RA_FTP agent fails with error "Algorithm negotiation fail"
Article ID: 138591
Updated On:
Products
Issue/Introduction
RA_FTP SFTP agent jobs fail with error "Algorithm negotiation fail"
Error Message :
Algorithm negotiation fail
com.uc4.ftpjob.DataTransferException: Connection exception.
Caused by: com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:583)
or
java.lang.RuntimeException: java.lang.RuntimeException: com.jcraft.jsch.JSchException: Algorithm negotiation fail
Connecting to an FTP Server that only accepts diffie-hellman-group14-sha1 as the key exchange algorithm fails with the following errors.
com.uc4.ftpjob.DataTransferException: Connection exception.
at com.uc4.transfer.CITSFTPImpl.<init>(CITSFTPImpl.java:214)
at com.uc4.ftpjob.connections.ConnectionFactory$1.run(ConnectionFactory.java:61)
at java.lang.Thread.run(Unknown Source)
Caused by: com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:583)
at com.jcraft.jsch.Session.connect(Session.java:320)
at com.jcraft.jsch.Session.connect(Session.java:183)
at com.uc4.transfer.CITSFTPImpl.<init>(CITSFTPImpl.java:194)
... 2 more
- In the AWI, go to the Administration perspective
- Right-click the agent and choose "Advanced Options"
- Change ra to 9 and tcp/ip to 9 and click Apply
- Open the job definition in Process Assembly
- Go to the Rapid Automation tab and be sure that Write agent log to job report is checked; save the changes
- Run the job, reproducing the error
- Turn off agent traces by following steps 1 through 3, but changing the ra and tcp/ip settings to 0
shows something like this in the job report:
ciphers that are required on the server side in the job report:
2022-05-17 14:56:23 kex: server: diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
2022-05-17 14:56:23 kex: server: ssh-rsa
2022-05-17 14:56:23 kex: server: aes256-ctr,aes256-cbc,arcfour256
2022-05-17 14:56:23 kex: server: aes256-ctr,aes256-cbc,arcfour256
2022-05-17 14:56:23 kex: server: hmac-sha2-256,hmac-sha2-512,hmac-sha2-512-96,hmac-sha256
2022-05-17 14:56:23 kex: server: hmac-sha256,hmac-sha2-256,hmac-sha2-512,hmac-sha2-512-96
and which are available with the current setup on the RA FTP (client) side:
2022-05-17 14:56:23 kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
2022-05-17 14:56:23 kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
2022-05-17 14:56:23 kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
2022-05-17 14:56:23 kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
2022-05-17 14:56:23 kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
2022-05-17 14:56:23 kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
2022-05-17 14:56:23 kex: client: zlib@openssh.com,zlib,none
2022-05-17 14:56:23 kex: client: zlib@openssh.com,zlib,none
Environment
Release : 3.X, 4.X
Component : RA FTP agent
Resolution
If you are using the RA FTP agent (4.x), upgrade to the latest FTP Integration agent. This agent will have the newest jsch that has been released with an FTP solution.
Make sure you have Java Cryptography Extension (JCE) installed in order for the agent to run - this can be done by having Java 1.8 build 302 or higher (The latest compatible version of java is always recommended)
Link to Java Cryptography Extension (JCE): http://www.jcraft.com/jsch/
NOTE: all of the algorithms listed on the following page are supported: http://www.jcraft.com/jsch/
Feedback
