor
    Information & Educational Technology
    University of California, Davis
    [email blocked]
    530.752.2144

  3. Support Staff 3 Posted by Tim on 06 Jan, 2015 08:44 PM

    Tim's Avatar

    Thanks for confirming, Jessica. Are they familiar with the process of adding these key exchange algorithms back (temporarily) until we're able to update our SFTP library? I believe they'll just need to edit their sshd_config, add the 2 algorithms I mentioned above, then restart SSH Server.

    In the meantime, our related issue for this is located here. Keep an eye on the Release Notes for any versions we make available to see if this fix is included.

    Let me know if you have any further questions.

    Thanks!

  4. 4 Posted by jlhayes on 07 Jan, 2015 10:29 PM

    jlhayes's Avatar

    Tim,

    My client has followed up with the the following message. Can you offer any guidance on his request?

    "We have temporary enabled the two key exchange algorithms Do you know if there is a way to enable more verbose debug messages in the CMS for the connection so we can see if that is not the only issue?"

  5. Support Staff 5 Posted by Tim on 07 Jan, 2015 10:42 PM

    Tim's Avatar

    Hey Jessica,

    We do have a way of enabling some more logging for SFTP, but the resulting messages are more related to the internal workings of Cascade Server as opposed to the actual connection (so I don't believe they would be of much assistance). However, if they want, they can enable DEBUG logging for this class and then check the cascade.log files after the error appears to see if it contains any helpful messages:

    com.hannonhill.cascade.model.publish.transmit.SFTPShuttle
    

    If your client is still running into issues, I would recommend doing the following:

    • Enable the additional logging as mentioned above
    • Reproduce the problem and make a note of the time that the error is displayed
    • Attach the cascade.log file from the day the issue was replicated (and let us know the time the error was encountered)
    • Attach the OpenSSH logs covering the time period when the error message was encountered
    • Go back to the logging interface and click Reset (this will make sure your log files aren't filled with a bunch of extraneous messages used for debugging)

    Thanks!

  6. Tim closed this discussion on 17 Apr, 2015 06:54 PM.

  7. jlhayes re-opened this discussion on 20 Jun, 2016 08:37 PM

  8. 6 Posted by jlhayes on 20 Jun, 2016 08:37 PM

    jlhayes's Avatar

    Hi Tim,

    I'm re-opening this ticket because a user has a very similar problem as outlined in the preceding ticket and I was wondering if you might have some advice on other options to try.

    Here's what he wrote to me:


    Getting this error on publish:

    There were destination failures during the publish. Jobs publishing to the same destination have been skipped for this publish.
        • [dev1_cascade] : com.hannonhill.cascade.model.publish.transmit.ShuttleRuntimeException: SFTP error occurred during SFTP Shuttle initialization: Algorithm negotiation fail at com.hannonhill.cascade.model.publish.transmit.SFTPShuttle.initialize(SFTPShuttle.java:320) at com.hannonhill.cascade.model.publish.callback.TransmitCallbackImpl.executeAndRetry(TransmitCallbackImpl.java:257) at com.hannonhill.cascade.model.publish.callback.TransmitCallbackImpl.borrowShuttle(TransmitCallbackImpl.java:458) at com.hannonhill.cascade.model.publish.callback.TransmitCallbackImpl.transmit(TransmitCallbackImpl.java:92) at com.hannonhill.publish.Publisher$AggregateTransmitCallback.transmit(Publisher.java:1050) at com.hannonhill.publish.Publisher.transmit(Publisher.java:889) at com.hannonhill.publish.Publisher.publishInCurrentThread(Publisher.java:871) at com.hannonhill.publish.Publisher.access$1400(Publisher.java:69) at com.hannonhill.publish.Publisher$2.run(Publisher.java:683) at com.hannon!
    hill.publish.DelegateRunner$1.run(DelegateRunner.java:85) at java.lang.Thread.run(Thread.java:745) Caused by: com.jcraft.jsch.JSchException: Algorithm negotiation fail at com.jcraft.jsch.Session.receive_kexinit(Session.java:520) at com.jcraft.jsch.Session.connect(Session.java:286) at com.jcraft.jsch.Session.connect(Session.java:150) at com.hannonhill.cascade.model.publish.transmit.SFTPShuttle.initialize(SFTPShuttle.java:295) ... 10 more
    

    I did some research and found:

    http://help.hannonhill.com/discussions/general/19652-password-chara...

    I fixed the sshd_config file, I think, yet the publish still fails with the Algorithm fail. I added the following to the sshd_config file:

    KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1

    I also tried this with just the sha1 entries of diffie-hellman-group


    Any recommendations?

    Thanks,
    Jessica

  9. 7 Posted by jlhayes on 20 Jun, 2016 08:50 PM

    jlhayes's Avatar

    Hi Tim,

    The user just reported that they fixed the problem. Please disregard this request.

    Thanks,
    Jessica

  10. Support Staff 8 Posted by Tim on 20 Jun, 2016 09:00 PM

    Tim's Avatar

    OK, thanks for the update, Jessica! Glad to hear things are working properly.

  11. Tim closed this discussion on 20 Jun, 2016 09:00 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac