RA_FTP SFTP agent jobs fail with error "Algorithm negotiation fail"
Error Message :
Algorithm negotiation fail
com.uc4.ftpjob.DataTransferException: Connection exception.
Caused by: com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:583)
or
java.lang.RuntimeException: java.lang.RuntimeException: com.jcraft.jsch.JSchException: Algorithm negotiation fail
Connecting to an FTP Server that only accepts diffie-hellman-group14-sha1 as the key exchange algorithm fails with the following errors.
shows something like this in the job report:
ciphers that are required on the server side in the job report:
2022-05-17 14:56:23 kex: server: diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
2022-05-17 14:56:23 kex: server: ssh-rsa
2022-05-17 14:56:23 kex: server: aes256-ctr,aes256-cbc,arcfour256
2022-05-17 14:56:23 kex: server: aes256-ctr,aes256-cbc,arcfour256
2022-05-17 14:56:23 kex: server: hmac-sha2-256,hmac-sha2-512,hmac-sha2-512-96,hmac-sha256
2022-05-17 14:56:23 kex: server: hmac-sha256,hmac-sha2-256,hmac-sha2-512,hmac-sha2-512-96
and which are available with the current setup on the RA FTP (client) side:
2022-05-17 14:56:23 kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
2022-05-17 14:56:23 kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
2022-05-17 14:56:23 kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
2022-05-17 14:56:23 kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
2022-05-17 14:56:23 kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
2022-05-17 14:56:23 kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
2022-05-17 14:56:23 kex: client: [email protected],zlib,none
2022-05-17 14:56:23 kex: client: [email protected],zlib,none
Release : 3.X, 4.X
Component : RA FTP agent
If you are using the RA FTP agent (4.x), upgrade to the latest FTP Integration agent. This agent will have the newest jsch that has been released with an FTP solution.
Make sure you have Java Cryptography Extension (JCE) installed in order for the agent to run.
Link to Java Cryptography Extension (JCE): http://www.jcraft.com/jsch/
NOTE: all of the algorithms listed on the following page are supported: http://www.jcraft.com/jsch/
If Oracle Java 1.8 update 151 (8u151) or later is being used, JCE does not require a separate installation.
In this case, set the following Security property in the java.security file:
crypto.policy=unlimited
Download the Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from Oracle Java SE download page under Additional Resources.
Unzip the downloaded file.
Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security directory to overwrite the existing JARS.
Once this is done you can set the following Security property in the java.security file:
crypto.policy=unlimited