Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-9919

RSA Private Key Authentication Fails for Azure Blob SFTP

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 1.14.0, 1.15.0, 1.16.0
    • 1.17.0, 1.16.1
    • Extensions
    • None

    Description

      Microsoft Azure Blob Storage supports access using SFTP with either password or private key authentication. SFTP support for Azure Blob Storage has a limited set of supported algorithms, including the following three algorithms for Public Key authentication:

      • ssh-rsa
      • ecdsa-sha2-nistp256
      • ecdsa-sha2-nistp384

      The documentation lists sshj 0.27.0 as supported, but changes in sshj 0.30.0 to support RSA SHA2 algorithms appear to have created problems with selection of the client key algorithm during the negotiation process. This issue persists in sshj 0.32.0, but appears to be resolved in the current development branch of sshj.

      As a result of this issue, SFTP processors are unable to authenticate to Azure Blob Storage SFTP and return the following error with a valid RSA Private Key:

      net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication methods
      

      It is possible to workaround the problem with RSA Private Keys using an ECDSA Private Key, which can be generated using the following command on compatible platforms:

      ssh-keygen -t ecdsa
      

      This issue may impact other SFTP servers that support RSA SHA2 host key algorithms, but do not support that algorithm for Public Key authentication.

      Attachments

        Issue Links

          Activity

            People

              exceptionfactory David Handermann
              exceptionfactory David Handermann
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: