SFTP Connection and Encryption Algorithms
After the August 2023 upgrade, our SFTP connections started failing due to the deprecation of some default signature protocols. I believe this happened with the 4.33 GA release. To get around this issue, we updated our snaplex node properties to include the jcc.jvm_option at the bottom of this message. Once we put this jvm_option in place, we were able to successfully connect with our partner SFTP server.
Since then, we have been working with our partners to have them update their SFTP key exchanges. We have one partner left that we still cannot connect with when we remove the jvm_option and use the default protocols that SnapLogic provides.
Here are log snippets from our partner when we include the option and when we remove the option. Can you advise me on what I can recommend to our partner so that we can remove the jvm_option and be able to connect with them successfully?
jcc.jvm_options
-Dsftp.server_host_key=ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 -Dsftp.client_pubkey=ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 -Dsftp.kex=ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group18-sha512,ext-info-c -Dsftp.check_kexes=diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
Log when override is implemented and a successful connection is established
Log when override is removed and a successful connection cannot be established