IBM Support

SFTP Client Begin Session Service - com.maverick.ssh.SshException: Failed to read remote identification [Unknown cause]

Troubleshooting


Problem

This error occurs as an indication that the remote server may be too busy to handle inbound connections or has set a certain limitations for the connections. Customer is using Sterling B2B Integrator SFTP Client (SB2BI) to send data to the remote SFTP server that is a pSeries LPAR running in the IBM Cloud Managed Services Boulder Data Center (CMS BLD LPAR) and getting intermittent outbound SFTP connection error in the SFTP Client Begin Session Service step with the error message of com.maverick.ssh.SshException: Failed to read remote identification [Unknown cause].

Symptom

Observations:

1. Network packet traces taken on SB2BI SFTP client side and on the CMS BLD LPAR server side both showed CMS BLD LPAR server side closed the connection immediately upon SB2BI SFTP client connect (i.e., before SSH Handshake banner message from SFTP Server)


The network packet traces from client and server sides both show server sending FIN, ACK and SB2BI as a SFTP Client then closed the connection with ACK and FIN,ACK.

2. sshd server on CMS BLD LPAR was overloaded and closed the connection as soon as SB2BI SFTP client opened.

NOTE: This is also an indication that the remote server may be too busy to handle inbound connections or has set a certain limitations for the connections.

Cause

The remote server may be too busy to handle inbound connections or has set a certain limitations for the connections.

MaxStartups in the /etc/ssh/sshd_config file on the AIX LPAR was set at a default value:

i.e.

[xxxxxxxxxx:/home/ibmadmin] grep -i maxstart /etc/ssh/sshd_config
#MaxStartups 10
[xxxxxxxxxx:/home/ibmadmin]

NOTE: If it's too small, sshd will randomly close new connection requests until enough of the connection request backlog is dealt with.

In this case, the customer using SB2BI SFTP Client was sending a larger batch of data each time and the server side had the above parameter setup that is the default and too low to handle large batch of connections and thus causing the maverick error of: com.maverick.ssh.SshException: Failed to read remote identification.

Diagnosing The Problem

Check MaxStartups in the /etc/ssh/sshd_config file on the AIX LPAR

Resolving The Problem

Increase MaxStartups in the /etc/ssh/sshd_config file on the AIX LPAR.

You'll have to stop and restart the sshd server for the change to take effect.
This will not impact existing ssh sessions.

stopsrc -s sshd
startsrc -s sshd

If the trading partner involved is using the IBM Cloud Managed Services Boulder Data Center, the trading partner would need to open an IBM Support Request to engage other IBM team to assist further by reviewing the network packet traces, server side settings such as the MaxStartups in the /etc/ssh/sshd_config file on the AIX LPAR, etc.

[{"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Adapters","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"}],"Version":"5.2.6;5.2.5;5.2.4;5.2.3;5.2.2;5.2.1;5.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Historical Number

28229.004.000;33122.122.000

Product Synonym

AIX;Peoplesoft;AIX LPAR;Cloud Managed Services;Sterling B2B Integrator;SB2BI;SI

Document Information

Modified date:
14 November 2019

UID

swg21988981