Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Since upgrading to Lucee 5.4.3.2 we can not get sFTP to connect successfully to a server

Description

A previously functioning task has stopped working since upgrading from 5.3.8.206 to 5.4.3.2. Problem seems to be with a new version of a library in the current version. If we take the script back to an older version it runs fine and does what it should.

Error is as follows:
com.jcraft.jsch.JSchException: Auth fail for methods 'publickey'

lucee.runtime.exp.NativeException: com.jcraft.jsch.JSchException: Auth fail for methods 'publickey' at lucee.runtime.net.ftp.SFTPClientImpl.handleFail(SFTPClientImpl.java:394) at lucee.runtime.net.ftp.SFTPClientImpl.connect(SFTPClientImpl.java:117) at lucee.runtime.net.ftp.FTPWrap.connect(FTPWrap.java:118) at lucee.runtime.net.ftp.FTPWrap.<init>(FTPWrap.java:61) at lucee.runtime.net.ftp.FTPPoolImpl._get(FTPPoolImpl.java:83) at lucee.runtime.net.ftp.FTPPoolImpl.get(FTPPoolImpl.java:38) at lucee.runtime.tag.Ftp.getClient(Ftp.java:498) at lucee.runtime.tag.Ftp.actionOpen(Ftp.java:622) at lucee.runtime.tag.Ftp.doEndTag(Ftp.java:179) at tasks.aim.pull_files_cfm$cf$1z0.call(/tasks/AIM/pull_files.cfm:9) at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:1056) at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:948) at lucee.runtime.listener.ModernAppListener._onRequest(ModernAppListener.java:219) at lucee.runtime.listener.MixedAppListener.onRequest(MixedAppListener.java:44) at lucee.runtime.PageContextImpl.execute(PageContextImpl.java:2493) at lucee.runtime.PageContextImpl._execute(PageContextImpl.java:2478) at lucee.runtime.PageContextImpl.executeCFML(PageContextImpl.java:2449) at lucee.runtime.engine.Request.exe(Request.java:45) at lucee.runtime.engine.CFMLEngineImpl._service(CFMLEngineImpl.java:1216) at lucee.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:1162) at lucee.loader.engine.CFMLEngineWrapper.serviceCFML(CFMLEngineWrapper.java:102) at lucee.loader.servlet.CFMLServlet.service(CFMLServlet.java:51) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:528) at org.apache.coyote.ajp.AbstractAjpProcessor.process(AbstractAjpProcessor.java:872) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1520) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1476) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: java.io.IOException: com.jcraft.jsch.JSchException: Auth fail for methods 'publickey' ... 43 more Caused by: com.jcraft.jsch.JSchException: Auth fail for methods 'publickey' at com.jcraft.jsch.Session.connect(Session.java:499) at com.jcraft.jsch.Session.connect(Session.java:187) at lucee.runtime.net.ftp.SFTPClientImpl.connect(SFTPClientImpl.java:101) ... 41 more

Environment

Windows - IIS - Lucee 5.4.3.2

Activity

Show:

John Ceci 6 September 2023 at 19:10

Found a solution - started with this ticket https://luceeserver.atlassian.net/browse/LDEV-4621 which got us down the path to finding that the new underlying library disabled sha-rsa by default, to solve the problem, you need to edit the java args with these args:

-Djsch.server_host_key=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss

-Djsch.client_pubkey=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss

To do this browse to C:\lucee\tomcat\bin and use Luceew.exe
Once open click the java tab and under the java options add the above 2 lines
restart the service

Unresolved

Details

Assignee

Reporter

Priority

Labels

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Affects versions

Created 6 September 2023 at 17:11
Updated 26 July 2024 at 08:50

Flag notifications