RA_FTP SFTP agent jobs fail with error "Algorithm negotiation fail"
Error Message :
Algorithm negotiation fail
com.uc4.ftpjob.DataTransferException: Connection exception.
Caused by: com.jcraft.jsch.JSchException: Algorithm negotiation fail
at com.jcraft.jsch.Session.receive_kexinit(Session.java:583)
or
java.lang.RuntimeException: java.lang.RuntimeException: com.jcraft.jsch.JSchException: Algorithm negotiation fail
Connecting to an FTP Server that only accepts diffie-hellman-group14-sha1 as the key exchange algorithm fails with the following errors.
shows something like this in the job report:
ciphers that are required on the server side in the job report:
2022-05-17 14:56:23 kex: server: diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
2022-05-17 14:56:23 kex: server: ssh-rsa
2022-05-17 14:56:23 kex: server: aes256-ctr,aes256-cbc,arcfour256
2022-05-17 14:56:23 kex: server: aes256-ctr,aes256-cbc,arcfour256
2022-05-17 14:56:23 kex: server: hmac-sha2-256,hmac-sha2-512,hmac-sha2-512-96,hmac-sha256
2022-05-17 14:56:23 kex: server: hmac-sha256,hmac-sha2-256,hmac-sha2-512,hmac-sha2-512-96
and which are available with the current setup on the RA FTP (client) side:
2022-05-17 14:56:23 kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
2022-05-17 14:56:23 kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
2022-05-17 14:56:23 kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
2022-05-17 14:56:23 kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
2022-05-17 14:56:23 kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
2022-05-17 14:56:23 kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
2022-05-17 14:56:23 kex: client: [email protected],zlib,none
2022-05-17 14:56:23 kex: client: [email protected],zlib,none
Release : 3.X, 4.X
Component : RA FTP agent
Make sure you have Java Cryptography Extension (JCE) installed in order for the agent to run.
Link to Java Cryptography Extension (JCE): http://www.jcraft.com/jsch/
NOTE: all of the algorithms listed on the following page are supported: http://www.jcraft.com/jsch/
If Oracle Java 1.8 update 151 (8u151) or later is being used, JCE does not require a separate installation.
In this case, set the following Security property in the java.security file:
crypto.policy=unlimited
Download the Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from Oracle Java SE download page under Additional Resources.
Unzip the downloaded file.
Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security directory to overwrite the existing JARS.
Once this is done you can set the following Security property in the java.security file:
crypto.policy=unlimited