IC85733: (SFTP) PARTNER HAS INTERMITTENT PROBLEM CONNECTING VIA SFTP
Direct links to fixes
Closed as program error.
We have a partner who is having intermittent trouble connecting to us because they are saying Secure Proxy is not returning the version message upon connecting. Below is what they said. We are on 3.3.01 on Linux. Protocol Version Exchange When the connection has been established, both sides MUST send an identification string. This identification string MUST be: SSH-protoversion-softwareversion SP comments CR LF Since the protocol being defined in this set of documents is version 2.0, the 'protoversion' MUST be "2.0". For whatever reason, EFT does not receive a VERSION message from the SSHD server and it drops the connection. If you look at the PCAP, you ll see an instance where the SSHD server does not send the SSH version string as the first bit of data upon connection. The EFT sends its version string and then starts the KEXINIT (key exchange init). The SSHD server starts out with KEXINIT with no version string and as a result causes the connection to drop due to the version string being too long.
New Fix Needed
SFTP Partner has intermittent problem connecting to SSP. When an SFTP client connects to the SSP SFTP adapter and already specifies an encryption method in its initial key exchange record, SSP does not return the server identification string as its first message to the client. Instead SSP responds with its own SSH key exchange (KEXINIT), which is out of order. The client software disconnects.
Updated the SSH toolkit, which contains the fix to ignore the encryption method if it appears in the first record at SFTP connection time.
Reported component name
STR SECURE PROX
Reported component ID
NoSpecatt / Xsystem
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
STR SECURE PROX
Fixed component ID
Applicable component levels